PunBB Reputation.php module versions 2.0.4 and below local file inclusion exploit.
9b905651956bf3ef8fc6ad8e52464b6673ee71ec5b6dac79ea9a8d252ba8b44c
Mandriva Linux Security Advisory 2009-177 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.
0fd98c4ebc36f2cd2987b88dc0bb1f02ad698ffd6f931d8903d8e2f37cd345ee
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
cb4f88ad30d6ba4c015734f3058a6e35151cff586f7708691d52d289ee78d183
Article Publisher PRO version 2.0.3 suffers from a remote SQL injection vulnerability.
815180c8a428ae010fa0450f09a2482a2af50bef931bb1b6e5c889fa36322514
Mandriva Linux Security Advisory 2009-176 - git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. This update provides fixes for this vulnerability.
8e6d8e09960d48b01040ac3367fd7b20b5a9b2dfe8356f578a79e6c45a70a746
Mandriva Linux Security Advisory 2009-175 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue.
4e780c1e782e5ecde92c1ce83219f27bf2da9d87929572324bedf3d1cad1b37e
Mandriva Linux Security Advisory 2009-174 - Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. This update provides fixes for this vulnerability.
8a5c2997c6caac6c46e1dac877a304bdafdc0dd8e5243223b58c435f4e7ca6c5
Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.
2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46
Debian Security Advisory 1847-1 - It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed.
d960652c458b82724cffc42f08caf5a2da1661b518fb338a1238b9264835e4e6
x10 MP3 Search Engine version 1.6.5 suffers from cross site scripting vulnerabilities.
f654977c679f709863c2ac41fd12b1dc09fd6c077a4613372617ab3c5cf764a1
The x10 Media Adult Script version 1.7 suffers from SQL injection and cross site scripting vulnerabilities.
9c48f4cc74ae078a038f56cebff526ab7a10bf2c99f49b972d38c86192e444e9
WebStatCaffe suffers from multiple cross site scripting vulnerabilities.
f44f98ec6b3a7e202f9185ecad7f850025cc3ceb29371a91f1e29c32318ad522
The Survey Pro module for Miniweb version 2.0 suffers from remote blind SQL injection and cross site scripting vulnerabilities.
febd0ea389547f9f801ee64b1c70eb81a02d71df4a151fa25b92b5c1e433308c
The Publisher module for Miniweb version 2.0 suffers from remote blind SQL injection and cross site scripting vulnerabilities.
8461f817f9b8ff904042ee9e060041b928def3477fcb1b54b909bc5479c14224
The Social Networking module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
98baef41f7eefeace1dd3db5e69f88490b30dddecfad2f974d5419b204e09759
The Site Builder module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
3eabfab165927d4ce31d11aa7d31b010056c5584798f21d4c40820af6fb9dd00
The Publisher module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
aa40acfe59598d4d614bf0168080795b937d25adea6cbef8e1a41e95c98c20a0
The Online Store module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
5ff32473453186a403d91f2041cb86e4c291fcdd9e2ad87f60c2da61be5095c7
The My Amazon module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
385371ec31263351a6cc1e14579a30e4ab296777a528a74c5e1a4a59903b56da
The Media Album module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
8d2dda377cc164458829432c5df50722bf6d011b8be9cf645e715a3b0aed7a2b
The Job Board module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
922fc217ada3bca727a498785fe7aef1c6de9725dc80945a3345799cd7ee44c1
The Forum module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
29e6b8a0a16d2e7031dcfdf10c18fdbf7d4ab991e313f75471ff5e5f753b709d
Ubuntu Security Notice USN-808-1 - Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service.
321adf8642de15d5ade0593a9fc17f483a670db20ed3b6b6722571deb78f5934
Debian Security Advisory 1846-1 - Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call.
b94adbef572be3d44e0873584f7f7586c9c04d22eb8bc147d2906e2ff0190454
The FAQ Manager module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
c67161a57e4dcd8e1bffe24875c6cf44dc5bee095970b1f2b0875173e00c42a1