SUSE Security Announcement - Multiple vulnerabilities were resolved in the CUPS system. These range from various integer and buffer overflows.
93909dc15080e00a19c372dbcf5e50d9d1de6d8a3def0b16ef4afb39f2ddbc3d
FreeBSD Security Advisory - Some data structures used by the database interface code are not properly initialized when allocated. Programs using the db(3) interface to create Berkeley database files may "leak" sensitive information into database files. If those files can be read by other users, this may result in the disclosure of sensitive information such as login credentials.
f19636fcc9f3672265dbfa020957a9cea9463d7bdf766613e2c355245a911789
FreeBSD Security Advisory - The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of OpenSSL accessing invalid memory locations. This could be used by an attacker to crash a remote application.
0af558312bdb0b2a378db3fb4f4e5a435365f4ea7532b84431ff7fb7a55aec6e
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
facfe914f0de39c5a38ffe08fd1294e7b88ddeab5eeeaa9496833b49f71fa5b8
The Joomla RSMonials component suffers cross site scripting and remote file upload vulnerabilities.
4fc014b32cc57f62ef9f6b33a42e8e0cda3de3b140b326ce033b9025cccb2b39
WebPortal CMS version 0.8 beta suffers from multiple local and remote file inclusion vulnerabilities.
c9eb52a201c1fe9cc406ebf75cc4cdd7b192a67b78543520c4c04bdf5685b67c
Sun Java VM versions 6 update 1 and 6 update 2 are susceptible to a remote code execution vulnerability.
cc9f245448e9d2a35b3c826e7f61f75d2e36861758f1b13f2c26789140c20c84
Dokeos LMS versions 1.8.5 and below remote code execution exploit.
584e9c9177950ed4da6042062cf94c76c7970a655f991c438239afb234bb2919
Counter Strike Source Mani Admin Plugin version 2 remote crash exploit.
9cab4dec592234e2112c9ed34f856522f4828c2e7fadd59aa3e3625ad4726096
DirectAdmin versions below 1.33.4 suffer from a local file overwrite and local root escalation vulnerabilities.
2fdd4977d213bb5c2935ac3f55fed30ddd739101b5af3e32b4eaf8b45c8688f5
Debian Security Advisory 1778-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting (XSS) attacks because of missing input sanitization of the introduction text field in user profiles and any text field in a user view.
8e0d38429163229befdfea8c53107cdf16af82d127ee36f91ccf85c90f4dcf64
Mandriva Linux Security Advisory 2009-094 - Multiple vulnerabilities ranging from cross site scripting to denial of service have been fixed in MySQL.
efe4a9edeb912ca4ab3cdf28f677cd6bbd838e39a3223c60330cb558ed501a11
Mandriva Linux Security Advisory 2009-093 - Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute some of these details are obtained from third party information. The updated packages have been patched to correct this issue.
7ca24be1927654b44ebed1520ee65a169f5be5f13e784eb0b819508048825518
Flat Calendar suffers from authentication bypass and cross site scripting vulnerabilities.
cbc69addea41ff9758b302bae6c202c55df4b4738aa3a1d7c37c0ad8bb2e5be9
Xitami HTTP Server versions 5.0 and below remote denial of service exploit.
35cb32d7e8deb076c7ece655c1ebee2fc47db30abc7a63c579587e00b7a55c23
OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
b9e8e6873e5cfc0b5bff94d7ca06bd1dc5e88d370673299d89b8b8d890b81afa
Complemento is a collection of tools for penetration testing. LetDown is a TCP flooder written after reading the Fyodor article "TCP Resource Exhaustion and Botched Disclosure". Reverse raider is a domain scanner that uses brute force wordlist scanning for finding a target's subdomains or reverse resolution for a range of IPs. Httsquash is an HTTP server scanner, banner grabber, and data retriever. It can be used for scanning large ranges of IPs for finding devices or HTTP servers.
0fc520b857f3d367a876deab158b90287f0d8020981d24071511ca1b200f4d86
Femitter FTP server version 1.03 arbitrary file disclosure exploit.
a006235c6dda92824eb6bd609e21ff6c1f93973fc99d70a9f676bcb23525cb77
elkagroup Image Gallery version 1.0 suffers from an arbitrary file upload vulnerability.
f0f7b321c3b0c43fd9189968f2bfc9b7776d2ec36be0b6e0ae6e677f32393e5e
5 Star Rating version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c8c529137daa99e9cefe0714b795c5e0b5f258c7c75b19e65d467073563ed093
The 010 Editor suffers from multiple buffer overflow vulnerabilities. Proof of concept code included. Versions 3.0.4 and below are affected.
165db10eef69616281f6faafac84e71c5debd62fb333ccb52ef94a16099b5f08
Secunia Security Advisory - Fedora has issued an update for xpdf. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
8b2d325456676677887355b789df5519956df5d5b74aa1799871df88bfed599a
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Delegated Administrator, which can be exploited by malicious people to conduct HTTP response splitting attacks.
8d5e4d44cc989c01ce616f9aff073b053c6b6779fde75709ca10dd7ad192c747
Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially compromise a user's system.
ee2323cec18df934763886589060ccbfe8097e8285d9dfc93e3c1c0969dfff34
Secunia Security Advisory - Juan Pablo Lopez Yacubian has discovered a security issue in Trend Micro OfficeScan Client, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
38efea6a1cb8fdc8bff0381408cc1a2973d83c841e6bcf532c331ab792b8fba7