Gentoo Linux Security Advisory GLSA 200508-13 - Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags. Versions less than 1.4.0 are affected.
b392e04daac6a3131a159750ecf6640f104e46dc1e949490958e28588b03b917
Debian Security Advisory DSA 783-1 Eric Romang discovered a temporary file vulnerability in a script accompanied with MySQL, a popular database, that allows an attacker to execute arbitrary SQL commands when the server is installed or updated.
0bdaf61278be5abca20b301dac437ae4001a24bd0b9e600a1bd8632d16a251e8
Exploit for the Ventrilo 2.3.0 malformed status packet vulnerability.
ad0ab9cf0589c79a21541d14896eedcac439df6ebd2f779645049f293aea60c1
It is possible to crash Ventrilo 2.3.0 by sending a malformed status packet.
6cb018997e473aaa91fd732430eed0e401f4cd1feee78f164f7540daf14e6263
This Metasploit module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simple delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10.
3865e92d6319da6652ab4c7ed8c01bd18db40efa2f58d0e789c6a8a79b4fb63d
Secunia Security Advisory - Phuket has discovered some vulnerabilities in PHPKit, which can be exploited by malicious people to conduct SQL injection attacks.
d82f266f336a74620fb5e0beb194c3a5184abbbc6196aca3831ddab467dc340b
Secunia Security Advisory - Ubuntu has issued an update for libpcre3. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
ff26acd3f887f68ec0a47bcc150cfaf7e28cf56ecefd9c186d683ce6fe3af904
Secunia Security Advisory - Red Hat has issued an update for elm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
3e08750339bfda75bf38c6c8de95a2442dfb29828bcaf345f66061158c428530
A buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library.
90dedc2182e9f13fe60b58ffaaf6d0166a5497e077ce7855d8e3d7e2c6b8fd3b
Gentoo Linux Security Advisory GLSA 200508-12 - Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers (CVE-2005-2549). He also discovered that Evolution fails to handle special calendar entries if the user switches to the Calendars tab (CVE-2005-2550). Versions less than 2.2.3-r3 are affected.
c3c0a5ca715423ba57ad0ed3bb8e8b0cddf7444a0020c4349015ede584102d19
Javier Fernandez-Sanguino Pena noticed that the pwmconfig script created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges since pwmconfig is usually executed by root.
376f85a08e46d04bd581a85bbc2d275ce2e2f13f3f55865875c59d8ef2fb241f
ZipTorrent stores proxy server information and password in X:\\[Program_Files_Path]\[ZipTorrent_Path]\pref.txt in plain text. A local user can read passwords and others.
f17cbabb6214be4b1a15c231b17cecd4ba1bdd923fb0449fab9505b53fb8a0da
Mercora IMRadio 4.0.0.0 stores username and passwords in the Windows Registry in plain text. A local user can read the values.
baac3f4238dc50049d9fc04fadf14b5bfe96c656f5abe232e2c22c30f47da2d1
A dictionary based Oracle password checker. This is a useful and fast (150.000 pw/sec) tool for DBAs to identify Oracle accounts with weak or default passwords.
347557ee38aed91ccdfda881256b418152b5fc74c3ede2186cf61ff83fe5f29c
Logcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
170d528a300aa2f1792277680a460ba822c427433349e63d2a245318f6e0bfa1
Wepdecrypt is a wireless LAN tool based on wepattack that guesses WEP keys using an active dictionary attack, a key generator, a distributed network attack, and some other methods.
29ae072985616a0141a07e767e667cd33c917605338d37824de96c765a692333
AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
50c01c400c85b72038d9386969b13645f68d8f9087df927ba4adbdb86d82a839
Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
7242e1e7df113be5894e705e07bd061b8bd640c267fdc13d2147a8e5b3cf8f22
Debian Security Advisory DSA 782-1 - Due to missing input sanitization in the bluez-utils package, it is possible for an attacker to execute arbitrary commands supplied as the device name from the remote device.
fb543879e70119f5254b5ca8165f6a8b1c313acc9fee8d0bba01a49d6da69e9c
dsidentity on Apple OS X 10.4 allows any user on the system to add accounts to Directory Services.
9a589fe2fcf5a4e2c8797a0b1bd8fe9ec95ad4366d0ccffadf8656195041becd
During a recent internal audit, CA discovered several vulnerability issues in the CA Message Queuing (CAM / CAFT) software. CA has made patches available for all affected users. These vulnerabilities affect all versions of the CA Message Queuing software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the platforms specified below.
d5bbb6c6ef69369d57bffbc7b601ba4afb4ce1009bb13cdc9ffd06f706f43207
PHPKit 1.6.1 suffers from various SQL and PHP injection attacks.
786d6d2133def57a80ff158ea2edd319f472a79c2e721d1c855fc00f6de96736
Cisco Security Advisory: Cisco Intrusion Prevention Systems (IPS) are a family of network security devices that provide network based threat prevention services. A user with OPERATOR or VIEWER access privileges may be able to exploit a vulnerability in the command line processing (CLI) logic to gain full administrative control of the IPS device. Vulnerable Products: Cisco Intrusion Prevention System version 5.0(1) and 5.0(2).
4c94afaddf19c9eb20203fe958a6da48230347365872adb7c394201d86b31f03
Cisco Security Advisory: A malicious attacker may be able to spoof a Cisco Intrusion Detection Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a vulnerability in the SSL certificate checking functionality in IDSMC and Secmon. Vulnerable Products: IDSMC version 2.0 and version 2.1. CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) version 1.1 through version 2.0 and version 2.1.
a5385d17f8941372698a734b6a53fcd1a3048bb8c2bcf8f5600a8287611824d4
PostNuke 0.760 suffers from cross site scripting and SQL injection vulnerabilities.
db0ff0cb54efaab2f793cc7e9f64870bb6ca7bb1eabc75f10fe944a4c07d26be