A buffer overflow in libtelnet/encrypt.c in Inetutils and Heimdal implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key.



This update adds support for Debian and newer FreeBSD platforms.

Avid Media Composer is prone to a remote stack-based buffer-overflow vulnerability within the Phonetic Indexer (AvidPhoneticIndexer.exe) because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

This module exploits a path traversal vulnerability in Novell ZENworks Asset Management.



The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension.

This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port.

This module exploits a vulnerability in DameWare Mini Remote Control by sending a specially crafted packet to port 6129/TCP.

webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080.

The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution.

Buffer overflow in libtelnet/encrypt.c in various implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The vulnerability is a buffer overflow in TinyIdentD via a long string to TCP port 113.

Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to "query_engine", "query" is set to "none", and "search" is set to e.g. "1") is not properly sanitised in lib/functions.php before being used in a "create_function()" function call. This can be exploited to inject and execute arbitrary PHP code.

phpMyAdmin is vulnerable to a remote code execution due the use of the unserialize method on user supplied data. This data is written in the config file and is accessible from the internet by default.



This update adds support for Solaris and Mac OS X.