Red Hat Security Advisory 2011-1378-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.
3dce6fe4950d383fb5e277970c2589c8bba4428442b17bb8c8c6f042b025a953
Red Hat Security Advisory 2011-1377-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.
62d71099a12234ad587d5b84f596dd84d4431bbca94d0f79ad05d05c1fe2b9f0
Mandriva Linux Security Advisory 2011-155 - SystemTap 1.4 and earlier, when unprivileged mode is enabled, allows local users to cause a denial of service via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. SystemTap 1.4, when unprivileged mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding. The updated packages have been patched to correct these issues.
80054053ed9969577a37013c9fcadfd16d38cc9f72acdfa8f210d01aa5e47396
Asterisk Project Security Advisory - The SIP channel driver allows a remote authenticated user that ability to cause a crash with a malformed request due to an uninitialized variable.
b509eac1a7bd80f502154119179b97cc5f8a658de84afa82695934841ff6a9f2
SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.
71b7091784b0e766fa93438f71e44dfd4531729520e52c51315fc46a5cd26b60
Mandriva Linux Security Advisory 2011-154 - SystemTap 1.4 and earlier, when unprivileged mode is enabled, allows local users to cause a denial of service via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. The updated packages have been patched to correct this issue.
ddd707c9cdceac8c281bb0bfa5187242bbf66d1261d12e3532d40a3eb63b14c6
Mandriva Linux Security Advisory 2011-153 - The LZW decompressor in the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2896. The updated packages have been patched to correct this issue.
74b02a4d1cc9f234803f357f47342c8c7e438ae30758ff5024405fab894f950a
Mandriva Linux Security Advisory 2011-152 - An integer underflow leading to array index error was found in the way gzip used to decompress files / archives, compressed with the Lempel-Ziv-Welch compression algorithm. A remote attacker could provide a specially-crafted LZW compressed gzip archive, which once decompressed by a local, unsuspecting user would lead to gzip crash, or, potentially to arbitrary code execution with the privileges of the user running gzip. The updated packages have been upgraded to the 4.2.4.4 version which is not vulnerable to this issue.
e53828c95c8dd6c339d93d29f1dc8ec20f358bd17aee33d0d87c3ab4ec8d6236
DAEMON Tools IOCTL suffers from a denial of service vulnerability.
3656f4f0fd08182ef82d4fbaef525c86eececf16dd72199c074c4dfc7b5f6bfb
Tap In Solutions suffers from a remote blind SQL injection vulnerability.
995cbf573228570625a2c32a2a15874c97fc116822256ce63a74c4f0f34843b3
iSchoolSite suffers from a remote SQL injection vulnerability.
3bb4573c38c18f4182a4f42fbe981360a4539c97e45c9e64d63cb6db79c46312
Climeweb suffers from a remote SQL injection vulnerability.
7c1d7f5694c17aae6e22a12e8036ed5dfe6499f138eb0928270c7792e73ab572
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
3a8cece5b7e6b15410f6b8f96ff5591b2c5a72f290ee8a28fefda44cb5ae7aba
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.
7c9d830274420e19564984899e0366cab20392b76e994a6b0e384e9de02b5a0a
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.
813e7b6681dffdbb170749ba71603be94be65c52baeeeffe39b6f94697d09ec4
Gnuboard versions 4.33.02 and below suffer from a remote SQL injection vulnerability in tp.php.
95a4c8c9f9e28f3db5ddb919a8e9f6a2d90986205c018ce57567a87e28212b79
The Dominant Creature BBG/RPG browser game suffers from a cross site scripting vulnerability.
7d877e69ad0910b2150ebb5b0e6e0e42c107770003b770a64e31c33e653aa852
Mandriva Linux Security Advisory 2011-151 - Multiple vulnerabilities has been discovered and corrected in libpng. The png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. Buffer overflow in libpng, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Various other issues were also addressed.
acad0dfc8bb292aee7ddbc1a0ce9f17fb2448351051f964814c33efc660c99c8
This is a whitepaper called Security Issues in Android Custom ROMs. This paper keeps a special focus on custom ROMs by checking for security misconfigurations that can lead to device compromise.
148ace3cc6281b063c2d9749eb5299c07d5dcef0fc282520771e9cf01ffe759c
WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.
e8922fa4c7addf7e093d643ed4e3247a3aeeba16d61549f286d287b09cde8758
Jynx Kit is a LD_PRELOAD userland rootkit. Fully undetectable from chkrootkit and rootkithunter. Includes magic packet SSL reverse back connect shell. Solid building block for further LD_PRELOAD rootkits.
bbeb032e2f9929a6af65472aee0188c9962b2569eed6ca4c4d073142f10ab850
The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability.
b6ee5497426ebce31868121289c9ae738ae0ad5026abab52cd9dbc4650ad8848
Toshiba e-Studio devices suffer from an authentication bypass vulnerability.
8d34ec59051a89a05afdeee8fa150523f3ddb25662352023a4f80265d709bec7
Various Skype VoIP vulnerabilities have been discovered and disclosed at HITB Malaysia 2011.
28843c51a5a6523679d7dc27f0046000516ef15ebc03cbe34e58d2db1ea5975d
Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
a70e4675d43ff217a15c5bd0fc1cb4a7f7389f9a4f764dc36f60527a83d3e971