PYSEC-2015-34

The buildindexfromtree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree...

UBUNTU-CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in librawcxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service application crash and possibly execute arbitrary code via a malformed full-color 1 Foveon or 2 sRAW image file...

DEBIAN-CVE-2012-3508

Cross-site scripting XSS vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email...

PT-2011-5168 · Php · Phpids

Name of the Vulnerable Software and Affected Versions: PHPIDS versions prior to 0.7 Description: The issue allows remote attackers to bypass rulesets and add PHP sequences to a file due to improper implementation of Regular Expression Denial of Service ReDoS filters. Recommendations: For versions...

PT-2011-1125 · Red Hat · Libvirt-Devel +5

Name of the Vulnerable Software and Affected Versions: libvirt versions prior to 0.9.0 libvirt-debuginfo versions 0.8.1 libvirt-devel versions 0.8.1 libvirt-python versions 0.8.1 libvirt-client versions 0.8.1 Description: The issue affects the libvirt package in Red Hat Enterprise Linux,...

WebPortal CMS 0.6.0 - index.php SQL Injection

WebPortal CMS 0.6.0 - index.php SQL Injection !/usr/bin/perl -w WebPortal CMS If we select an inesistent id of a mod, it'll try to include it. So we have a warning error with the hash!. use LWP::UserAgent; if @ARGV new or die "-LWP::UserAgent error.\n"; $b-agent'Mozilla/4.0 compatible; MSIE 7.0;...

PT-2007-3801 · Phpmychat · Phpmychat

Name of the Vulnerable Software and Affected Versions: phpMyChat version 0.14.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter in the phpMyChat.php3 file. However, it has been disputed by multiple third parties because the $ChatPat...

CVE-2006-6161

Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 uid parameter to a inout/status.asp, b inout/update.asp, and c forgotpass.asp. NOTE: The provenance of this information is unknown;...

PT-2005-1795 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal version 0.10.9 Description: A issue in the JXTA dissector of Ethereal allows remote attackers to cause a denial of service, resulting in an application crash. Recommendations: For Ethereal version 0.10.9, at the moment, there is no...

DEBIAN-CVE-2004-0998

Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code...

Insecure file permissions in the Firefox browser for Linux >= v0.9

after installing firefox many of the permissions are set to 777, allowing anyone on the system to change the contents of the executable files. this first occured in the 0.9 release in the tar.gz release as well as in the installer. the problem or is it called a feature now? still exists in the...

New CesarFTP v 0.99g DoS

just thought that, since you seemed interseted in the topic earlier, I would e-mail you this exploit. I don't think that it's going to get patched anytime soon anyways, so it doesn't matter. I haven't tested remotely network trouble but I would like to get some info back on your results. I can on...

PT-2002-2929 · Wsc · Web Server Creator - Web Portal

Name of the Vulnerable Software and Affected Versions: Web Server Creator - Web Portal WSC-WebPortal version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the l parameter to customize.php or the pg parameter to...

security flaw

Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code while Ethereal is parsing keysyms...

Microsoft Dynamics CRM 2015 Email Router Update 0.1

Microsoft Dynamics CRM 2015 Email Router Update 0.1...

PT-2004-3765 · Gtk+ · Gtk2 +1

Name of the Vulnerable Software and Affected Versions: gtk2 versions 2.4.4 and earlier gdk-pixbuf versions prior to 0.22 Description: The issue is related to multiple vulnerabilities in the gtk2 and gdk-pixbuf packages, which can lead to disruption of confidentiality, integrity, and availability ...