UBUNTU-CVE-2015-4644

The phppgsqlmetadata function in pgsql.c in the PostgreSQL aka pgsql extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service NULL pointer dereference and...

php5 -- multiple vulnerabilities

The PHP project reports: DOM and GD: Fixed bug 69719 Incorrect handling of paths with NULs. FTP: Improved fix for bug 69545 Integer overflow in ftpgenlist resulting in heap overflow. CVE-2015-4643 Postgres: Fixed bug 69667 segfault in phppgsqlmetadata. CVE-2015-4644...

Fedora 20 : php-5.5.24-1.fc20 (2015-6399)

16 Apr 2015, PHP 5.5.24 Apache2handler : - Fixed bug 69218 potential remote code execution with apache 2.4 apache2handler. Gerrit Venema Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 67626 User exceptions not properly handled in streams...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The gda2-postgres package for the Debian GNU/Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Fedora 21 : php-5.6.8-1.fc21 (2015-6407)

16 Apr 2015, PHP 5.6.8 Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 68021 getbrowser browsernameregex returns non-utf-8 characters. Tjerk - Fixed bug 68917 parseurl fails on some partial urls. Wei Dai - Fixed bug 69134 Per Directory...

Fedora 22 : php-5.6.8-1.fc22 (2015-6195)

16 Apr 2015, PHP 5.6.8 Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 68021 getbrowser browsernameregex returns non-utf-8 characters. Tjerk - Fixed bug 68917 parseurl fails on some partial urls. Wei Dai - Fixed bug 69134 Per Directory...

CVE-2014-9576

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

Hardcoded credentials

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

CVE-2014-9576

VDG Security SENSE formerly DIVA 2.3.13 has a hardcoded password of 1 ArpaRomaWi for the root Postgres account and !DVService for the 2 postgres and 3 NTP Windows user accounts, which allows remote attackers to obtain access...

DEBIAN-CVE-2014-6395

Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the...

THC-Hydra 8.1 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

LinEnum - Local Linux Enumeration & Privilege Escalation Checks

LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...

Leszek Krupinski L-Forum 2.4 Search Script SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the...

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...

John the Ripper Postgres SQL Password Cracker

This module uses John the Ripper to attempt to crack Postgres password hashes, gathered by the postgreshashdump module. It is slower than some of the other JtR modules because it has to do some wordlist manipulation to properly handle postgres' format...

[SECURITY] [DSA 2950-2] openssl update

------------------------------------------------------------------------- Debian Security Advisory DSA-2950-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 16, 2014 http://www.debian.org/security/faq - -...

openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)

Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...

CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

Information disclosure

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...