Nucleus Core v3.23 suffers from a remote file inclusion vulnerability in media.php.
6bb55849806ce5461c68f302f55093a036cc1fbe49d31b88585327ce28d72383
PunBB 1.2.13 suffers from multiple vulnerabilities including SQL injection and local file inclusion.
3652bafc09639322f478bdfbf3bca457d4dc43681175ce33bc857b2fff56d736
OpenPKG Security Advisory OpenPKG-SA-2006.027: According to a vendor release announcement [0], security issues exist in the personal publishing platform WordPress [1]. The "wp-db-backup" plugin accepts filenames which could be used to access security sensitive files.
786e8c5107fa0271085c49cebac3c5b1b20b0e7d0c2c919671a5d378f98e6762
Debian Security Advisory 1200-1: An integer overflow has been found in the pixmap handling routines in the Qt GUI libraries. This could allow an attacker to cause a denial of service and possibly execute arbitrary code by providing a specially crafted image file and inducing the victim to view it in an application based on Qt.
164139ba980ab9d32154bee061c5bef7b490dd17b4a4973d1c31ba91ed30a90b
Gentoo Linux Security Advisory GLSA 200610-15 - Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances. Versions less than 1.2.13 are affected.
7da97c63b8d70d60c0b51785511e6d3d1a6ceb5bc517f75ec86487e728c91a87
Gentoo Linux Security Advisory GLSA 200610-14 - A flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow. Versions less than 5.1.6-r6 are affected.
24fd15d792177179ef4dbacc3bf7f43884ae94a89b5aefdbfb4aa7af666fa023
Mandriva Linux Security Advisory MDKSA-2006-192: The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption.
e82ad3dc1bfceb29448f2800b116b0e14eb98d470f43c94368a5d815b98b2f78
Mandriva Linux Security Advisory MDKSA-2006-191: Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
d9601175fd520e0d58f72362561eb51eadeff521b0833f5f4af28a2a6df6d857
Mandriva Linux Security Advisory MDKSA-2006-191: Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
d9601175fd520e0d58f72362561eb51eadeff521b0833f5f4af28a2a6df6d857
Mandriva Linux Security Advisory MDKSA-2006-190: A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
121d6641bede0bca7cda032405675ffdeae7cec29b44ebadbddb2b06c79978bf
Mandriva Linux Security Advisory MDKSA-2006-190: A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
121d6641bede0bca7cda032405675ffdeae7cec29b44ebadbddb2b06c79978bf
Mandriva Linux Security Advisory MDKSA-2006-189: Yannick Van Osselaer discovered a stack overflow in Xsupplicant, which could potentially be exploited by a remote, authenticated user to gain root privileges. Additional code cleanups to fix potential memory leaks are also included.
4465bacfe277c499446ae643a2852e1099d8b820c1f8ae82cceacf2ade868b37
Mandriva Linux Security Advisory MDKSA-2006-189: Yannick Van Osselaer discovered a stack overflow in Xsupplicant, which could potentially be exploited by a remote, authenticated user to gain root priviledges. Additional code cleanups to fix potential memory leaks are also included.
4465bacfe277c499446ae643a2852e1099d8b820c1f8ae82cceacf2ade868b37
Mandriva Linux Security Advisory MDKSA-2006-188: Sebastian Krahmer of the SUSE security team found that the System.CodeDom.Compiler classes in mono used temporary files in an insecure way that could allow a symbolic link attack to overwrite arbitrary files with the privileges of the user running a program that made use of those classes.
75362f04ffe58ba78e72e8a1410dc65a7b572c94db473d529f5e4e9357aecfdf
Mandriva Linux Security Advisory MDKSA-2006-188: Sebastian Krahmer of the SUSE security team found that the System.CodeDom.Compiler classes in mono used temporary files in an insecure way that could allow a symbolic link attack to overwrite arbitrary files with the privileges of the user running a program that made use of those classes.
75362f04ffe58ba78e72e8a1410dc65a7b572c94db473d529f5e4e9357aecfdf
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
516952772aaa8982628460b927c9119850925f870903c5a131a9c9f0390cf77f
Asterisk Open Source PBX versions prior to 1.2.13 are vulnerable to local and remote denial of service attacks via a sequence of malformed packets.
2b0be2f77b87a8b5e9ce286060248fb1dbf05ea28f09a44a6813660999d9e6f6
GestArt vbeta 1 and prior suffer from a remote file inclusion vulnerability in /gestArt/aide.php.
d5c5b20e02b057928a8151002d3b6ef3b90265dc9cddd6a3645261773fc6b16b
Axalto Protiva 1.1 stores sensitive information in plaintext world readable files.
1d4fa0c1a0c77d3b016d87d417bbd2af7698989d80d70df0be6ad79cf4af5901
The Joomla extended_registration mod suffers from a remote file inclusion vulnerability.
b5ec95b388d9d4c34f6cc34562cd6884f254b932b29fa0a2f9a145158f4caa30
Any router running DD-WRT only checks the first 8 characters of a users password. The DD-WRT firmware is used in many Linksys routers.
b39b63064f539d2fcf3558b21e0539ef9ca1fef50960fc82361ed466a56069ec
TorrentFlux 2.1 doesn't properly sanitize user input passed via the "dir" GET variable thus allowing anyone to get a list of files anywhere on the system.
82396ecba330189442653cc67928c3cf56d83a210ab195d99c98ba811df0d958
phpFaber CMS versions 1.3.36 and below suffer from a cross site scripting flaw.
8dfc27e31874e0a98831d402239fae1cd3c852329ebd7026b7c3ecef108dfe6b
UNISOR CMS suffers from a SQL injection vulnerability that can be used to gain administrative privileges.
d3ff9edcd325258939ef9797a17e7a279dec7fb8d7087eca520a632d4146be6c
Parallels Desktop for Mac - Build 1940 creates files with insecure permissions.
e4c883be914c2e585934e5e834b9e62c1863e95b15be5a3217e5c05a2f5a9f93