iDefense Security Advisory 03.02.07 - Remote exploitation of a denial of service (DoS) vulnerability in Kaspersky Lab's Antivirus could allow an attacker to conduct a DoS attack on a targeted host. The antivirus engine is vulnerable to a DoS condition when processing an executable packed with UPX compression. Malformed compressed data causes the decompression routine to enter an infinite loop. Specifically, a negative data offset results in the same compressed data chunk being processed endlessly. iDefense has confirmed the existence of this vulnerability in Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux. Previous versions may also be affected. Any products that use the scanning engine are also affected, which includes the Kaspersky e-mail gateway scanner.
5e275b972a87d0c7aeeabf2ce2da830267094953cd811b1a7e697e79f8be856c
Woltlab version 2.3.6 appears susceptible to cross site scripting vulnerabilities.
11a1e44675916282f1ffcdaf859755752fde518f59512989e0f4c48dab8fa0b3
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. Tomcat JK Web Server Connector version 1.2.19 and 1.2.20 are affected. Tomcat 4.1.34 and 5.5.20 are affected.
90ac43490f4525e25bb3660c57860eb488ad69e34585be64b3e14e78e15b8b87
Mail Enable Professional/Enterprise version 2.32 through 2.34 (Win32) remote exploit. Binds a shell to port 1337.
d6aed800fc5e11948e268ef3396c66fbfe126cef44542ce029e6669cd269b2d2
DBImageGallery version 1.2.2 suffers from remote file inclusion vulnerabilities.
f8a6169314cf886704e5d46dd4aef43ea1962caa9351b89f763508083c20388a
SPAW Editor PHP Edition versions 1.2.3 and 1.2.4 suffer from a remote file inclusion vulnerability.
4dd387f5ffaec616da03e2089b6c4486e7ce512fa512a0dd05f393dd9a6b58b4
Knorr.de suffers from SQL injection vulnerabilities that allow for login bypass.
d25aed4ce39fceef244cae04079f443cd907ded0e24c91d6a97e2f80db85b25f
vBulletin version 3.6.5 suffers from a cross site scripting flaw in its RSS feed functionality.
c6cc1fe24c95c249c717bdd415beea89cc8f598c702ed7297a4e2af04fd83ada
Ubuntu Security Notice 428-2 - USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to library paths caused applications depending on libnss3 to fail to start up. This update fixes the problem.
42cd23bd84427f82a2192eb1748bf1b8f5290b5b59539086412aa6673395abdd
Gentoo Linux Security Advisory GLSA 200703-06 - An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Versions less than 10.0 are affected.
8b0c658d7aaa2eedf0059bd0e56e1a17aa0c1d4c59dae8d8119e8b51bc667e4b
Gentoo Linux Security Advisory GLSA 200703-05 - Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Versions less than or equal to 1.7.13 are affected.
b43d91fab139a2a88f8e69efe7525babed92ba1e001af5241abde5a612c65c18
Gentoo Linux Security Advisory GLSA 200703-04 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. Mozilla Firefox also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. Versions less than 2.0.0.2 are affected.
f824210be570f79159b5e50e532fc69afe69865942bf86c2b96a7c39aeeceee8
Gentoo Linux Security Advisory GLSA 200703-03 - An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the id parameter string used to create local files when parsing MIME headers. Versions less than 0.90 are affected.
ee2f7987c5622a444e724df0a1937039cce5cef60caad53d51b3cff4af7e1eb5
Gentoo Linux Security Advisory GLSA 200703-02 - SpamAssassin does not correctly handle very long URIs when scanning emails. Versions less than 3.1.8 are affected.
ef4e276f8c7ffb074f754c18437dfb161e077e39cd5e2dcda1e8c1b73651c094
Gentoo Linux Security Advisory GLSA 200703-01 - The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Versions less than 2.6.1.3 are affected.
99507aca92ca229eb2729ba7030aca79d9b1f335fbe3a25202f659984e2d7a69
Built2Go version 1.0 suffers from cross site scripting vulnerabilities.
6ec0f67f8f996935163b2e66e6eaafc77817049f3d5ba360122f52422a0a206a
aWebNews version 1.1 suffers from a remote file inclusion vulnerability.
21cf3c73efad19114dca97b59c0731ff14670ba31868c2b13f6300d208e75ddc
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
08a0255b4f6bdc4312eea6c118e79ecf684aed10640b45037d9dc5890c7687be
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
a16cbe19ea03b93a174d731bf1aba5205e2f4480a7118129eda6b0cb7c7b39bb
SIPcrack is a SIP protocol login cracker. It contains 2 programs, SIPdump to sniff SIP logins over the network and SIPcrack to bruteforce the passwords of the sniffed logins.
fb62d98c201b4fba469621bb55d9b2fbc6978f6b3a39048f7ed39f50ff3afc05
Simple script that updates Nmap's data files and sticks them in a given directory or cwd.
888a480574d678d09e7f5762eda112ca471b4b9afe20e5cbd7ed82e66808de5f
WordPress versions 2.1.0 and below suffer from cross site request forgery with cross site scripting vulnerabilities. Oh, the madness.
f4eda6cdc00d698f5247183a33eee544a1b137e2366e811d36479867f926bd74
Serendipity version 1.1.1 suffers from a SQL injection vulnerability.
c74dd442aaac7c6daa7faf6d317215be052ad477e91b4db04866b8a7580b457f
WB News suffers from a remote file inclusion vulnerability.
bfa5175c6aad1aa9f9342d0c2219df9a5cc56b471c4de2b619f33895a735c34c
Angel LMS version 7.1 suffers from a remote SQL injection vulnerability.
c27594fcc35b3cf24a6d9e52bf0c74e8c65a6eea3a58eb662db1517786b82bed