Enable Media Replace WordPress plugin version 2.3 suffers from remote shell upload and SQL injection vulnerabilities.
c704208044e25049fc23310c983128a5a4dd32de8271a106ecf2d492cf255edb
Secunia Research has discovered a vulnerability in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "read_special_escape()" function in src/psgen.c. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the "-e" option. GNU Enscript versions 1.6.1 and 1.6.4 beta are vulnerable.
8a7d447dd69db4f8d793cacd7994b607c6795026d0ed31d75ebc239dfccf920d
Secunia Research has discovered a vulnerability in Evolution, which can be exploited by malicious people to potentially compromise a vulnerable system. A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Evolution version 2.8.2.1 is affected. Other versions may also be affected.
041da7106d89467969e704e26924c8b857c84a03ce6cb4e5b2b92a09948ef4a5
Swedish Security Audit Group - [SSAG#001] :: cURL tftp:// URL Buffer Overflow: There is a buffer overflow in cURL when it fetches a long tftp:// URL with a path that is longer than 512 characters. Successful exploitation of this vulnerability allows attackers to execute code within the context of cURL. It affects cURL 7.15.0, 7.15.1* and 7.15.2*.
36ca04a1f057d6b3c5096a9dd844560eb67a9d261d88dc180d57bde1a777ddd1
Proof of concept exploit for the remote format string vulnerability discovered in the xine/gxine CD player. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.
ae1c511af9c5fd4967684e6f3287c7f4fca6594afee4b7ff717ad17350d3071f
Patch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.
6e77aa5381a31e060d00c8af9e23be5266d5a7c218794981c37b49ec78e5e54b
The xine/gxine CD player is susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0. Patch available here.
1aea14a58fd32bca633044be383cec8a50c14ce68e2981888d358c4b5a246842
Elm versions 2.5 PL5 through PL7 suffer from a remotely exploitable buffer overflow when parsing the Expires header of an e-mail message. Patch Included.
a0048706263ba22986c98fc1ac407ea2c9fe958fe2e09c38222c4cd1ea0a4505
kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.
e9bee41940b31705d7a37e1abef91138bcd038e3f0b86ffc9b0e2ca4c0f451a3
ez-ipupdate is susceptible to a format string bug. It, at the very least, affect versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10. It does not affect 2.9.6.
c6b17bb453d52744e3c14270258284ead1e82fe3fff997919a781b5809c62d15
LHa versions 1.14d to 1.14i and 1.17 suffer from buffer overflows and directory traversal flaws.
7ae3e4725ed69dd046198c050806c9823138937d3f1cdf941f31a097fd5ab9b4
Remote exploit that makes use of a buffer overflow in GNU Anubis. Vulnerable versions: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others.
6f547b7717fcf62439171559f0223a0358e15ef1457120541045bf8af97228f1
GNU Anubis is vulnerable to multiple buffer overflow attacks and format string bugs. Vulnerable versions: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others
b0fe1f61d8763fc679ba6f83853b5115d77c1101fb9f753f2ba402ca8da4f1e1
Patch and test scripts for two format string bugs and two buffer overflows that exist in Metamail versions 2.2 through 2.7.
5c1618c98e6a139bd0f992f39d1dbffadbc0e420c206670fe34abf8a5179ab40
Two format string bugs and two buffer overflows exist in Metamail versions 2.2 through 2.7. Patch and test scripts to test for these vulnerabilities are available here.
f87cacd3242fbcf612c56f4eaf1a98087ff149f8e0193954c91e2f2045ff1a8f
Two buffer overflows exist in lftp versions 2.3 to 2.6.9. When using the ls and rels commands during an HTTP/HTTPS connection, an attacker has the opportunity to exploit a sscanf() call in try_netscape_proxy() and try_squid_eplf().
763cfb7b83021a88fea152144b0becd3ae188d5febab74fae428d2aa26a62665
kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.
650ffa702ed6c8d0c73b7c94d754b38660d482b371122c9d3809924aab1d6f76
Alexandria versions 2.5 and 2.0, the open-source project management system used by Sourceforge, has multiple vulnerabilities in its PHP scripts. In the upload scripts there is a lack of input validation that allows an attacker to remotely retrieve any files off of the system, such as /etc/passwd. Other vulnerabilities including the sendmessage.php script allowing spammers to make use of it to mask real source identities and various cross site scripting problems exist as well.
3b8cd898c56ffd9fbcad5f8c4a643c6201ae0184608d07c89c46e5d1ba679c07
Hypermail 2, a popular tool that converts mails into html, has two buffer overflows. One exists in the hypermail program itself and another is in the CGI program mail. The overflow in the main program can be overflowed by sending an email while the CGI program can be overflowed by a DNS server being populated with faulty information. Versions affected: 2.1.3, 2.1.4, 2.1.5, possibly others. 2.1.6 is not affected.
61a11ef37ef28b1b5d6f5cb454068252442924f04a265874f41380b4830f4637
PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.
f324c19dbb506141832f85077a736850e56b7b492f689c7d1dbbcc19a71e156e
Nocc v0.9.5 contains cross site scripting vulnerabilities which allow an attacker to take over a victim's e-mail account and/or perform actions against the victim's will, by simply sending a malicious e-mail message to the victim. Fix available at https://nocc.sourceforge.net.
9dc7f58e6a84de7afd3c2dc0c1c01e0a92637f30032701f1adde85a1090db208
fopen(), file() and other functions in PHP have a vulnerability that makes it possible to add extra HTTP headers to HTTP queries. Attackers may use it to escape certain restrictions, like what host to access on a web server. In some cases, this vulnerability even opens up for arbitrary net connections, turning some PHP scripts into proxies and open mail relays.
5290e8e6790626ca08c64a22a15bf3eaf5ff02cbf45a8623f2fd9c85f94d348f
Lynx prior to v2.8.4rel.1 contains a vulnerability which allows a web site owner to cause lynx to download files from the wrong site on a webserver with multiple virtual hosts because lynx fails to remove or encode dangerous characters such as space, tab, CR and LF before constructing HTTP queries.
76cadd36c69520fb9295e1e9db5a96658f1721be3a8c838c891d9f76c4a927ae
FUDforum is templatable forum with i18n support based on PHP and either MySQL or PostgreSQL. It has got two security holes that allow people to download or manipulate files and directories outside of FUDforum's directories. One of the holes can be exploited by everyone, while the other requires administrator access. The program has also got some SQL Injection problems.
e64f483bbd2b238d0b033fe09136f94a50002a78eace341308a2309094a7302c
Double Choco Latte, a project management package, contains remote vulnerabilities which allow any file on the webserver to be read and cross site scripting bugs.
acb217fc6a980bd564416b4953fee5ba579712a79602d438e7328d8eb8697b65