Black Wolf Technologies

Multiple vulnerabilies have been found in the Singapore Image Gallery Web Application version 0.9.10 including arbitrary file download, directory deletion, and cross site scripting flaws.  Homepage: http://www.security.org.sg/vuln/singapore0910.html. Authored By Tan Chew Keong

Multiple IBM products have been diagnosed with a denial of service vulnerability caused by malformed SSL records. This is unrelated to the OpenSSL handshake vulnerability found last year. Affected products: Access Manager for e-business 3.9, Access Manager for e-business 4.1, Access Manager for e-business 5.1, Access Manager for Business Integration 5.1, IBM Tivoli Directory Server 4.1, IBM Tivoli Directory Server 5.1, IBM HTTP Server 1.3.12.x, IBM HTTP Server 1.3.19.x, IBM HTTP Server 1.3.26.x, IBM HTTP Server 1.3.28.x, IBM HTTP Server 2.0.42.x, IBM HTTP Server 2.0.47.x, Websphere MQ V5.3.  Homepage: http://www-1.ibm.com/support/docview.wss?uid=swg21170854&rs=260.

A vulnerability has been found in PowerArchiver version 9.64.02. When exploited, the vulnerability allows execution of arbitrary code when the user opens a malicious ISO file.  Homepage: http://vuln.sg/. Authored By Tan Chew Keong

ESTsoft ALPass version 2.7 suffers from an arbitrary code execution vulnerability when importing a specially crafted DB file.  Homepage: http://vuln.sg/. Authored By Tan Chew Keong

Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes.  Homepage: http://vuln.sg/. Authored By Tan Chew Keong

HP Security Bulletin - A potential security vulnerability has been identified with the HP OpenView Business Process Insight family of products running Shared Trace Service on Windows. The vulnerability could be remotely exploited to execute arbitrary code. The HP OpenView Business Process Insight family of products includes HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI).  Homepage: http://www.hp.com.

Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve arbitrary files accessible to the web server process and to execute arbitrary code with privileges of the IIS IUSR_MACHINE account.  Homepage: http://vuln.sg/cruiseworks109d-en.html. Authored By TAN Chew Keong

This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. E-Business Suite 11 and 12 are affected. Related CVE Number: CVE-2007-5766.  Homepage: http://www.zerodayinitiative.com/. Authored By Joxean Koret

The Visual Basic Design Time Environment library (VBE.DLL and VBE6.DLL), used by the Microsoft Office series and other Microsoft applications, contains an exploitable heap overflow vulnerability. If a malicious Office file such as .doc, .xls, etc. is opened, there is the ability for an attacker to execute arbitrary code. This buffer overflow bug also affects Internet Explorer, because some Office files are executed automatically by a helper-application when these files are received. Systems Affected: Microsoft Access 97/2000/2002, Excel 97/2000/2002, PowerPoint 97/2000/2002, Project 2000/2002, Publisher 2002, Visio 2000/2002, Word 97/98(J)/2000/2002, Works Suite 2001/2002/2003, Business Solutions Great Plains 7.5, Business Solutions Dynamics 6.0/7.0, Business Solutions eEnterprise 6.0/7.0, Business Solutions Solomon 4.5/5.0/5.5.  Homepage: http://www.eEye.com. Authored By Yuji Ukai

TorrentFlux version 2.2 suffers from arbitrary file creation/deletion/overwrite as well as a command execution vulnerability. Authored By r0ut3r