The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled.
This update adds Solaris support.
This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.
A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code.
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name.
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 18.104.22.168 and 3.x before 22.214.171.124 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server.
This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.