Gentoo Linux Security Advisory GLSA 200601-10 - Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime Environment's Reflection APIs that may allow untrusted applets to elevate privileges. Versions less than 1.4.2.09 are affected.
2e648923cd041ff66dffd132045418f51277f8716ab8fc6bff668755db426148
PunBB BBCode suffers from a script injection vulnerability.
4b3f756b76ee9a2fc41d0fcaded8a692ac7c0235fcde2eb839afee5bccdae4ee
Ubuntu Security Notice USN-242-1 - Aliet Santiesteban Sifontes discovered a remote denial of service vulnerability in the attachment handler of mailman. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash.
d4b482330864088fe99c59474e161f30aad2cfee1cef487ded2cd1ad374aa43b
phpXplorer version 0.9.33 is susceptible to a classic directory traversal attack.
ac4ae6dbda767c9e844fa3bd3eca0ecf7a6711db13f20a93a1daa41e9d71e3a5
dnsgrep enumerates DNS information from a domain, attempts zone transfers, and performs a brute force dictionary style attack.
49bb65538635d1e5e57ad75ecf19fff9476d1befb97e65c9a87d81466598aefa
ThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication, can be tricked by a 802.11-based wireless client adapter operating in master mode ("the attacker") to discard the WEP settings and negotiate a post-association connection with the attacker in the clear.
85332b49ddbb1be65ef1f303c4d24404a14fb00bc71d5cf6480c1a568aee24b5
Debian Security Advisory DSA 942-1 - A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution.
405d9bbc999d40cf28ff3aec11fdef6d04a64fa08e217a56121a78b378813149
Debian Security Advisory DSA 941-1 - The Debian Security Audit project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion.
18e883fa2d306bcebd3c4fe5f9adff5936444196f9eb65536da89db3e4b3bc88
eyeBeam softphone remote denial of service SIP header mishandling exploit.
c9af2dfdb21e5a5ab2c257b74a84585563a0f0be60d3124fc374306d1a84e010
WHITEAlbum is susceptible to SQL injection attacks via pictures.php.
ae1fcebac9700b83ec80ba4aa8ce091854b6d6537de98123711e7ec7fa906238
Veritas NetBackup v4/v5 "Volume Manager Daemon" remote stack overflow exploit.
6bf7782bcf9b0245b5dabd142ec6d47ca62c1fc2f9680b45ea2ab2ef81f1da93
The Web Application Firewall Evaluation Criteria project is proud to announce version 1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls.
30934b361df1e3d08250b193e224b8b6ceb4dc93d5c4c031e85dcf23afe88bf8
Bit 5 Blog version 8.01 is susceptible to arbitrary javascript injection. Exploitation details provided.
20802863624b0c230d55b2395c9f22fd31cfe95f68382012775c98d0f8ec744c
Bit 5 Blog version 8.01 is susceptible to SQL injection attacks. Exploitation details provided.
d20f451f887b429370f4acfe04bcd2a7745d6e075c3304a35479ec1277cd9894
Benders Calendar version 1.0 is susceptible to SQL injection attacks. Exploitation details provided.
60854192744acb437eb561a320b50d6ef605efb6442f681091424b95853a7b01
Cerberus FTP server versions 2.32 and below remote denial of service exploit.
f22de0e2d4844c1294de07fe53ef9dc93dad62bddf095223e5f309589eac21f9
HomeFTP r1.0.7 is susceptible to a denial of service condition. Exploit provided.
b8d1a8782b1d5466279e00c6898f2133b9f66204741fdffd0c4a16648a2c1a81
Apache Geronimo version 1.0 suffers from cross site scripting vulnerabilities.
a7abdcc2cf2d5a7466c234929075a4549954e4fd37dc2826b8144ae0ebd188fd
AmbiCom Blue Neighbors versions 2.50 Build 2500 and below suffer from a buffer overflow in the Object Push service.
da47d3a1cfa2a10633bedd980ce061b8059930008236018cc8db60cc23de5f44
Ultimate Auction versions 3.67 and below suffer from cross site scripting flaws.
9128386042efd1779d1c7c56f599177b0f4f184a4a37715ff86f4358c23d98db
ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
6f7678c11d532e2dadabcbc05d91558265b6fc461a82c4b03342340ae8202b44
Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
3f136163626400c62192bab817c2e81c36503a9e5b8e018ca3df67bdeef745c1
FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.
3e8650213f09e8611b518feccdd3d3e7306a04a1ba21d5a41b31cf8a2273ae86
Bob the Butcher is a distributed password cracker. It is built around a client/server system. Cracking speed scales linearly with the number of connected clients. It is designed for efficient cracking resource usage. It will handle many password files at once, aggregating passwords as much as possible.
3565d156d637501a1c623bca37f256022300a8b1c85d29c84bc142e0c01480cb
EZDatabase versions below 2.1.2 are susceptible to cross site scripting, directory traversal, and path disclosure flaws.
cc361d96f5afcac49024f0503bb6866e25b0a4c51fe3912ad76626370d097d6e