Joomla A Cool Debate component version 1.0.3 suffers from a local file inclusion vulnerability.
e03c70e6830a95bd19a0e07f540b560e329839d04b516b6b4d70b54a2b1e42cbAiCart version 2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
d4064aee1d33bfdc3ab27932d8faf5714072e60f83af00d5db6703244d353e57The Joomla Free Consultation component suffers from a shell upload vulnerability.
3dbeac7570aba2a4d0b5f363f1566b067ea446a36bc5ef45143a9ba9b97b1057WeBid version 1.0.2 suffers from multiple cross site request forgery vulnerabilities.
05b7ea39d283319d934b014dec9d61011e8ed16e7a7ca7a370459f06d5a073bcImmoPHP version 1.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
05a327d6c96b95010a10c9c036e72076351356bc240c50e97f28b261444dcb68Miniblog version 1.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
8b565f2831b1710eebd03f8ffad05323b9419a9dbb712cca3ad4c811d6d17212VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer underflow error in the Object Linking and Embedding (OLE) Automation component when processing malformed Windows Metafile (WMF) data via the "_PictLoadMetaFileRaw()" function, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
0bcbe6ddf0f6d9f9565bd58d17901ffc57ad45dde4e3569f63328534b3f27176EQDKP Plus versions 0.6.4.5 and below suffer from a cross site scripting vulnerability.
72d9c8f4d6b72f953096a645576534585fea819967a019175610dd26f398afc1myBloggie version 2.1.6 suffers from a remote SQL injection vulnerability.
9100ce6e2002fd13b7e37a95eaf2aa28615a7922545368ed8f273d60567f928ae107 version 0.7.25 suffers from cross site scripting and remote SQL injection vulnerabilities.
508e2264de222779d99c876535fa46cd425719bf284a3b07ccab07ccbe1fd70dSecunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
e3fe3314d9ddb2f1d6f5503c0a2b1be127e29bd4960c5f6398ca301902d31727Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in e107, which can be exploited by malicious users to conduct SQL injection attacks.
6d185a8b7325a6e13da628f62531b50827d7cf3b20e8a97c75cb335faec2cf8bHP Security Bulletin HPSBUX02657 SSRT100460 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.
3ef8602f6dfa5b0b1dc32e28f78484581f6ab01005aa9deb6b822ca3df996745Mandriva Linux Security Advisory 2011-110 - Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
2fdbbf771f216ac57653ff70385e0996b57fbad35d9dd3b2bb53e51bd41d7159The Smart Communication Protocols and Algorithms (SCPA 2011) Call For Papers has been announced. It will take place December 5th through the 9th, 2011 in Houston, Texas in conjunction with Globecom 2011.
2d364a033aad26df0b00f9e7fb447a052e1e411cdc326d6b7a27b1aaeeb756abTaha Portal version 3.2 suffers from a cross site scripting vulnerability.
c0db6a706663ac481b133e17f3c955886ae9757b79682b088de95c62f8e61709HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#.
21b49d0423d9dfda5e5ab125414ed0306b679f58a4bc84e2b5e2625ab725378857 bytes small OpenBSD/x86 execve("/bin/sh") shellcode.
031406f5d641637744283f2f8f37b2fbe0869e2adeff064ca915a34de216ad54iDefense Security Advisory 06.14.11 - Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "DRCF" chunk. Specifically, when parsing a substructure inside of this chunk, it is possible to trigger a code path that leads to an incorrect string copy operation. The vulnerable code performs a certain operation on a heap-based buffer, which has the effect of overwriting the NULL terminator of the string in the middle of the copy operation. This will lead to an endless copy loop until the read operation hits the end of the memory segment. This operation writes beyond the allocated heap buffer, and can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
3b0ec1fef75086d0e796f5ce1dea0706958798bc9b403f2258059ba1d3e7612fiDefense Security Advisory 06.14.11 - Remote exploitation of a integer signedness vulnerability in Adobe Systems Inc.'s Shockwave could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when Shockwave processes a maliciously constructed "Lscr" record. This record can embed Lingo script code, which is Shockwave's scripting language. The vulnerability occurs when processing certain opcodes. Specifically, a 32-bit value from the file is used as an offset into a heap buffer without proper validation. When comparing the value to the maximum buffer size, a signed comparison is performed. By using a negative value, it is possible to index outside of the allocated buffer. This results in data outside of the buffer being treated as a valid pointer, and this pointer is later used as the destination of a write operation. This can corrupt an arbitrary memory address, which can lead to the execution of arbitrary code. Shockwave Player version 11.5.9.620 and prior are vulnerable.
952c40d913beb9b78faaad430aeb7a3d76e8f0453128f6534822d4e3d407462dSecunia Security Advisory - A vulnerability has been reported in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
c4900f6f71739d6e1e711dad69cd173b9ffebe097dafda9be5bc075b4d30198aSecunia Security Advisory - SUSE has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
8e067f3268d65ffbd5866153e41b44c1019700edaccada4ae5296369c4e7de88Secunia Security Advisory - Ubuntu has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).
6f3f402554469a8efda9cce183cf69977e9d9a50552acfcf88209429e6211f70Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, disclose certain system information, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
3faceb0ad836fc74828769f16d6231d174d879cb15be85b7261b84889c958188Secunia Security Advisory - SUSE has issued an update for groff. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
85fab29d10d54100e8fbd82d269b73105e01de15543ad9914fa2056275927413
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed