Debian Linux Security Advisory 1985-1 - It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
079a17fa8d5d399fecb93c8957fd2d86
Ajax Manset Haber Sistemi version 3 suffers from a direct administrative access vulnerability.
5f49179310b65f6921b16db6e4388461
Snif (Simple And Nice Index File) version 1.5.2 suffers from an arbitrary file download vulnerability.
bca947ba18924e5989deb02a385a06c8
Tavanmand Portal version 1.1 suffers from a remote shell upload vulnerability.
17bb1a6a9ed5604cbfc4190173a1115a
The Wordpress Calendar plugin suffers from a remote SQL injection vulnerability.
632e5bf0f2f5c47acb839c0010416e15
EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as a post install item) and pen tests (recovering the EFI firmware password).
6030703961e116d32142225363680439
Last Wizardz suffers from a remote SQL injection vulnerability in content.php.
6da81e870ad3df6d4efd687d34b4ffea
Creative SplashWorks-SplashSite suffers from a remote blind SQL injection vulnerability in page.php.
ccb60b7e6484a62de0156d88409ffff0
This is a whitepaper on cross site scripting written in German.
3cb1ed1823303efb53b8c1eeae2b5780
Debian Linux Security Advisory 1983-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service.
6c3925f2818ab2c48c430789bc1e69cb
RaakCMS suffers from shell upload and directory traversal vulnerabilities.
6c56f82e89221030993326ef4cc010c1
TopWS suffers from multiple remote SQL injection vulnerabilities.
487398e176a75e19c82f540944d03c3c
Crownweb suffers from a remote SQL injection vulnerability.
ea9470652af7777250c0c7e5d15e8c3b
Debian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
a80f738930c7386a753dea29dd143d93
Maian Greetings version 2.1 suffers from a shell upload vulnerability.
67888c85026f25bd2a6e044d55f37218
The Joomla RSGallery2 component suffers from a remote SQL injection vulnerability.
48d9a99f88016555a412303a3ab51df8
The Joomla Simple FAQ component suffers from a remote blind SQL injection vulnerability.
1f299c1eb8eba1d2189468a1981830a6
ThinkAdmin suffers from a remote SQL injection vulnerability.
2842511acda108c3224310de8bb5e8bd
Debian Linux Security Advisory 1841-2 - A bug in git-core caused the security update in DSA 1841 to fail to build on a number of architectures Debian supports. This update corrects the bug and releases builds for all supported architectures.
12a9627559eb36cab0f41ca64eaf92ad
Maian Uploader version 4.0 suffers from a shell upload vulnerability.
a65d45736395b76a051136382401e2e4
eWebeditor suffers from administrative bypass, database disclosure, shell upload and directory traversal vulnerabilities.
4c3434a83490513f019855296b0bca7b
The Joomla JE Event Calendar component suffers from a remote SQL injection vulnerability.
e61766e8327d51e230927d79abb64d98
Vermillion FTP Daemon version 1.31 remote buffer overflow exploit that spawns calc.exe.
90b465a245d0905d727d648dd598ac5f
HAWHAW suffers from a remote SQL injection vulnerability.
4ed9835116fd7549716ab93c3d156385
The Xerox Workcenter version 4150 suffers from a buffer overflow vulnerability. Proof of concept code included.
8b3f9632dd239c0320f1965b896fccff