Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8f
Ksplice is practical technology for updating the Linux kernel without rebooting. It enables you to avoid the disruptive process of rebooting for kernel security updates and bugfixes. By making it easy to keep your systems up to date, Ksplice helps you avoid the security and stability risks of running out-of-date software.
6f671a0853bee3d0f898ea083d17154e5177ad04b1c9a40a619535004ac4ad63
Whitepaper entitled Using Parent Domain Traversal In Drive By Attacks.
d4d787c3d1f2cecfefafa05d2971a62b461e882fb8960cf9235ced39cfdd1187
ZEEMATRI version 3.0 suffers from a remote SQL injection vulnerability in bannerclick.php.
178f6d7dbcc30d0877d51f7158df43778391aef8f365b6b68db61b1e6d78994f
Zeeways Shaadi Clone version 2.0 suffers from a direct access authentication bypass vulnerability.
614ffd97d1f4420ae85fa94cab3eaa2e26446c69f078b59d3c3addf40a33db3f
Zeeway PHOTOVIDEOTUBE version 1.1 suffers from a direct access authentication bypass vulnerability.
15e168fe7b2c5a57ea44f91369b2043aa1c30da08dc125f70ec6cb023edbba58
MoinMoin version 1.5.9 suffers from denial of service and path disclosure vulnerabilities.
69551d639e909c8105507593eda4f7945172f4e91bf44a580a6c4db9f7308eaf
DigiAffiliate versions 1.4 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
3500ec3c41a225300a3ebf63d448c9462d0e4a5b8cdd9401096a5d599daee6bb
Cyberfolio versions 7.12.2 and below suffer from a local file inclusion vulnerability in css.php.
1b18ff55b4dad1008c829b688f60694f02c1c14bf5895628c05840647ce844c0
Enthusiast version 3.1.4 suffers from a remote code execution vulnerability.
348e9e6a52277a58feca1ac07f0794a550b7596b64279ec1bd0f72cacdad7d42
Metrica Service Assurance suffers from multiple cross site scripting vulnerabilities.
efb76074db6deb06f9b1d9ffd0b5981c9af7ef7fc6bc3af21f420e06067ac80f
Remote blind SQL injection exploit for the n-form Mambo component.
36123b9120432bc219cdc7ac599b38ea0276c4d9a511e87a1cc31c3ac5377157
ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the 'clamd' process by sending an email with a prepared attachment. Versions below 0.94.1 are affected.
6cc70ca47bd8e70a162e0b466166e4ae4e11b76c25c6b31b93bb29214c73de19
This Metasploit module is a credential leak sniffer for the GE Proficy Real Time Information Portal.
9788f2d35640353df39ddbc0a6e32a572a688684a9eee64d17eb6deecfd827e3
V3 Chat Profiles / Dating Script version 3.0.2 suffers from an insecure cookie handling vulnerability.
083ce5cbfc66af1765fad42e050c02a673559fcb0fe21f8b7fe6b29ab3172d05
Swish-e suffers from a cross site scripting vulnerability.
32c0c8336502d1198e951bae46476b17a3d80992062f0907edefd211475d531c
SatCom CMS suffers from a cross site scripting vulnerability.
92cc1fddeae81cd07e57885a33912fcfaf5569149e4332d58b88dd0e32f8ebd0
Ez CMS suffers from a cross site scripting vulnerability.
be3747e852c5239e532ee42f8b7b16eb758126a3729c31560c90acd3b92f03ba
Review Script suffers from a cross site scripting vulnerability.
9105373e4d44f044880bf5963ddcb28f4014c965ce451ee6811a69ea4631f902
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
d6e1a9cfd1f0a0acb9cc65e58bc24a6acdcb7bd149a4ff9cdf2f2f0b8d54f1d8
Secunia Security Advisory - Nine:Situations:Group::strawdog has discovered some vulnerabilities in hMailServer PHPWebAdmin, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system.
fb60589b5bee0df364527efe1bcd5a87d3c2f5ceb483d80df21906268f746cc6
Secunia Security Advisory - SUSE has issued an update for yelp. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
f08e39c838a244d61d7f8eb5a88772062dc88ed47b3fe781a766fb15de832eaf
V3 Chat Live Support version 3.0.4 suffers from an insecure cookie handling vulnerability.
c261e9035309495ce49192c6af6bdad1dafc7d71ef9450bd5f0f0a8299c0f2c5
Mole Group Airline Ticket Script suffers from a SQL injection vulnerability that allows for authentication bypass.
1b77f32df3f7b5b2696c0cdd4a8ac990b57c065003d21d00e35b83d14b17fc1d
ExoPHPDesk version 1.2 Final suffers from a SQL injection vulnerability that allows for authentication bypass.
b5bea9d01c53684ba3d4180c8ffc9f4591ce9a7474ccf045ab1057ce11db37c4