03 July 2009

• Acajoom Component for Mambo/Joomla! Backdoor
• GForge SQL Injection and Cross-Site Scripting Vulnerabilities
• Softbiz Ads "image.php" SQL Injection
• XEmacs Multiple Integer Overflow Vulnerabilities
• Google Chrome HTTP Response Handling Remote Code Execution
• Apple iPhone and iPod touch Untrusted Certificate Exception Information Disclosure
• PHP "exif_read_data()" JPEG Image Processing Denial of Service
• Multiple F-PROT Products RAR/ARJ/LHA/LZH File Scan Evasion
• Citrix Secure Gateway Denial of Service
• IBM DB2 Universal Database Server "INSTALL_JAR" Arbitrary File Overwrite
• Sun Solaris Cassini Gigabit-Ethernet Device Driver Remote Denial of Service
• PCSC-Lite Local Insecure File Permissions

02 July 2009

• Campsite Multiple Remote Input Validation Vulnerabilities
• fuzzylime (cms) Multiple Local File Include and Arbitrary File Overwrite Vulnerabilities
• Shop-Script Pro "current_currency" Parameter SQL Injection
• Basic Analysis and Security Engine "readRoleCookie()" Authentication Bypass
• Mozilla Thudnerbird/Seamonkey Multipart Alternative Message Memory Corruption
• Apple iPhone and iPod touch "HTMLSelectElement" Denial of Service
• Apple iPhone and iPod touch Configuration Profile Handling Information Disclosure
• ClamAV CAB File Scan Evasion
• IBM AIX "rpc.ttdbserver" Remote Buffer Overflow
• IBM DB2 DAS Server Buffer Overflow
• Sun Solaris Ultra-SPARC T2 Crypto Provider Device Driver Local Denial of service
• Linux Kernel "/proc/iomem" Sparc64 Local Denial of Service

01 July 2009

• phpDatingClub "search.php" Cross-Site Scripting and SQL Injection Vulnerabilities
• Zen Cart "admin/sqlpatch.php" SQL Injection
• Kasseler CMS Arbitrary File Disclosure Vulnerability and Cross- Site Scripting
• Adobe Shockwave Player Unspecified Security
• strongSwan Crafted X.509 Certificate Multiple Remote Denial of Service Vulnerabilities
• Apple iPhone and iPod touch ICMP Echo Request Remote Denial of Service
• PHP Multiple Functions "safe_mode" Restriction Bypass
• Apple iPhone Call Approval Dialog Security Bypass
• OpenSSL "dtls1_retrieve_buffered_fragment()" DTLS Packet Denial of Service
• Mozilla Firefox "nsViewManager.cpp" Denial of Service
• Sun Solaris Event Port API Multiple Local Denial of Service Vulnerabilities
• DESlock+ "dlpcrypt.sys" Local Privilege Escalation

30 June 2009

• Movable Type Cross-Site Scripting and Security Bypass Vulnerabilities
• geccBBlite "postatoda" Parameter Multiple HTML Injection Vulnerabilities
• Joomla! and Mambo Tickets Component "id" Parameter SQL Injection
• DirectAdmin
• Nagios "statuswml.cgi" Remote Arbitrary Shell Command Injection
• LibTIFF "LZWDecodeCompat()" Remote Buffer Underflow
• Foxit Reader JPEG2000 Header Decoding Memory Corruption
• Apple iPhone and iPod touch Mail Client Information Disclosure Weakness
• IrfanView "TIFF" File Handling Remote Integer Overflow
• Apache Tomcat XML Parser Information Disclosure
• Multiple Browser Web Proxy Redirect Handling Man In The Middle
• NetBSD "proplib" Library XML Processing Null Pointer Exception Denial of Service
• Edraw PDF Viewer Component Active X Control Arbitrary File Overwrite

29 June 2009

• Zen Cart "record_company.php" Remote Code Execution
• CMS Buzz Multiple Security Vulnerabilities
• MyBB "birthdayprivacy" Parameter SQL Injection
• Apple Safari "parent/top" Cross-Domain Scripting
• Google Chrome SSL renegotiation Remote Denial of Service
• Apple iPhone and iPod touch Safari Search History Information Disclosure
• Foxit Reader JPEG2000 Negative Stream Offset Remote Memory Corruption
• Apple iPhone and iPod touch MPEG-4 Video Codec Denial of Service
• Citrix NetScaler Access Gateway Default Configuration Unauthorized Access
• Multiple Browsers Cached Certificate HTTP Site Spoofing
• Sun Solaris "IP(7P)" Multicast Reception Local Denial of Service
• NetBSD "pam_unix" Root Password Change Local Security Bypass Weakness
• Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass