Secunia Security Advisory - ajann and double0 have discovered two vulnerabilities in PhpLeague, which can be exploited by malicious people to compromise vulnerable systems.
ccbd92eea88876522dc84946d48dd84fd58fce0cd0e5d7a2737fdb3d12e2f50f
Secunia Security Advisory - Mr_KaLiMaN has discovered a vulnerability in Messageriescripthp, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site scripting attacks.
556026bbafa4bb72403303e7d9b0b6d068b1a7c60f672413767b38047e1bfef0
Secunia Security Advisory - Some vulnerabilities have been reported in the Help Tip module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
1290b4972651f97b892ebf42dc80e4372b4a05d1323457b0e478731406e4ba46
Secunia Security Advisory - Aria-Security Team has reported a vulnerability in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.
b0a7cf5ab17a8ebbc5541ef267ce1671ef07275a66cd0ae3cb6d4254d5644e9f
Secunia Security Advisory - David Ferguson has reported a vulnerability in IBM WebSphere Host On-Demand, which can be exploited by malicious people to bypass certain security restrictions.
7abb46a32f85dfcd2d693358da24436c5b39d4bb1bff041a57ac0637cd701ae0
Google's Orkut suffers a cross site scripting vulnerability in Friends.aspx.
54f7fb968916a256650f6619e9ef894ef3d49e1e3ea0afc583c17ce227f4b391
Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.
e3b72455fae8d556eade84f6b95183d9fb3856484b23d09de4ad46012248b887
Secunia Research has discovered a vulnerability in MailEnable Professional Edition version 2.35, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing data sent to the IMAP server. This can be exploited to cause a stack-based buffer overflow by first sending a command in the "Not Authenticated" state (e.g. "login" command) with a specially crafted parameter to make the IMAP service wait for more incoming data and then sending an overly long string (greater than 512 bytes).
50845d9664d4795bef5673fb158d9b6f36ae9ac4b5a0fc08c947afcdd0f0ba55
ColdFusion MX7 suffers from path disclosure, internal IP address disclosure, and cross site scripting vulnerabilities.
55f86e7929a884f0b6dd3f764aaf710b98410a62ad57cf00d38bfc635592b514
Winamp Web Interface versions 7.5.13 and below suffer from buffer overflow, directory traversal, and file extension bypass vulnerabilities.
b6d39a0ed8bf2392f5a542363514335b444bec94eeaab3c0764f8dfc8ddd9a1f
RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
f7a557d1d7629d43f156797a46704123e0578b55fa26893a8e1e21966d6eb64e
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
5c8f9dbd2871c17777b26f9f1da10ac0a5d1fea40e3cb8292a2e858940d4e91c
Due to a poor regular expression in FilesMatch in DadaIMC, arbitrary files can be uploaded and executed as PHP code.
69ba2b17e70b67cd3adbb888cdc09d556212c484e2b2bda33594d66adc41c10c
Two fuzzers written in Python. One is for PostgreSQL and one is for Informix.
af75ebb6e79ccd3bd1ad92b298d15a7e2ac9de795241f8cfa6b826f5bf9a6938
Debian Security Advisory 1233-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
abdb183f40070b89b9064b102b9d38042eed09878c658ed2ab595012212bb014
Gentoo Linux Security Advisory - The Resolution proposed in the original version of this Security Advisory did not correctly address the issue for users who also have GnuPG 1.9 installed.
28300367f0f1980b052817aa44ab90bb7814ba8c9c0852f0c6a9f449408932be
Gentoo Linux Security Advisory GLSA 200612-09 - Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encode_ie() and the giwscan_cb() functions from ieee80211_wireless.c. Versions less than 0.9.2.1 are affected.
c4cc14a0242dcdd4b4ae7f95cac8ae6f9faf9af0fa3a0a756466818a01d755dc
Gentoo Linux Security Advisory GLSA 200612-08 - The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution. Versions less than 1.0.6 are affected.
61b0cfd1549aa75f25e12455e972f0d4d7dbdcf3db623941ce5be694e3a888bc
Gentoo Linux Security Advisory GLSA 200612-07 - Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary release of Mozilla Firefox is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.
d29a4e949c4e6c623ca1e6c3bd4d19212dfc4cba2c61f35fbaee4ea84281a475
Gentoo Linux Security Advisory GLSA 200612-06 - It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.
a4a757f65aeee78aefd96ff6331df1d3b3655a661d4175732c7163d5d331f69a
Gentoo Linux Security Advisory GLSA 200612-05 - Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint) file without proper sanitizing, resulting in an integer overflow subsequently overwriting the heap with parts of the file being read. Versions less than 1.5.0 are affected.
a3d683d3deb8544801f40db173ea37a597a3bc75de4e2f4e2976fa67684f87f9
Gentoo Linux Security Advisory GLSA 200612-04 - Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the CSoundFile::ReadSample() function in sndfile.cpp. Versions less than 0.8-r1 are affected.
9cc79aaa1aefdc8b1b95acd0b11e41c6a5abd1dabe839cbf312ab07616ed737b
Gentoo Linux Security Advisory GLSA 200612-03 - Hugh Warrington has reported a boundary error in GnuPG, in the ask_outfile_name() function from openfile.c: the make_printable_string() function could return a string longer than expected. Additionally, Tavis Ormandy of the Gentoo Security Team reported a design error in which a function pointer can be incorrectly dereferenced. Versions less than 1.4.6 are affected.
7d3d8421e9e44d6b109815c5c9659a27a917b90ca3eac250aa8a4056eb89c4da
Debian Security Advisory 1232-1 - Stephen Gran discovered that malformed base64-encoded MIME attachments can lead to denial of service through a null pointer dereference.
14f8511a595499af5c1bc9b288fba4ac69f2c0272a26d6083dda6aab67fdfab7
Debian Security Advisory 1231-1 - Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitizing function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.
f67a2d1c90c023729e0ddced605f0a8606af3720511cb5300dd9784ea2090aa4