Mandriva Linux Security Advisory - Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
22b534682be7c308115f64e42b216bf5eb9aa48e9cefa357ef9f44cfd05ead13
Mandriva Linux Security Advisory - An integer overflow flaw was discovered in how python's pcre module handled certain regular expressions. If a python application using the pcre module were to compile and execute untrusted regular expressions, it could possibly lead to an application crash or the execution of arbitrary code with the privileges of the python interpreter. Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
768924f6a4c4dc0d8aa6d014cd64650fde1304e861e573e4128b3711365bab10
Secunia Security Advisory - Some vulnerabilities have been reported in BugTracker.NET, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
503cc5c94ff10a6a1605952c67858f19a7e0d3ac4ac6adedea8b6f0bb71250f4
Ubuntu Security Notice 568-1 - Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges.
47d59960e481124c283b84984065380cc224fcda98eb11e54fce799c288e75c1
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.
d3505a1cd6fd799ea1c25183890de56f606ba71453077a7b318259b08b71a0a0
The F5 BIG-IP web management interface is susceptible to a cross site scripting vulnerability via the search functionality. Tested against version 9.4.3.
f24e831838b0cad45609bd942c655b29b4ed3bad399ec918e6c0487981cb4ac5
Macrovision FlexNet Connect download manager is susceptible to an arbitrary file download/overwrite vulnerability.
8656555b01e9b0c8e79ba5f966804d2fc68fd444657ea0fcadbb3c73f9b8cd4f
SQL injection digger is a command line program that looks for SQL injections and common errors in websites.
b76ba9f76bdaeffbdf068c3668af79e1c700692ab288ce7f8cdb25c51dbb034d
radmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
d7fda757c317f079a7ba1be30313a36c20de6c873d256c33d826065c4e747c39
pMachine Pro version 2.4.1 is susceptible to cross site scripting attacks.
bdc37f2832cee5b6136998e922d72de5e15df74fa5bb26ee2f0dfd3fdfdaacdb
Secunia Security Advisory - A vulnerability has been reported in the Meta Tags module for Drupal, which can be exploited by malicious users to compromise a vulnerable system.
c338a4807bdfc44f8758597abf82ed3a3b758b488c8b95d5fddb31d024569c23
Secunia Security Advisory - A vulnerability has been discovered in Merak Mail Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
d888525f35ccfd4b31cabaed84617585267676c2fe5451971fc3e98d4391caef
Secunia Security Advisory - Avaya has acknowledged a vulnerability in multiple Avaya Products, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
2b29f54ab29d3187fb74b1297b55d5fc8349e6820650f968cdbc3c7fb9fef9fa
Debian Security Advisory 1463-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
bf82c28f78aa61e68865b176249ca0279e41256a1de3a041b5d109a070a22eeb
Debian Security Advisory 1462-1 - Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user.
34d83e3f33fc2dc2320bc5364a40d153c1cc12515fa7ebe63bb9aa861ba28301
Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.
2bbc3fa2b0758e79588a696950f034e141bb876356c2272039fa877fb0f10858
OpenStego is a tool implemented in Java for image based steganography, with support for password-based encryption of the data. It currently supports embedding of messages/files in a 24bpp images.
7d5861e2b2cbe80051d2f00db1b195b9062c6284c4a38504c5e49bef3292ea58
nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
ee8da86e3e3ddbf4b2ea22dded69011ef2bd21bd252c5a7bc3345b0ba33103f6
NUVICO DVR NVDV4 / PdvrAtl module with PdvrAtl.DLL version 1.0.1.25 remote heap overflow exploit for Internet Explorer 7 on Windows XP SP2.
9ee68690af569f2155d52e1d0bea6ce85186e02b540a9a4924aeebc6c338d350
UnHash is a program that performs a brute force attack against a given hash. The hash can be MD5 or SHA1, and the program will auto-detect which one is given.
0da019894b5b5cb8fc598fdb80398008f06dba86151dacf31b57a1aba8189481
Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the iso version.
753536fe2af35d138de722bf798be521b1e439751d0d0efb32be27d8aaa043b6
X7 Chat versions 2.0.5 and below remote SQL injection exploit.
39ef9682ce0dc16c45ccb63792eb60654cac2f859b0121185f5ccd3e962e460d
Debian Security Advisory 1460-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
15fa8c37a84c4650b0057ddb1f483cac6bd377383f70e2bbe3482537af09de8a
Debian Security Advisory 1459-1 - It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.
46c3e291053b62c8aa599099c781e01b50fc301f5004cbe793852f1d8f556e1d
Garment Center suffers from a local file inclusion vulnerability in index.cgi.
dd75805444e5db8d161ce01da7de47d07ccf1013b33c66cfd8e358e510ee0fbf