Ubuntu Security Notice 627-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
cb404dc54429d950c1d1d7ecc6e18257623b69fed004179d6405f75cc94eea70
Claroline eLearning and eWorking Platform version 1.8.10 suffers from cross site scripting vulnerabilities.
8a6fd8d055c7b39b99b5e06c88f885a8a11ce9a0d9b35e02b9bac37f97aaf94d
Debian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues:
1ec400aa47c3df11688f737aeb1905ab1846b62ee1039d4e1efa0f452cf223c9
Mandriva Linux Security Advisory - A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code. The updated packages have been patched to correct this issue.
d77255632167d8e079334e1ac6dc2207c1e4054933ef0bd049ea348c40534caf
Secunia Security Advisory - Some vulnerabilities have been reported in Zoph, which can be exploited by malicious people to conduct SQL injection attacks.
47dd4f357d1a9f6d46fe1a92e294c1d727de6b19f8021f2ff99112bb41fd0331
Secunia Security Advisory - Red Hat has issued an update for acroread. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
e71a26a177bb392608dda0cb7bd35aced95debaa223795b1128b8eb998aad8aa
Secunia Security Advisory - A vulnerability has been reported in phpScheduleIt, which can be exploited by malicious people to bypass certain security restrictions.
73e607ceb74e96aa1e8d56904b9bf7d30eb283a3f7987b85ad474177efb3d0fc
Secunia Security Advisory - Mr.SQL has reported a vulnerability in MojoAuto, which can be exploited by malicious people to conduct SQL injection attacks.
135bfe759d7f6eaab1ec7d9352517a36cbe0bf382e394a7e574a1e7a29589b1d
Secunia Security Advisory - rPath has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
e5e84cdef553d6b451118bbd300ff981c2ee00a0183b22b084f613093e9ee6c7
Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in Def-Blog, which can be exploited by malicious people to conduct SQL injection attacks.
7a71b8cc90fc80b71bb5d26f1cc98b654fed550dfc30e9a7281846e6a25c66e5
Secunia Security Advisory - Khashayar Fereidani has discovered some vulnerabilities in EasyE-Cards, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
3a4d2790842f518a896eedbeee0168dd6635220395de33c3d84a25e62da4f572
GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
9a9b4b2231879cfe08831865d54b6c2c0b4dd0b7b48dff234e7966295d71c73a
ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
b916e1e9b1aa5e336281e12310107a6a4b78a6bde277739bf28b965060f2df78
ShopCartDx version 4.30 suffers from a remote SQL injection vulnerability.
ce0f42243468c7e69336f7301ab5eb0135d96feb69b949855b5dc2ee8fd2f4ed
YouTube Blog version 0.1 suffers from remote file inclusion, SQL injection, and cross site scripting vulnerabilities.
a50e2f091599c999be8c97a2747599e63ccf5a3b8efd6f918620e97a81dcb80d
IntelliTamper version 2.0.7 html parser remote buffer overflow exploit.
ee4d8782a990f920991b6dd6b69efd2bb04c56e1b8a33d5b8fc628cb5e1c246e
Apache mod_jk version 1.2.19 remote buffer overflow exploit for win32.
52e6834ca38fee98b4404e27c3dfaee4c68b36555f1efbb823cce0f071cf1ab8