[SECURITY] [DLA 359-1] MySQL 5.5 packages added; end of support for MySQL 5.1

Oracle, the upstream maintainer of MySQL, no longer supports MySQL version 5.1, which is included in Debian 6.0 "squeeze". MySQL 5.1 likely suffers from multiple vulnerabilities fixed in newer versions after the end of upstream support, but Oracle does not disclose enough information either to...

DLA-359-1 mysql-5.5 - packages as an option announcement

Bulletin has no description...

[SECURITY] [DLA 295-1] conntrack security update

Package : conntrack Version : 1:0.9.14-2+deb6u1 CVE ID : CVE-2015-6496 Debian Bug : 796103 "jann" discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets. In the version found in Debian 6.0...

DLA-295-1 conntrack - security update

Bulletin has no description...

Debian DLA-49-1 : acpi-support security update

During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user's environment. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to...

Bacula-web 5.2.10 SQL Injection

bacula-web 5.2.10 vulnerability Bacula-web is an web base application that provide you a summarized view all of the jobs bacula-director. title : Bacula-web 5.2.10 godork : "jobid=" bacula-web vulnerability : + Sql injection example : http://target.com/bacula-web/joblogs.php?jobid=99' PoC :...

Agora-Project 2.12.11 Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link:...

DSA-2928-1 linux-2.6 - security update

Bulletin has no description...

Debian DSA-2921-1 : xbuffy - security update

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for displaying message count in mailbox and newsgroup accounts. By sending carefully crafted messages to a mail or news account monitored by xbuffy, an attacker can trigger a stack-based buffer overflow, leading to xbuffy crash ...

Debian DSA-2800-1 : nss - buffer overflow

Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library nss. With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

DSA-2766-1 linux-2.6 - several

Bulletin has no description...

Debian: Security Advisory (DSA-2443-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2632-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

Debian DSA-2618-1 : ircd-hybrid - denial of service

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-2568-1 : rtfm - privilege escalation

It was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2568. The text...

Debian DSA-2509-1 : pidgin - remote code execution

Ulf Harnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. %NASLMINLEVEL 70300...

Agora-Project 2.12.11 - Arbitrary File Upload

Agora-Project 2.12.11 - Arbitrary File Upload Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link:...

Agora-Project 2.12.11 - Arbitrary File Upload

Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link: http://sourceforge.net/projects/agora-project/files/latest/download Version: 2.12.1112-2011...

Agora-Project 2.12.11 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: agora-project2.12.1112-2011 Remote Shell Upload Google Dork: n0 N0obs Date: 10/06/2012 Exploit Author: Misa3l Vendor Homepage: http://sourceforge.net/projects/agora-project/ Software Link:...

Debian DSA-2436-1 : libapache2-mod-fcgid - inactive resource limits

It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources. %NASLMINLEVEL 70300 C Tenable Network Securit...