[SECURITY] Fedora 22 Update: rubygem-activerecord-4.2.0-2.fc22

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

[SECURITY] [DLA 406-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-11 CVE ID : CVE-2016-2039 CVE-2016-2041 Several flaws were discovered in the CSRF authentication code of phpMyAdmin. CVE-2016-2039 The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values...

BSQLinjector - Blind SQL Injection Exploitation Tool

BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application. Options: --file Mandatory - File containing valid HTTP request and SQL injection point SQLINJECT...

DEBIAN-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

UBUNTU-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

DEBIAN-CVE-2015-8380

The pcreexec function in pcreexec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegE...

PCRE 'pcre_exec' Function Denial of Service Vulnerability

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in the 'pcreexec' function in versions of PCRE prior to 8.38, which stems from the program's failure to...

PCRE 'match' Function Information Disclosure Vulnerability

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in the 'match' function in the pcreexec.c file in versions of PCRE prior to 8.37, which stems from the...

PCRE Denial of Service Vulnerability (CNVD-2015-07884)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle the '/? :|a|100x...

UBUNTU-CVE-2015-8382

The match function in pcreexec.c in PCRE before 8.37 mishandles the /?:abcd|?:?:?:?:abc|?:abcdefbabcdefghiabc|ACCEPT/ pattern and related patterns involving ACCEPT, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service partially initialized...

Drupal Monster Menus Module Information Disclosure Vulnerability

Drupal is an open source content management framework written in PHP, which consists of a content management system and a PHP development framework. Monster Menus module for Drupal is a module for developing Drupal 6 and Drupal 7 versions of Drupal. An information disclosure vulnerability exists ...

CVE-2005-0256

The wufnmatch function in wufnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service CPU exhaustion by recursion via a glob pattern with a large number of wildcard characters, as demonstrated using the dir command...

LMD - Linux Malware Detect

Linux Malware Detect LMD is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and...

sewing.patternreview.com XSS vulnerability

Vulnerable URL: http://sewing.patternreview.com/cgi-bin/loginform.pl Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 18:53 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

TestLink 1.9.13 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type ...

Updated pure-ftpd packages fix security vulnerability

Updated pure-ftpd packages fix security vulnerability: It was reported that the process handling a user session could be crashed by trying to match a file pattern longer than the maximum length for a path...

MGASA-2015-0355 Updated pure-ftpd packages fix security vulnerability

Updated pure-ftpd packages fix security vulnerability: It was reported that the process handling a user session could be crashed by trying to match a file pattern longer than the maximum length for a path...

Google Analyticator Multiple XSS Vulnerabilities

Proof of Concept URLs for XSS in Google Analyticator 6.4.9.4: Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator Parameter Name gaadsense Parameter Type POST Attack Pattern x'" onmouseover=alert9 Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticato...

OpenSSH < 6.9 Multiple Vulnerabilities

According to its banner, the version of OpenSSH running on the remote host is prior to 6.9. It is, therefore, affected by the following vulnerabilities : - A flaw exists within the x11openhelper function in the 'channels.c' file that allows connections to be permitted after 'ForwardX11Timeout' ha...