Redcat Media suffers from a remote SQL injection vulnerability.
984967924818b023e541fa816345649b23bbecb49df6da3062b21c7b5a816850
ProFTPd version 1.3.0 mod_ctrls local stack overflow root exploit that binds a shell to port 19091.
ddbfe7d762887600b38f4dc106d97604c67613c6e9563372c4756a28d17514cf
Community Translate suffers from a remote file inclusion vulnerability.
eb9d8d5f7d4d5475c8d8aec5b0e9fb4b015f094541834165b3af87ba4060c8a0
Dazzle Blast suffers from a remote file inclusion vulnerability.
c0a9882a25b0baec5354b1a9aa09393eff40563e543d9a5acb3afdf2e57319a9
Femitter HTTP Server version 1.03 suffers from a remote source disclosure vulnerability.
a11dd700693b3a09f49debd22f4c8ed5802775ea8ca7c11a855906015e2c7af2
httpdx versions 1.4.4 and below suffer from a remote source disclosure vulnerability.
d534f4b30f574c562fa9ed0edea96cb9b7807bfdc9994df7539e31609e5b333f
Debian Linux Security Advisory 1906-1 - Security support for clamav, an anti-virus utility for Unix, has been discontinued for the stable distribution (lenny) and the oldstable distribution (etch). Clamav Upstream has stopped supporting the releases in etch and lenny. Also, it is not easily possible to receive signature updates for the virus scanner with our released versions anymore. We recommend that all clamav users consider switching to the version in debian-volatile, which receives regular updates and security support on a best effort basis.
0f4de8d25aeb1bb792fe27f5653a50c3ad4752748c0e10b20659914f8d142f55
Debian Linux Security Advisory 1905-1 - The forms library of python-django, a high-level Python web development framework, is using a badly chosen regular expression when validating email addresses and URLs. An attacker can use this to perform denial of service attacks (100% CPU consumption) due to bad backtracking via a specially crafted email address or URL which is validated by the django forms library.
bbc7b5ca1f7313a8b47ce7849ddb2298f98a13a5604da52b294e7f4240252f5c
Debian Linux Security Advisory 1895-2 - In DSA-1895-1, the xmltooling package was updated to address several security issues. It turns out that the change related to SAML metadata processing for key constraints caused problems when applied without the matching changes in the opensaml2 and shibboleth-sp2 packages.
42ee500630c391f0bd1b867544da7addd5eb4738ae51b388ebf2e124ab0a1a35
Simple Directory Listing version 2.1_beta1 suffers a cross site scripting vulnerability.
8d2ff015913796d7b4bab88f5c1731ca1a8663ba417a22927613b560dcb0e68d
Mandriva Linux Security Advisory 2009-272 - libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file. This update fixes these vulnerabilities.
ac59271992e5eb34115a5371afea04b609727df16b03ae54d054c02a8bba5596
Mandriva Linux Security Advisory 2009-271 - nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. This update fixes this vulnerability.
bbcbdb518b5d8b7808f0aee015897e1c7cc54a9c8ad5c2f6ca6a9bfcd720d8a0
Mandriva Linux Security Advisory 2009-270 - Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. This update fixes this vulnerability.
9a1daa316c35e1baddcf70f6ae01de04b3112d18f4ea1479405f2b3f7206ee1f
Mandriva Linux Security Advisory 2009-269 - The XML HMAC signature system in mono did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes this vulnerability.
98f6697d9cf09bb45bb080488af86cfc2efa174ebb20dbc53a7a8d92b104c124
Mandriva Linux Security Advisory 2009-268 - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes these vulnerabilities.
0e41155cc42ddb5a5c21302a350227e68f876395d4400da79f4e4a1a818f4720
Mandriva Linux Security Advisory 2009-267 - A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. This update fixes this vulnerability.
f7143c170e1b9f4aaddef63897e6ef985b74abe57270b1b7585b898c8eea1aea
Mandriva Linux Security Advisory 2009-266 - awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site this issue exists because of an incomplete fix for CVE-2008-3714. This update fixes this vulnerability.
d513d6585d954aa8f9ad1097ae4518509989e56a48d4b0ae1b39238d22ee7c07
Mandriva Linux Security Advisory 2009-265 - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. This update fixes this vulnerability.
36a689eb68f1cedd3c16715e45a27e48b89433e55d508e9574667141eb5eb607
Mandriva Linux Security Advisory 2009-264 - Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. The updated packages have been patched to prevent this.
0c3e84909471c50a9b07d973c3ae6e1b17aca9fdb881fc457449deeb49d0b232
Mandriva Linux Security Advisory 2009-263 - sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. This update fixes this vulnerability.
0e7fcc5716e7a760122da87edbaa4584cdcdb8c3ad9270b5f2bdd7aea7d00d15
Ubuntu Security Notice 847-2 - USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.
a0c0a418e5ffcdc58b1be1ff537ea8f50f3ede9d95754dd6f137056600238dad
CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.
1dc4058c8e774be29fddef6f172c726958c3daac8818e3613e4ed1638ebe3c6f
Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. This is the Mac OS X release.
625fa7db924a919cf300b2d4ba6b35f0d214ecb0b0ae13252000931abdba399b
Netifera is a new modular open source platform for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools. This is the Linux release.
c3bf25aa379004ac4de34162364225035d128014e6380d69605b08755d0c81e5
EZsneezyCal CMS version 95.1 through 95.2 remote file inclusion exploit.
d98f0d4acacdad8e37e4efd16be28050426b9c03e042ce8557ccd544deadfc9a