Packet Storm's last 100 added files.
Last Updated: Sun Oct 12 16:36:51 EDT 2008


[ emf_MS08-046.rar ] c4289869ff9a6d71f21cb8d81ceba238 Microsoft Windows EMR_SETICMPROFILEA heap overflow denial of service exploit.  
[ minipub03-multi.txt ] b45f5a70ef5f931fbac4a17d52c9f24b mini-pub versions 0.3 and below suffer from local directory traversal and file disclosure vulnerabilities.  
[ apm-sql.txt ] cf487f2d827950a7047d52750e013765 Absolute Poll Manager XE version 4.1 suffers from a remote SQL injection vulnerability in xlacomments.asp.  
[ cubecartcms-sql.txt ] 901bd6b5ab81e07d465b727228451401 This is an old SQL injection vulnerability for CubeCart CMS that has further details on exploitation since the original report surfaced years back.  
[ dsa-1652-1.txt ] 4520f2c53bb975e87a87c6d05c09fa11 Debian Security Advisory 1652-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.  
[ dsa-1651-1.txt ] 63d28120a31c0be95f7949e1de96a531 Debian Security Advisory 1651-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.  
[ dsa-1650-1.txt ] 548a3c635a49653c55dcc7248955421f Debian Security Advisory 1650-1 - Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests.  
[ MDVSA-2008-210-1.txt ] 06dd87708ce37a3441979abe0dfdb2c1 Mandriva Linux Security Advisory - CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. This update was too late for inclusion in Mandriva Linux 2009, so it is being released now for that version.  
[ MDVSA-2008-211.txt ] 869230af219e9221f53868047fa06838 Mandriva Linux Security Advisory - A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed. An integer overflow flaw leading to a heap buffer overflow was found in the Text-to-PostScript texttops filter. An attacker could create a malicious text file that could possibly execute arbitrary code if the file was printed. Finally, an insufficient buffer bounds checking flaw was found in the HP-GL/2-to-PostScript hpgltops filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code if the file was printed. The updated packages have been patched to prevent this issue; for Mandriva Linux 2009.0 the latest CUPS version (1.3.9) is provided that corrects these issues and also provides other bug fixes.  
[ dsa-1646-2.txt ] db72af7c11346b839c9aaceb342e2df5 Debian Security Advisory 1646-2 - In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server. Due to an error in packaging and in testing, the updated packages did not correct the weakness. An updated release is available which corrects the error. A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.  
[ cabrightstor-exec.txt ] 69624d203a69ee3ff823212da88e2365 CA BrightStor ARCServe BackUp is an overall data backup solution. The RPC interface of CA BrightStor ARCServe BackUp does not handle user's input exactly that allows anonymous attacker to inject any command, a remote code execution attack may achieved through this way. Details are provided. CA BrightStor ARCServe BackUp version R11.5 is affected.  
[ joomlajeux-sql.txt ] 547973dcd068393998bff7ce8537a3c3 The Joomla Jeux component version 1.0.0 suffers from a remote SQL injection vulnerability.  
[ joomlavideos-sql.txt ] 68294a5af4ac34c805d4c3c970c66997 The Joomla Videos component version 1.0.0 suffers from a remote SQL injection vulnerability.  
[ joomlaphotos-sql.txt ] fba62c45aae33e98387cb60a99da79df The Joomla Photos component version 1.0.0 suffers from a remote SQL injection vulnerability.  
[ joomlaflash-sql.txt ] 1cd4fd875f6b2d420f96137f2904d182 The Joomla Flash component version 1.0.0 suffers from a remote SQL injection vulnerability.  
[ joomlaownbiblio-sql.txt ] 02f0c578d5317a89f9e93a633d059252 The Joomla ownbiblio component version 1.5.3 suffers from a remote SQL injection vulnerability.  
[ eebcms-xss.txt ] 77b9cb0b8ec92353e4aaf877403723a3 EEB-CMS version 0.95 suffers from a cross site scripting vulnerability.  
[ slimcms-escalate.txt ] cffe1244aa00974fd691e407e35f88fc SlimCMS versions 1.0.0 and below privilege escalation exploit that uses redirect.php.  
[ ZDI-08-067.txt ] 9926adae42bd4b463869d0112262dd6b A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid.  
[ CVE-2008-3271.txt ] a9c8cfb4dcf837a9ee60e24750725363 Apache Tomcat versions 4.1.0 to 4.1.31 and 5.5.0 suffer from an information disclosure vulnerability.  
[ joomlamad4-sql.txt ] 5fa1cadbaf046e77b4c9f2081b6a1312 The Joomla mad4joomla component suffers from a remote SQL injection vulnerability.  
[ joomlaignite-sql.txt ] fa106f99174d37512a46277250c38020 The Joomla Ignite Gallery component version 0.8.3 suffers from a remote SQL injection vulnerability.  
[ easynet4ulink-sql.txt ] 487c026f6efd6e494e36d7397edd2ab9 Easynet4u Link Host suffers from a remote SQL injection vulnerability in directory.php.  
[ easynet4uforum-sql.txt ] 928f0ddb6926d93238f24b6ee2abd9a8 Easyney4u Forum Host suffers from a remote SQL injection vulnerability in forum.php.  
[ easynet4ufaq-sql.txt ] 9cc64dc7b6c8489a5010135e78380e25 Easyney4u FAQ Host suffers from a remote SQL injection vulnerability in faq.php.  
[ USN-651-1.txt ] fbeea18b968c1f91ed1ae05a465069a5 Ubuntu Security Notice 651-1 - A large amount of vulnerabilities have been addressed in Ruby. These issues include integer overflow, bypass, input validation, and various other vulnerabilities.  
[ nokiaminimap-crash.txt ] 293a495754bfe9bb14d7dd9474da0ddc The Nokia Mini Map Browser suffers from a silent crash vulnerability.  
[ FSC20081009-11.txt ] 628af77713856e077db65ab767d82779 A vulnerability has been discovered in the Tape Engine component of CA ARCserve Backup. Insufficient input validation when processing remote procedure call (RPC) requests is the cause of this vulnerability.  
[ FSC20081009-12.txt ] 244cf771a1069b5574ae72a7a89d427e A vulnerability has been discovered in the DB Engine component of CA ARCserve Backup. Insufficient input validation when processing remote procedure call (RPC) requests is the cause of this vulnerability.  
[ ayco-sql.txt ] ba3551b29d205af08534e78b3e3c43ba Ayco Okul Portali suffers from a remote SQL injection vulnerability.  
[ munzursoft-sql.txt ] 4a40ca511d902137636de8485d0070a0 MunzurSoft WEP Portal W3 suffers from a remote SQL injection vulnerability.  
[ noticeware5122-dos.txt ] 9c15de5468ae536d792ecb2df3894627 Noticeware Email Server version 5.1.2.2 pre-auth remote denial of service exploit.  
[ scapy-2.0.0.10.tar.gz ] 41834e40e531b1b51911e34dafb6049e Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc. 
[ caarcserve-dos.txt ] 3d3a5ef9e28febb30c8e338d187c076a CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.  
[ glsa-200810-02.txt ] 8b3fc0142e706b0bc424bf0de635b50a Gentoo Linux Security Advisory GLSA 200810-02 - A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories. The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python code using python -c, which includes the current working directory in Python's module search path. For several ebuild functions, Portage did not change the working directory from emerge's working directory. Versions less than 2.1.4.5 are affected.  
[ scriptsezid-download.txt ] 743858016ca8218a915bd9d56d6b4da7 ScriptsEz Easy Image Downloader suffers from a local file download vulnerability.  
[ scriptsezmhp-lfi.txt ] 586f9b29aa86f65e1e1125e400fd21b7 ScriptsEz Mini Hosting Panel suffers from a local file inclusion vulnerability in members.php.  
[ metasploitSMB.pdf ] f92ea60895c7f0b1166eb1fe380c08bb Whitepaper discussing how to exploit vulnerable SMB instances on Microsoft Windows XP using Metasploit.  
[ stash103exp.txt ] ff8f795d430ca06e630097a349e0ac3a Stash version 1.0.3 user credential disclosure exploit that leverages a SQL injection vulnerability in admin/login.php.  
[ mswingdi-poc.txt ] ad71fd33c2f1ef5c1573277e5d716a91 Microsoft Windows GDI+ proof of concept exploit that takes advantage of the vulnerability listed in MS08-052.  
[ cameralife-sqlxss.txt ] 7fc958adf7d808e0b7ee46f1cfe75bab Cameralife version 2.6.2b4 suffers from SQL injection and cross site scripting vulnerabilities.  
[ SSRT080099.txt ] e41a3e41c12ed4aacb9e65ddbc1a2496 HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS).  
[ SSRT080046.txt ] 2c42be5796f5be939d3a7312bce7f855 HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS).  
[ aradcenter-sql.txt ] f9ec882e862659af1eb95d8d7ba0cc81 Arad Center suffers from a remote SQL injection vulnerability in news.php.  
[ persiantools-sql.txt ] d90998db611fdd856f5abd5cc286dd03 Persian Tools Gallery suffers from a remote SQL injection vulnerability.  
[ PR07-31.txt ] 23b9151851dd72ce243438b8d000a287 Remote SQL injection, cross site scripting, and user enumeration vulnerabilities exist in DPSnet Case Progress.  
[ fc2blog-xss.txt ] 6b573496d3cfbd908d8216024d10e00e FC2 BLOG suffers from a cross site scripting vulnerability.  
[ joomlajoomtracker-sql.txt ] 9561d8d61b54eb371f55c76186d490c6 The Joomla Joomtracker component version 1.01 suffers from a remote SQL injection vulnerability.  
[ kusaba2-exec.txt ] 4cf7bafca57be8b7ce3419583eaeec1d Kusaba versions 1.0.4 and below remote code execution exploit. Second version.  
[ kusaba1-exec.txt ] 15c3428f6f9dfdfc5332f5bd47b586d9 Kusaba versions 1.0.4 and below remote code execution exploit.  
[ gforge46-sql.txt ] 1f2e125fea2ee1b9c63fd8fa93b09db4 Gforge versions 4.6 rc1 and below suffer from a remote SQL injection vulnerability.  
[ gforge4519-sql.txt ] 088e26d8067b867fc9e3b3dcf5fc7fd4 Gforge versions 4.5.19 and below suffer from multiple remote SQL injection vulnerabilities.  
[ bf10BETA.tar.gz ] 7554fb43fd5260e4617844780003e5c3 BF stands for Browser Fuzzer. BF is a web browser fuzzing tool that fuzzes HTML and Javascript.  
[ ZDI-08-066.txt ] 790b589691739a22d568d3f8cff2837c A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x24 via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an under-allocated heap buffer. This fault can be leveraged to result in arbitrary code execution.  
[ ZDI-08-065.txt ] 1022b2e1574faf9e1fb4e47cd4adc33a A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. This fault can be leveraged to result in arbitrary code execution.  
[ ZDI-08-064.txt ] 424cbdd3ba7f5b2e1149ba96e69d5355 A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. The service copies the contents of the Accept-Language header within a SOAP request into a fixed-length buffer without any bounds checking. If an attacker sends a specially crafted request it will trigger an overflow during a memory copy operation leading to arbitrary code execution under the context of the SYSTEM user.  
[ ZDI-08-063.txt ] b5bd70f449849cc7f79a158d7d2476ba A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. While parsing the Content-Length header within a SOAP request an integer overflow can occur. This integer overflow triggers a subsequent overflow during a memory copy operation leading to arbitrary code execution under the context of the SYSTEM user.  
[ dsa-1649-1.txt ] de994baacd30c719fd3c122572aac0ba Debian Security Advisory 1649-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.  
[ dsa-1648-1.txt ] eff079919b84da8bf8550b76282317c2 Debian Security Advisory 1648-1 - Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks.  
[ graphviz-overflow.txt ] f0a4b70321287389f5f51e6a368aeb51 A vulnerability exists in Graphviz's parsing engine which makes it possible to overflow a globally allocated array and corrupt memory by doing so. Version 2.20.2 is affected.  
[ webbiscuits-rfirfd.txt ] 30cf9841334774068e0177366eeab12d WebBiscuits Modules Controller versions 1.1 and below suffer from remote file inclusion and remote file disclosure vulnerabilities.  
[ hispahtextlinksads-sql.txt ] e29bbecb943c0b7dfbfebf7db12747eb HispaH textlinksads suffers from a remote SQL injection vulnerability in index.php.  
[ RFIDIOt-Windows-0.1t.zip ] a7a4e3b0ba7e1b5f8e1b8b96189091ea RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version. 
[ RFIDIOt-0.1t.tgz ] 5dd4e1541593508aeab0d368c4904466 RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). 
[ joomlaexchange-sql.txt ] 42d7205e3341026c9581a654ab41eaf1 The Joomla Community Exchange component suffers from a remote SQL injection vulnerability.  
[ cisco-sa-20081008-unity.txt ] 4e943339baab177bbe32d6930c37358d Cisco Security Advisory - A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.  
[ calexpress2-sql.txt ] a865ef8263cbdfbd4243dcba19f26c35 Calendar Express version 2 suffers from a remote SQL injection vulnerability in week.php.  
[ adman-sql.txt ] c7340d083ed81147ac5b9012a4b9e9b7 AdMan version 1.1.20070907 suffers from a remote SQL injection vulnerability.  
[ webapps-attack.txt ] 164c6cfb057d53c06f32e9c6b55a4c63 Fucking the Web Apps - LFI #1. Written in Spanish.  
[ konqueror-crash.txt ] 52f4d7d30c3492bae3b2ea4fadd8d281 KDE's Konqueror version 3.5.9 suffers from multiple crash vulnerabilities.  
[ phpclass-sql.txt ] d2bc6f65093383a036a70a2c98e46025 PHP Classifieds suffers from a remote SQL injection vulnerability.  
[ advisory_W021008.txt ] e490214eb95d7caee876f060c592f734 Microsoft Windows Kernel is prone to a local privilege escalation due to an integer overflow error within the IopfCompleteRequest function. This vulnerability may allow attackers to execute arbitrary code in the kernel context, thus allowing to escalate privileges to SYSTEM.  
[ symantec-sql.txt ] ef16b31b7105b7cec71e83409d69257d Symantec.com suffers from a remote SQL injection vulnerability.  
[ Churrasco.zip ] a133719375519c641a32b7c2aef28d45 Elevation of privileges proof of concept exploit for Token Kidnapping on Windows 2003.  
[ mspicturepusher-activex.txt ] e1f8c99859657f73cccceac5d901f662 Microsoft PicturePusher Active-X cross site file upload attack proof of concept exploit.  
[ dffphp-rfi.txt ] 96a8b371b2d4f81a2cb4e8a958f15f36 DFF PHP Framework API (Data Feed File) suffers from multiple remote file inclusion vulnerabilities.  
[ torrenttrader-blindsql.txt ] b1b2e0ea45b400aafbc40093fcb76dbd TorrentTrader Classic versions 1.04 and below blind SQL injection exploit.  
[ SSRT080122.txt ] 9cf9544b2507acc6211fa9850b7ca520 HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited remotely to create a Denial of Service (DoS).  
[ OPENX-SA-2008-002.txt ] 6f13f7bb5547834ad9a269e36edb1412 OpenX versions 2.6.1 and below and versions 2.4.8 and below suffer from a blind remote SQL injection vulnerability in ac.php.  
[ built2go-sql.txt ] c220b2733ab0cfbc697d66c17a50800a Built2Go PHP RealEstate version 1.5 suffers from a remote SQL injection vulnerability in event_detail.php.  
[ glsa-200810-01.txt ] 547905300ed3e6f108e4b728585eb32e Gentoo Linux Security Advisory GLSA 200810-01 - Multiple vulnerabilities were found in WordNet, possibly allowing for the execution of arbitrary code. Versions less than 3.0-r2 are affected.  
[ dirTraversal.txt ] b931800f5bd30d6bd489d21dffb589f4 This is a list of fuzzing vectors used in order to trigger directory traversal vulnerabilities. It is quite a huge list composed using different encodings and bizarre attack patterns reported in several vulnerability advisories.  
[ phpautos-sql.txt ] 46fd8a3036ed8f73d2ef4d72a5ac48d4 PHP Autos version 2.9.1 suffers from a remote SQL injection vulnerability in searchresults.php.  
[ phpautodealer-sql.txt ] a007cd0cdcfb556a295ff17f90641e21 PHP Auto Dealer version 2.7 suffers from a remote SQL injection vulnerability in view_cat.php.  
[ phprealtor-sql.txt ] 6586d244b85d6183756cdd4e44d8a2e5 PHP Realtor version 1.5 suffers from a remote SQL injection vulnerability in view_cat.php.  
[ yourownbux40-sql.txt ] faaf213bfe88ad82f9c024d1f324d19e YourOwnBux version 4.0 suffers from a remote SQL injection vulnerability.  
[ dsa-1647-1.txt ] 41b85b8e7c18a09d3e9187df40fd9209 Debian Security Advisory 1647-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language.  
[ dsa-1646-1.txt ] 6ef54cd10cf22b7a45cecb2af95702d0 Debian Security Advisory 1646-1 - A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.  
[ hostadmin-rfi.txt ] 09abd822b4908ca60a868f092e7f6261 HostAdmin versions 3.1.1 and below suffer from a remote file inclusion vulnerability.  
[ skype-poc.txt ] 59f27694a1183559717e98992ac684f3 Skype extension for Firefox BETA version 2.2.0.95 Clipboard writing vulnerability proof of concept exploit.  
[ joomlahotspots-sql.txt ] faf5e9c80c03ab01b9f32f80340d1b1c The Joomla com_hotspots component suffers from a remote SQL injection vulnerability.  
[ yerba-multi.txt ] 08b8f67a5e5dc2ab0826dfbe93f68d9c Yerba SACphp versions 6.3 and below suffer from login bypass, database download, and other vulnerabilities.  
[ sacphp.txt ] 8db5ac674c4dd4e2e29dce7d9fe40bbc Yerba SACphp versions 6.3 and below local file inclusion exploit.  
[ apple-store.txt ] d4bd986357144dbbc77a2f924357767a Apple's Mail.app does not store S/MIME encrypted emails securely in the Drafts directory on server. Version 3.5 is affected.  
[ cmme-disclose.txt ] c0dd8f01bef55cc5449f3f93bcf549df CMME versions 1.19 and below suffer from multiple information disclosure vulnerabilities.  
[ dsa-1645-1.txt ] e8d344c305809ff14e11e18fcae68145 Debian Security Advisory 1645-1 - Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.  
[ dsa-1644-1.txt ] 63d8bdd15952341d8b15445ba1e16b00 Debian Security Advisory 1644-1 - Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file.  
[ dsa-1643-1.txt ] 5117ac099afbaf76d8ba3f92087f33f1 Debian Security Advisory 1643-1 - Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks.  
[ phpfusiontris-sql.txt ] 7179eea011d2ebd20c445bbe54280ce2 The triscoop_race_system module form PHP-Fusion is susceptible to a remote SQL injection vulnerability.  
[ phpfusionrecept-sql.txt ] 1ca6370bfdea447bdf7ce773c9b41698 The recept module form PHP-Fusion is susceptible to a remote SQL injection vulnerability.