Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.
294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
Mandriva Linux Security Advisory 2011-197 - Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service by sending many crafted parameters. The updated packages have been patched to correct this issue.
65c4b018cdfd49592c9f7dbcf34ecabd28e6273c44adf4c53cd71a54905612c5
Debian Linux Security Advisory 2263-2 - Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package.
b6fd5f67db4288edf661bbc8943258fa17410cbc92bcad67c9f6da86124d49ce
Debian Linux Security Advisory 2376-1 - It was discovered that OpenIPMI, the Intelligent Platform Management Interface library and tools, used too wide permissions PID file, which allows local users to kill arbitrary processes by writing to this file.
1792cce81ebb6c50f256dc4d012b7bb7f95b15fee06cdf02d505666c659648ca
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
eb0ab404a41e58a9c8d3dbaf9f79b310c14ffa514716f7e578dd2ae6d3777aad
Dede CMS suffers from a remote SQL injection vulnerability.
df03b2ebb7cfe88eb85c2bb352f38c18cfc7e408fab8b6125c050fcdea213b35
Rapidleech suffers from a cross site scripting vulnerability.
2f66024dbaf497388ab9cb2425d28e6a35d8224f0aacb201ccbc05aab073696d
The WordPress Facebook-Page-Promoter-Lightbox plugin suffers from a cross site scripting vulnerability.
5f3ad62542d3f82f4ad3a9b7972034eb047dbbf3cf236b13181a24be1cb0736a
Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Blog module for DiY-CMS, which can be exploited by malicious people to conduct SQL injection attacks.
07f1f300ddfbb6478b51a2a7a7621c85f5c6ee6b7e6bca783ddd9a09af94e18b
Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.
a2fce17c9cf03464633726694af6295906e5650b87b9b63aa6df3f74720b330d
Secunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious people to cause a DoS (Denial of Service).
4a2ac19c6da13d24fad94b3772255813440486cb2bb53265c54ecf6462b2d393
Secunia Security Advisory - A vulnerability with unknown impact has been reported in the Connections plugin for WordPress.
28be9d52b8bd3c09de12140b4a5072e9d012e792e2052823fb61d05935414c59
Secunia Security Advisory - Two vulnerabilities have been reported in op5 Monitor, where one has an unknown impact and the other can be exploited by malicious users to disclose certain sensitive information.
55b5faf29df0e97c988be26cdda20aab0c6de521037659c4b45e6a0b06cb3778
Secunia Security Advisory - A weakness and two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
a277cea7af4b387deb5cb0236404c6595b15b62839d7df3259e49a762b1deae9
Secunia Security Advisory - Two vulnerabilities have been reported in op5 Appliance, which can be exploited by malicious people to compromise a vulnerable system.
c7f3e961fc39ff594fe6fce250ca26f3902271954cd5e2eca01f0adefeba389b
Secunia Security Advisory - Oracle has acknowledged a weakness in Oracle iPlanet Web Server, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.
77d35fadfdce866909ddc3ae63459e420634532769f2b400a421e7399064677d
Secunia Security Advisory - A vulnerability has been reported in Neturf eCommerce Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
6f998b2b51ca3296875bdcec7ba68cc145be56bdb81f3c86ddfc38ea09f5fb00
Secunia Security Advisory - Alexander Fuchs has reported a vulnerability in Akiva WebBoard, which can be exploited by malicious people to conduct SQL injection attacks.
4302f066e5f240a0cc634f90c970cb52e67116fdb96d6de3c9183cf31bbda206
Secunia Security Advisory - A vulnerability has been discovered in Winn Guestbook, which can be exploited by malicious people to conduct script insertion attacks.
06108cba32738d8b4803ec2e61f25bf4b8fe84cb5613b324d1ab0637d920e4db
Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Blog module for DiY-CMS, which can be exploited by malicious people to conduct SQL injection attacks.
07f1f300ddfbb6478b51a2a7a7621c85f5c6ee6b7e6bca783ddd9a09af94e18b
Secunia Security Advisory - A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.
a2fce17c9cf03464633726694af6295906e5650b87b9b63aa6df3f74720b330d