Secunia Security Advisory - A vulnerability has been reported in Novell File Reporter, which can be exploited by malicious people to compromise a vulnerable system.
f2d96cb20ed235e1198afd2ba0a79910ec27fab4f434a161c837bd255f6deb37
A SQL injection vulnerability in Graugon Forum version 1.3 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
3bcecefc8d0994b2b9a59c8df53e1886cb57d1152b8f0e4a5b5c142041702ea0
A reflected cross site scripting vulnerability in eyeOS version 2.3 can be exploited to execute arbitrary JavaScript.
819bd7630294e169d5d52bacf0e632582fa148a63cfbeb6d1d2c6bfa6153092c
eyeOS version 2.3 suffers from a local file inclusion vulnerability.
0427304632368ff5ec4f1b561216ab1c3e6ed8d58a7d7be7cd857ffdc05b3ce3
Ubuntu Security Notice 1105-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction.
904a543705cc638bbca74057089fec2151fbc499e81f85373bf328d0ed447cb3
PHP-Nuke version 8.0 with the Surveys module suffers from a remote SQL injection vulnerability.
317c146f01fb82b7b69471faf89989470fbe8e2c070464674213164d5b50c983
Mandriva Linux Security Advisory 2011-066 - rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service or possibly execute arbitrary code via malformed data.
3165d174351e14344f1321446aeaa3c291878901d3af7e9c605b732a8f6f04a1
Secunia Security Advisory - AutoSec Tools has discovered two vulnerabilities in eyeOS, which can be exploited by malicious users to conduct cross-site scripting attacks and disclose sensitive information.
32854d7e9eee18aa53a3d012aa3f39644408f459fc8c832f1206b38fc29e610b
Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.
6e30996afdb233587e5c3eb2face3f40130ca442e0bbd0dbf5bd04b33b95dff9
Secunia Security Advisory - Michael Brooks has discovered multiple vulnerabilities in yaws-wiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
40057cc5dc8dcebb5993068f826db02ab5ea854f652a85be62930873dbf3fec7
Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS.
f95715ca8d6c4993b4bbdf2c5c9b730cc58da48514d0f8fc8836d1a2b8132257
Mandriva Linux Security Advisory 2011-065 - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
ddd7092fc719230ad39aafb4df1ca804827100c4f41a22bd0c33e573caa8e096
TutorialMS version 1.4 suffers from a remote SQL injection vulnerability.
05dc88cc41754a5b425398dbff864e6b5d579f95a6559c9bfbdc906f75486443
HP Security Bulletin HPSBMA02652 SSRT100432 2 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in information disclosure. Revision 2 of this advisory.
626e66ddb606a622e746f8f628f047dea9ca421a30b5dfe761f7b8a05dc1dbeb
WhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability.
64994ec364de188192918e15c09cd01c62c3b8d080e9777b5d785d7f55d509db
This Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.
58a0109fc5ef5bec16039ceb68600f3e20fe6be1a9d5c1104237dc5b1f0cde5e
This Metasploit module takes advantage of a trust relationship issue within the Zend Server Java Bridge. The Java Bridge is responsible for handling interactions between PHP and Java code within Zend Server. When Java code is encountered Zend Server communicates with the Java Bridge. The Java Bridge then handles the java code and creates the objects within the Java Virtual Machine. This interaction however, does not require any sort of authentication. This leaves the JVM wide open to remote attackers. Sending specially crafted data to the Java Bridge results in the execution of arbitrary java code.
0b7ab4865dc9886b7d46ce4b5433ed01d7157a9568397fc5d7d07dd4d712244f