Ubuntu Security Notice USN-723-1 - It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the Git web interface (gitweb) did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS. It was discovered that the Git web interface (gitweb) did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10.
17d62f357f88613408934998f6f8acba1f9c1576a46661f6c95411b81a97727f
smNews version 1.0 suffers from authentication bypass and column truncation vulnerabilities relating to SQL injection.
d6b75155ae09016fd8e1f67bc93f99e04d4acb7781f363113f4a0510cd11a0f5
Mandriva Linux Security Advisory 2009-042 - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. This update provides samba 3.2.7 to address this issue.
efb5f8b23c9eedd417563c173288af30bba7270229333d7b3a27d00d1092a230
Firepack remote command execution exploit that leverages admin/ref.php.
9f800e7811550ee7ca91685d945d94d78f45695c9afac4765475f0a9180ae474
The NetMRI login application suffers from a cross site scripting vulnerability.
5f012b9993fa93366127afce061d47cc8d93f6d1000505273f4cce2c073aff27
admagnet.com suffers from a remote SQL injection vulnerability.
20e334330d3ef3c19af98ea398d13e7b41f0f5e6a57314c92d3aaa8b295482e4
moneycontrol.com, a well known finance screener in India, suffers from a remote blind SQL injection vulnerability.
9c1cd8b331cee84b582fc88547729bdb80b81fadad7103982bc33613d29c8cd4
India's biggest hardware comparison website, compareindia.in.com, suffers from a remote SQL injection vulnerability.
f821f08efe58a7df57ee30d46c0247303db76a798e9b8a9a71d8c3f61d6513c5
mtvyouthicon.in.com, the site for the TV show, suffers from a remote SQL injection vulnerability.
b90d613ba357c3d06448e92dfeb2cc46a1298f4a0a69426f4a1438536b3fad55
bigboss2.in.com, the site for the TV show, suffers from a remote SQL injection vulnerability.
217062dc52bab5c9c4d8fc316ffb173f73d13db45beabfa3c9aac6cfa34347b3
SAS Hotel Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
585341fa02961eaffc8aa4656a64bf3e17d9e2a57f06258cd16f21e46151189c
This Metasploit module will escalate a Oracle DB user to MDSYS by exploiting a SQL injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that, the exploit escalates the user to DBA using "CREATE ANY TRIGGER" privilege given to the MDSYS user by creating an evil trigger in system scheme (2-stage attack).
84bfd4cbb0c258c978b6b3a520766d1e250483da872d06460174b4cdb2b222b5
Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
615bf8765d51992e9d5921c727dd13956a255f2d3e98d58a7689cf9cacce1d50
Secunia Security Advisory - A security issue has been reported in WebSphere Message Broker, which can be exploited by malicious, local users to disclose sensitive information.
8656c2abb7a6643b5ff3eed69bf3c4f73363cec32facba467475896d8573e6b0
Secunia Security Advisory - Ubuntu has issued an update for fglrx-installer. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
308d216a297bb0041e844ba21f0b662dc242e0734cdbb7e0324626ca972d10c3
Secunia Security Advisory - ZoRLu has reported a vulnerability in SAS Hotel Management System, which can be exploited by malicious people to compromise a vulnerable system.
5de8e16453046d88eb54d29550c4a6765d9d47da24b17c2a332358aa2ef7e6e2
Secunia Security Advisory - SUSE has issued an update for websphere-as_ce. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information, and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, conduct cross-site scripting and HTTP response splitting attacks, potentially hijack a user's session, and cause a DoS (Denial of Service).
6abc0b8d57cf8e5a68ad6f48d38587cdb88a14fc10a157152b22c238a0d8ae4b
Secunia Security Advisory - A vulnerability has been reported in Symantec Veritas NetBackup, which can be exploited by malicious people to compromise a vulnerable system.
6bfa574d825691ce0a15a8ec2015e69d56b55f8fb8a6505d4a6ec4d66fff2616
Secunia Security Advisory - Kevin Day has reported a security issue in djbdns, which potentially can be exploited by malicious people to conduct spoofing attacks.
3454d654b01589a0e2f5ad090efb1cb2f4419a8b8986ab03ccf7fae66da6fd92
Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and bypass certain security restrictions, malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and by malicious people to disclose sensitive information, conduct session fixation attacks, cross-site scripting and request forgery attacks, bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system.
3aac417cacad07dc406ccb7d1319d6c546f163f3e3e47021d2a1975457112c13
Secunia Security Advisory - A vulnerability has been discovered in TPTEST, which can be exploited by malicious people to compromise a vulnerable system.
e7c8cb5feceefd73e0a29d1dfac6bcbf121c82217d431989c55799dc6b61042f
Secunia Security Advisory - A vulnerability has been reported in phpDenora, which can be exploited by malicious users to conduct script insertion attacks.
7ee53391b86f00a6e2937303aa89ba3c9b102fd875fa49009b30d95b676f5892
Secunia Security Advisory - A vulnerability has been discovered in RavenNuke, which can be exploited by malicious users to compromise a vulnerable system.
cecfd82b139a47ed36eae121994a0e2a212f422d7a1baa0dcd0d38ec232f2e3b