Ubuntu Security Notice 1148-1 - It was discovered that libmodplug did not correctly handle certain malformed S3M media files. If a user or automated system were tricked into opening a crafted S3M file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed ABC media files. If a user or automated system were tricked into opening a crafted ABC file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.
47572f380d544382e12b13f2e36edd46917b95d1734b4774a69a591b5847824c
Ubuntu Security Notice 1147-1 - Nils Philippsen discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
9a0dabd4967dd12b853bd86ec1bf6545bdc5c550d1a6ebad3429bbcf87ce8025
Mandriva Linux Security Advisory 2011-109 - Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.
2979eb987feab5a10d626a2c9dbdabfa61d8ecc1f406797392b89e4358d17f2d
Mandriva Linux Security Advisory 2011-108 - Apache Xerces2 Java, as used in Sun Java Runtime Environment in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
36474762543fd2efb0f44fd4865e7e2b9783b3ed2e9b6dbf845f00b3cd0de55c
PHP Nuke version 8.3 MT suffers from an arbitrary shell upload vulnerability.
181c0fcc602b1deb943f8fdeb52a8071760462be19ecfb091d5e21fce82afd2c
Vitaminedz suffers from a remote blind SQL injection vulnerability.
b6e3107bd47facb38e4641043cac3190a5677f7807ed93479482b8529cb9bbf9
Microsoft Lync version 4.0.7577.0 suffers from a javascript insertion vulnerability.
9acd1aca4807a7c979ac9855bff7008e1cc076bfe2053fcb09c6116d049ef43d
Debian Linux Security Advisory 2258-1 - It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place. Please note that the advisory number listed in this advisory incorrectly calls it 2257-1, but it is 2258-1.
60c5310993e97c19c5cdcdcf134c44109b643441cbeea79d62de1831cea396a1
HITB Magazine Volume 1 Issue 6 - Topics include Social Security, Botnet-Resistant Coding, Hardening Java Applications with Custom Security Policies, Windows Numeric Handle Allocation In-Depth, and more.
9eacfcbf4858146cc29b89cbcae803908973204a08ad6d2a0b48070b2ac8a2f8
Proof of concept code that demonstrates a distributed DNS reflection denial of service attack.
7be16c76bc50e0af17b21f118fbb3b1ea2b08b93b013a433d54cec209c969b5a
The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
78c3152a268abcb69d89c5cd88f9beae9b53670bfd1a4d91de4219b2806d0939
ZRTP Protocol Library is an implementation of Phil Zimmermann's ZRTP protocol, created based on and interoperable with Zfone beta 2. Combined with the GNU RTP Stack (ccrtp), this offers the ability to create communication services that natively support the ZRTP protocol.
71a8b09e0b60248d6598c95f2503bbfee6d8671f76ebf7f7ec12c8db8b45dc17
Debian Linux Security Advisory 2259-1 - It was discovered that fex, a web service for transferring very large, files, is not properly validating authentication IDs. While the service properly validates existing authentication IDs, an attacker who is not specifying any authentication ID at all, can bypass the authentication procedure.
9908ad9a1c5938f3bddc674991c324057146b539427b7b9d1b47d1129dc59394
Technofact suffers from a remote SQL injection vulnerability.
35da100d665874f66ccdc76228dbfb685e6d20a5480848ce5fad0ee92c007c87
Web Application from Site By Wapps suffers from multiple remote SQL injection vulnerabilities.
0926f0d36a2e55d88c1da6d9d937205a25aa30e31c182361a61a3d848279507a
MGF suffers from a remote SQL injection vulnerability.
295783e50df681bff1aef24000e8ef3fec57383912b9bf79e07a36243c6d03a3
CyberScribe suffers multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.
96d942971f20795194b658222aec09900cee4b458b7f27034bc4247c88aac75c
Athollsweb suffers from a remote SQL injection vulnerability.
e37d712df6637b966e55d2cf9e9a7d7853d6a66019e64af337a9117ea40ca378
WebFileExplorer version 3.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
44b3d587145cc97fdec0a1cdb44c1f309ce0131173e63b8c10cc4c88861dbee0
Whitepaper called Blind SQL Injection with Regular Expressions Attack.
167010ab38c65a1b629b2eb5767870004cb391e155573d9cd652fbf5476b540f
Secunia Security Advisory - Fedora has issued an update for cyrus-imapd. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
1c593d0135f6626863dc3cfda261296b93045b4619a0ff50eb8329247f398110
Secunia Security Advisory - Debian has issued an update for fex. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
3e106436b8a93cd6ad560add11268109ca1026e7d5f8590d523cfa546e6c5842
Secunia Security Advisory - Fedora has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise a user's system, and compromise a vulnerable system.
dba78f7ecd8dbe025661211373b755a7a2e2bfde256836b52c2d00fe4df5be90
Secunia Security Advisory - Fedora has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
8b284f27d2b47e9133f4be13ec69f485d81aa3e2600633403837aa10259e25ec
Secunia Security Advisory - Ubuntu has issued an update for qemu-kvm. This fixes some vulnerabilities, which can be exploited by malicious, local users in a guest system to cause a DoS (Denial of Service) and potentially gain escalated privileges.
01199afbb217017e0003f91d6ef9796983fe7c83835e382a5539b75b2beb7126