Secunia Security Advisory - A security issue and two vulnerabilities have been discovered in Greenstone, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
fe98216e4aabcacb304f411427316aa8a054cc822f15207f4e1a88716d0b8c50
Secunia Security Advisory - A security issue has been reported in phpCAS, which can be exploited by malicious people to conduct spoofing attacks.
a5a96a7db7145f90971a55670620bc7e469891670bc59a4fa4a1c9553ee0e609
Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.
90ab742926bd9cb0fc57e37ec8e11486dca2cd8c598556ffb9050f73ff6d40b3
BugTracker.Net versions 3.5.8 and below suffer from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
07b4beeb256cbf8c5f0d3759fcd338c89a7c545ae95b815b4e6b4126652889be
RSA Adaptive Authentication (On-Premise) version 6.x contains cross site scripting vulnerabilities that could be exploited by malicious users.
84f8cf21f7e1dfc3a155bca1ff11ed500da27015edcbfdf7f394bf6e738444f1
A filter and mail encoding vulnerability in the Skype Community website application allows for cross site scripting due to a lack of sanitization in the username parameter.
8139126dc6bd54dfa68f620141919aee07c4e0dfb91c8b9a3c0ad4c2c83d5fd4
A filter and mail encoding vulnerability in the Skype Community website application allows for cross site scripting due to a lack of sanitization in the message and body parameters.
44fd3382c5f0a2777c58764b28b96984dab051341b8031ab27b5073128a5bedd
SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.
f10319dfa651023dad3d0845d284ec08ef982c1fc1bdb55cf8a725f762961e97
Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
49a32b62fb4070d1e8aaa6c34b9e46b28acc5b05eeb6b1a378719f9edcaa254f
Seringa (Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation Foundation (WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside (a manifestation of the Open-Closed Principle).
12c6c7ca253db5b9a765be47d038f7aafa4725d090e4409dd3208b0d3aa802e9
This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
ddda9ef400d14cabdbdf2f3208a25c3493b5c17111bbffef64ec3fb342b45d9d
EMC Smarts Network Configuration Manager versions prior to 9.1 suffer from hard-coded encryption key and unauthenticated database connection vulnerabilities.
439bbcd4a69b43b581354b97da8d2fc1d0f95a1a7e8f113e8b824661c159e743
VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
5a8e530f261da8290d43f4bfe0c239292f5ff8d72f3e1b7040beafbd9b701dff
mcrypt versions 2.5.8 and below stack based overflow exploit. Bypasses NX and ASLR protections.
6f15e1bd074af02d183bab2a865cd5bf95ecee50e01396c6679bc20335f5266b
SmartCMS suffers from a remote SQL injection vulnerability.
8b086e2e6bc7eeb1ffd6e000847cd1748adf58f95967e0ef4dd1f7b1159e3217
PRADO PHP Framework version 3.2.0 suffers from an arbitrary file read vulnerability.
fd086e67da0464ec36c572d088ffc6674ea2d174e7ab301aeecffdd832d45766
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
2f095984dd9cbbf4dce417ecd81640fe47732322d025062b2c9a189d022de0d3
cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
d054766533535bda5c86d8650a423042fb8de3363a77ff9ebc18531177104f66
Incomedia WebSite X5 Evolution versions 9.0.4.1748 and below suffer from bypass and cross site scripting vulnerabilities.
6c4adfb0b186de88cf8aa1d1d84f4ddb0f4cd1d3e8f1f19606cace93970fa3a1
WordPress Oberliga Theme suffers from a remote SQL injection vulnerability.
2d70289de97e352a135d3a3978019801c6eaea9b5dec5fae3815e1895fa50be9
PHP-Nuke version 8.2 suffers from a remote blind SQL injection vulnerability.
5bd40e5c1333df98f71396e246db2673bfba846ced867a9b077d381b492c9545
Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
8b11b2967d13e3ded26849ef210ba513392094241eb9abed528937a8aed5e852
Secunia Security Advisory - A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).
ba2da04da292ff0dacb00c4df8fec6951c9f28253e4bc3dd88f6b1d54d01bad8
Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.
f2c8ad4820af79432ab9ae3955e7ac0789beda59c53668e1c6c9b6908ab08caf
Secunia Security Advisory - Julien Cayssol has reported a vulnerability in Synology Photo Station, which can be exploited by malicious people to disclose sensitive information.
3be5b46d5361090d126ad0adbf7704a61d183dd5ce049b6472644228c0f6ed78