Loadbalancer.org Enterprise VA MAX version 8.3.2 suffers from a code execution vulnerability.
c1b5933307b825ef281540222a9dd2caae7b662038c0531344d50d6c23d82148
MaxForum version 1.0.0 suffers from a local file inclusion vulnerability.
4d2458db553c660de071d51ccccb2c8f7509d219f2b6d8b54eff09baed72708a
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
9897b37f6a6a7380f2b1a3104f85aedcea9b84b5400594a0944e88925eada2e7
Secunia Security Advisory - A vulnerability has been reported in Edimax IC-3030iWn Network Camera, which can be exploited by malicious people to disclose sensitive information.
f4cd0de086ff9f40c210133d0848e3f36873522b32307d11c836b710be647608
Edimax version IC-3030iWn web administrative authentication bypass exploit. Written to use on a Mac. This also affects Edimax IC-3015 and Airlive WN 500.
752e66671fbfcb2b8ecd43374b58b4b79148ce19656b38f3936ce93089219033
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
2f1ba76561161a4b1b0a817d76cb62c817dd94f5aeb98806a1a2cb79ca795bb4
This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success.
2d6d029945aaecc2ac0003cb91c1250f912d627ce695077b2bfbd1919c57f669
This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50e
The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution.
faaa583588ea28e78dd0709b7d226804732abda76965a7dc1e8370600d08440f
Maxxweb CMS suffers from a cross site scripting vulnerability.
38c469861a4a9cf8469dd60047951e878965800747f1740ea27f2c4ac072974c
Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
c5af0b87c0d07cfe6780ed6a76d4bce133b1d1406b01562b9076a80e82021b72
Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
dbddb067eea6285ae03840af13f5b96e3c76ac98669cc499d09536c755bea07d
osCmax Shop CMS version 2.5.1 suffers from multiple cross site scripting vulnerabilities.
6db2dfc3aea6aad608c9987fd8b25aa5ce53e8a49aaaebb40806872a1652c3b1
Secunia Security Advisory - Two vulnerabilities have been discovered in osCMax, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
2fc5aa4aed3eac3a02a8f944be7d59179be0bcacfe216ca374f63e5bc8cb7bf6
osCmax version 2.5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
a5e02d0c69dca1d97fea82c33739c01c6d48ffc92847f347e9d1d4283a4ae4b0
Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in osCMax, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
1b55b109a29a064c391dbf46a8d69ae280622b85569438a4f7f8a35e16bf9ec3
MailMax versions 4.6 and below POP3 USER remote buffer overflow exploit.
14b8a1f5446fbce8f0033455b422da494838ebd8f710bfefe2e225cd86bde3c9
Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.
7d0ce122aab6b55983ad9b309da39537a16589ba657d163e326d34fa4f7c8abf
Max's Photo Gallery version 1.0 suffers from a local file inclusion vulnerability.
c29e086711461caf700a0cb9b6614a3127c0a18809e32ce91ef6f67523f514c0
Max's Guestbook version 1.0 suffers from path disclosure and local file inclusion vulnerabilities.
b9b523de9c2261e48feaa347895bf53bf393e2e05b6eb7a951fd4ee84dd02834
Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in IBM Maximo Asset Management and IBM Maximo Asset Management Essentials, which can be exploited by malicious users to disclose sensitive information and conduct SQL injection attacks and by malicious people to conduct spoofing attacks, cross-site scripting attacks, cross-site request forgery attacks, and cause a DoS (Denial of Service).
7514f966ff15afa9258bc26ac26809d3363aa22c0c6bbd14217e71db67188af1
Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
7d7c2f550994a2e5cd5e28b925d468c48c1d40628d005eac85f1b8d0d1c73513
Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.
4e7832bc4af2f7480c0583d5776cc3ff599367f5f6f7376c2832f74a7230342c
Debian Linux Security Advisory 2403-2 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
0a43317dba937253385b54d3b26aa2f4ebcd6897c1a37b0fba9b5f3f67463d3c
Debian Linux Security Advisory 2403-1 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
bbcaf9bacde93e6ba6e9cb4dfce9298a5d4f4801092f02f18b73ed6239c2c48d