Mandriva Linux Security Advisory 2009-048-1 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory. This update provides fix for that vulnerability. The previous update package was not built against the correct (latest) libxulrunner-1.9.0.6 library (fixes #48163)
8f10e474b35d037306a6f4098b2632f5760950215e3ed5ab286da21879ce1b2d
Mandriva Linux Security Advisory 2009-047-1 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Vim working directory. This update provides fix for that vulnerability. This update also provides updated packages for Mandriva Linux 2008.0.
b38f622d9ccbd3e8fe45e71819802256bd08748d4fc5df23ee370c5822ece7b1
QWERTY CMS suffers from a remote SQL injection vulnerability.
35408a70ab9a43cff23216a1557e4f89c5c2fc2fb90af53091b634023c1ca8f4
This user-land rootkit hijacks the libc accept() call via LD_PRELOAD and yields back a non-interactive shell on the remote host. The .so file is placed under the trusted library path. This has been written to specifically target sshd on Solaris, although other daemons (e.g. bind, sendmail, apached) can also be targeted. It has been tested on Solaris 10. Read the files inside for comments on further shell interaction.
7987443dddeca5ef652aa2a782472ce53514e94d8e6bc5c72c114202001251b2
XGuestBook version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0532bfa977c8a5f49e2bcd69ed28835dd3ed1cffba0ab695ad58a888a2576f5a
Magento version 1.2.0 suffers from multiple cross site scripting vulnerabilities.
2437f6782e27c4fe4c042e239451d8b56521dca911f052617ef89739401e3b4b
Counter Strike Source ManiAdminPlugin version 1.x remote buffer overflow proof of concept exploit.
bf6e50d59fff08ea7e9392732f913d5007678ebb718145ffebc636029bde7eff