file security and bug fix update

5.04-21 - fix typographical error in changelog 5.04-20 - fix 1037279 - better patch for the bug from previous release 5.04-19 - fix 1037279 - display 'from' field on 32bit ppc core 5.04-18 - fix 664513 - trim white-spaces during ISO9660 detection 5.04-17 - fix CVE-2014-3479 cdfcheckstreamoffset...

[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-5.fc20

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

CVE-2014-3170

extensions/common/urlpattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character...

[SECURITY] Fedora 19 Update: rubygem-activerecord-3.2.13-2.fc19

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Design/Logic Flaw

HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to...

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

Joomla Health & Fitness Stats Persistent XSS Vulnerability

No description provided by source. Name : Joomla Health & Fitness Stats Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

Coppermine Photo Gallery <= 1.4.14 Remote SQL Injection Exploit

No description provided by source. ?php RST/GHC PRIVATE CPG 1.4.10 sql injection exploit Date: 17.05.07 bug: SQL injection in private album function through array indexes with COOKIE errorreporting EERROR; inisetmaxexecutiontime,0; intro; if $argc 4 print Usage: . $argv0 . host dir force table...

DMXReady Members Area Manager Persistent XSS Vulnerability

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: DMXReady Members Area Manager Persistent XSS Vendor url:http://www.dmxready.com/ Version:2 Price:295$ Published: 2010-09-06 GThanx to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic...

nginx 0.6.38 - Heap Corruption Exploit

No description provided by source. !/usr/bin/env python Exploit Title: nginx heap corruption Date: 08/26/2010 Author: aaron conole [email protected] Software Link: http://nginx.org/download/nginx-0.6.38.tar.gz Version: = 0.6.38, = 0.7.61 Tested on: BT4R1 running nginx 0.6.38 locally CVE: 2009-26...

Joomla SocialAds Component com_socialads Persistent XSS Vulnerability

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla comsocialads Persistent Xss Vulnerability Date : july 3,2010 Critical Level : HIGH vendor URL :http://techjoomla.com/...

Red Hat 8/9 Directory Server Crafted Search Pattern Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30871/info Red Hat Directory Server is prone to a denial-of-service vulnerability because the server fails to handle specially crafted search patterns. An attacker can exploit this issue to consume CPU resources with one...

pixelpost 1.7.3 - Multiple Vulnerabilities

No description provided by source. 1 +Exploit Title: pixelpostv1.7.3 Multiple vulnerabilities 0 0 +Date: 15/09/2010 1 1 +Author: Sweet 0 0 +Contact : [email protected] 0 1 +Software Link: http://www.pixelpost.org/ 0 0 +Download: http://www.pixelpost.org/ 1 1 +Version: 1.7.3 0 0 +Tested on: WinX...

Joomla Rapid Recipe Persistent XSS Vulnerability

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla Rapid Recipe Persistent XSS Vulnerability Date : july, 11 2010 Critical Level : HIGH Vendor Url :...

Microsoft IIS 4.0 - Buffer Overflow Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/307/info Microsoft IIS reported prone to a buffer overflow vulnerability in the way IIS handles requests for several file types that require server side processing. This vulnerability may allow a remote attacker to execut...

Bro - Passive Open-Source Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it ...

CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings...

CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings...

CVE-2014-3122

CVE-2014-3122 affects the Linux kernel local memory-management path. The advisory centers on the try_to_unmap_cluster function in mm/rmap.c, where the code path did not consistently lock pages, enabling a local user to trigger a memory-usage pattern that can force removal of page-table mappings a...

CVE-2014-3122

The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires removal of page-table mappings...