Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
a53ad035511e6a8a6b4b89e6eacf4485
Mandriva Linux Security Advisory 2009-085 - Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions may lead attackers to cause denial of service. Although vector attacks are not known yet. This update provides the fix for that security issue.
97bcce888733c2894255e8e21ece1e65
Gentoo Linux Security Advisory GLSA 200904-01 - Multiple vulnerabilities were discovered in Openfire, the worst of which may allow remote execution of arbitrary code. Versions less than 3.6.3 are affected.
4b8690a35234a71a9c1a345cf5106c45
The Src, Background, PackageXml properties in the Autodesk IDrop Active-X control, IDrop.ocx version 17.1.51.160, can be manipulated to trigger a heap use after free condition resulting in arbitrary remote code execution.
9f55a5b229984db40abe2aaef85d4fc6
Asterisk Project Security Advisory - The Asterisk maintainers have made it so that a scan for valid SIP usernames always returns with the same response.
be2252051a83bfcb8730414ae3a8ba49
Tessera 4CMS suffers from remote SQL injection and local file inclusion vulnerabilities.
db70c054b9a59b887d7f26311ff37ea8
TinyPHPForum version 3.61 suffers from a shell upload vulnerability.
e03b37e5da468363e69f14f9c7ca4972
The parsing engine in F-PROT can be bypassed by manipulating the ZIP method field. It is as easy as opening a ZIP file in an editor and typing a number greater than 15 on your keyboard. This is a four year old vulnerability that they still have not patched.
d68175ece8ff0131c60bf8dc097a1b8d
The parsing engine in IBM ISS Proventia can be bypassed by manipulating RAR archives in a certain way that the IBM engine cannot extract the content but the end user is able to.
499804ac3c33ecd28e2c60afdc56cbe9
The parsing engine in Clam AntiVirus versions below 0.95 can be bypassed by manipulating RAR archives in a certain way that ClamAV cannot extract the content but the end user is able to.
eabbfb24e93439c56164c36c85d9f1af
IBM DB2 versions 9.5 prior to Fix Pack 3a denial of service exploit. Requires DB2TEST database present and GUEST account with QQ password to work.
b63b08c8a8484eb3b97c6b3b5d63a3fc
IBM DB2 versions 9.5 prior to Fix Pack 3a pre-auth denial of service exploit.
55e4db3f6f1aa0d77321ccbed43756e6
ContentKeeper versions 125.09 and below suffer from remote command execution and privilege escalation vulnerabilities.
2179cc4777471f9744db2c64488f88d8
ConnX version 4.0.20080606 suffers from a remote SQL injection vulnerability.
3bf4adb9e3265ec9bb49961a8474ece3
Webunit Calendar version 1.2 suffers from a cross site scripting vulnerability in date.php.
2376391505de622fa85e3b768c8b39ae
Debian Security Advisory 1762-1 - It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross site scripting attacks.
7eb639c9e9f5bba54b7477206034beaf
SAP BusinessObjects Crystal Reports suffers from multiple cross site scripting vulnerabilities in viewreport.asp.
f391f8998c2e04fe3a91d544d4a595de
File Thingie version 2.5.4 suffers from an arbitrary shell upload vulnerability.
98a27b9e5a0844cf5bed5dc6ebf37582
Layered Defense Research Advisory - FortiClient version 3.0.614 suffers from a format string vulnerability.
ca788b063c2555da7d1d6a396e8171ab
Amaya version 11.1 suffers from a XHTML parser buffer overflow vulnerability.
8d8b43b485d01b4398704c9b1740be9c
OSCommerce suffers from a session fixation vulnerability.
bde4077f75740911242388ec74ddc819
Secunia Security Advisory - HP has issued an update for OpenSSL. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
c140894abdf6b14b09b85624e85c504b
Secunia Security Advisory - Some vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious people to conduct HTTP header injection and cross-site scripting attacks.
9a8c479ba2844b6436405d5ebcbd0473
Secunia Security Advisory - TaMBarUS has reported a vulnerability in Nokia Siemens Flexi ISN, which can be exploited by malicious people to bypass certain security restrictions.
562684f2f7d8bbb79ff292ea7663354a
Secunia Security Advisory - Some vulnerabilities have been reported in XOOPS Cube Legacy, which can be exploited by malicious people to conduct cross-site scripting attacks.
247928731ab2436ba380dead61b7ab43