Ubuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.
3fb2cb00293b9433bb7a314ad1133ece46c6ffedfee76a4d5aa89f878f586f2a
Mandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.
c32d185de2531fd55fb4bb35f45a43423744d5fefac8aee1b0ed53a5b35d92e6
Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
4270f8e9ae4654fadf832c0bd519c5b09117a7ca233ee391480dd1eaf3de91aa
phpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1e
Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
ca0598a357569fce6ff669d7a3d77867c42650072d28dcc5457252e477124a60
GMTT Music Distro version 1.2 suffers from a cross site scripting vulnerability.
1a0899d47b570e020d1cb2e46605734664563b5be76559eac2a7d188516cc3fc
HP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.
27057cb2fd99d8068558967fbe04a29bf3a5da8e7670c9421cc5131fc4465279
The SRI (Romanian Secret Service) web site suffers from a cross site scripting vulnerability.
e06346ba4ed87594a59beb8b723f5609c1fc58ce693c886b0ebcfddcfea8348f
ClonusWiki version 0.5 suffers from a cross site scripting vulnerability.
289d9544c7f43f9c4c6fa455f0685062750af0d98e316537030a2a0c7b60ad38
Seccheck is a feature rich, modular, host-level security checker for Solaris 10. Easily expandable with customised modules, Seccheck produces highly detailed reports based around known and published security best-practices and guidelines. It also produces recommendations on how to fix flagged security issues.
9d9784d9c3be953f976d0f5821ed15d163b127f5a474f9fcc3200fe1df98c103
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
2c6e709073a7cdb9c73863b3f5bdc77d7cf526162cb4ffd1a1e89e56a7b4fb49
Cisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
a0746637f5138fab1d05f36d2739eaa287d102dd2b3c9adec47d675395dde8d1
Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
6e95cac97dd31c0672d924b0560b7cefdfee1c459633660ce49287159ace5b7f
Microsoft IIS5 suffers from NTLM and basic authentication bypass vulnerabilities.
62deb75d4279d8e14703bd0f0c22f77345ca3d79b23d558d052acdb9ec13c878
SniffJoke implements sniffer/IDS evasion techniques. SniffJoke runs on a network connected box by selectively applying evasion techniques to sessions involving it. Evasion application is governed by user rules and implemented with a netfilter/ulogd module.
fa26b5c1f7404da6b5ac31e14a7fe20607c48b583e5075bb8539ff76fdf04493
BoastMachine version 3.0 Platinum suffers from a session hacking vulnerability.
b9939faf019e51e377ba9bd0a15a4a5d3e290a41e5be8ae123e3b113ca794505
Jetbox CMS is susceptible to a cross site scripting vulnerability.
6ac317ad7caee78d4ad3a8792a585c3248aa1aa76ceadc5f4d61776064d276ea
KSign KSignSWAT versions 2.0.3.3 and below ActiveX control remote buffer overflow exploit.
0ee06f032736271c342e2c2a674df363a34ac8993d352428245e5eff1373bd54
BtiTracker versions 1.4.1 and below remote SQL injection exploit.
25d51ef96105b0b9824aabaef062ce8ee191cb87ffc869d45031c70c82767175
LeadTools ISIS Control ltisi4E.ocx version 14.5.0.44 remote denial of service exploit.
398581861fbeff645070f4e5e70df84705cc34d9eabfa876d19b8c4a80cfc0e3
CubeCart version 3.0.16 suffers from a SQL injection vulnerability.
b67323882e8c104f606a9d286fda07f3a0630e85ae7c8a3881213f91648023f5
Debian Security Advisory 1281-2 - On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny).
9393c77b1dcc3fe237206a87cf6b51dda9f2e8d6082900ff12269b91061ea3e4
NOD32 Antivirus is susceptible to two stack overflows. Version 2.7 is affected.
dbb0aeff340395bc32d18c9354742594778d84825a8fabe58ba2fe7a979a814a
ABC Excel Parser Pro version 4.0 suffers from a remote file inclusion vulnerability.
5d04cb3372e62e1de166becffa3be149bb55a3cbe0e812a7bb4009a56f03c0ad
SAXON, or Simple Accessible XHTML Online News version 4.6 suffers from a remote file inclusion vulnerability.
e62d2baf60cef60affec670faeff47d10eb5e00cd57c4143d06b0d1c344e112b