Web File Browser version 0.4b14 suffers from a remote file download vulnerability.
70ad7f078363e5c3d9a6126ab6b88bd0
CaupoShop Pro versions 2.x and 3.70 and CaupoShop Classic version 3.01 suffer from a local file inclusion vulnerability.
3091916caa8f0651be5c549dc1cd50ad
Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.
d7de7d66784b296235b391ff4165a7ca
Calibre E-Book Reader local root exploit that uses the mount helper to mount a vfat filesystem over /etc and then tinkers with /etc/passwd to make the root password toor temporarily.
2788d09f0cb78cd65e4b0baa83886e47
Red Hat Security Advisory 2011-1424-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.
d964d3061cc863a68838a37920545d06
Mandriva Linux Security Advisory 2011-166 - A vulnerability has been identified and fixed in php. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version for 2011. The updated packages have been patched to correct this issue.
2f9fd1ed46b662fc92a212163565a853
DreamBox DM800 versions 1.5rc1 and below remote file disclosure exploit.
d1b0c5e9fe5693f3e0b65954d0c237ae
RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
2a2418d68259e0f139fd0f1771c32ec5
This is an advance notification of 4 security bulletins that Microsoft is intending to release on November 8th, 2011.
3234329ec12ac06ee635d1cee5b1336e
Mandriva Linux Security Advisory 2011-165 - Multiple vulnerabilities have been identified and fixed in php. Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by using the same variable for multiple arguments. The ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service via certain flags arguments, as demonstrated by GLOB_APPEND. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. Various other issues were also addressed.
55ee15c53b595d90d225039a16ca7ae3
Ilyas.info Design suffers from a cross site scripting vulnerability.
9e867b36c328f32edc65bdb9ac369476
HP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
b8fafe5b0cfd2480bdde62e8af7462f1
CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.
cfd95452b59fcdf120b0854192bb2fbb
A file-blocking feature introduced in EMC Documentum eRoom version 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.
207b004157bbf75e0fff7ac26c5f0a82
Serendipity version 1.5.5 with Karma Ranking Plugin version 1.1 suffers from multiple cross site scripting vulnerabilities.
d4afe5f4c44f630d9a5fdfb9df023d45
Serendipity version 1.5.5 suffers from a cross site scripting vulnerability in the serendipity[filter][bp.ALT] parameter.
32d8efcdae2358d7de5286cd29862672
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
0f1bbb8e086ea2aba41ff7f898fcf3bd
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
4d1417ae3a39e38ef9dcbdece3152eeb
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
89d06e2f5e4b027a1b90a31190702bf6
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
37097f2ff20a1ec2559743ce15642b6c
Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.
57edf89e5b8e62dead56ef52361565ab
Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.
6f64f484d81070fcd2a01dd26eec12d2
Secunia Security Advisory - A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to conduct script insertion attacks.
fde7b24b6c5febf9b3c03dc7a40307b1
Secunia Security Advisory - 80sec has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.
ca70fc270f8e2d80b8fa5f0849ed99f6
Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
f6d94d4ea737d2749dc65d27d0812bf1