MaxWebPortal is vulnerable to a cross site scripting and SQL injection attack.
65e80d42d444a31c5162f9b48e912083c9be6b065c1960615740e01a0c6baed8PHPNuke versions greater than 6.9 are susceptible to SQL injection attacks that allow a remote attacker to get an administrator's hash to achieve to administrator access.
196be36424aa5fc3b4254f4bdc25f86db3c950d389530996b6ecc6b6df1a2e7eThe XBOX EvolutionX dashboard has buffer overflows in both the ftp cd and telnet dir commands.
6b4e49c31d53ebb03dac4396f78fe4b77535ff08bb9fdf19d236495f5e1c05d8Brinkster, the web hosting company, is susceptible to multiple attacks allowing remote attacker to retrieve other user's ASP source code, access to database files, and bypass of code controls.
20321697a1b31690cb24599aed57a01f74205775e8fa4851f50d9b0cbf5200ecA LoadLibrary / LoadLibraryEx weakness makes SSL on Internet Explorer very vulnerable to a DLL proxy attack. If exploited, unencrypted data can be intercepted before Internet Explorer uses the SSL module to encrypt the data.
603b345a2df31ce2b2a3c2928ac1cc29651e2a412f6171ef68b66484970e4e16The Red-M RedAlert wireless 802.11b/Bluetooth probe version 2.75 has multiple security issues. Any unauthenticated user can reboot the appliance through the webserver. The administrator's access is bound by IP address, allowing anyone coming in via NAT from a shared network the same levels of control. The device also filters out specific characters in SSIDs representing them all as a single space character.
71f2e6720e463278dc0da49ea24319c0a4bc4ce61c86960afea7ce164e6958ceeTrust Virus Protection 6.0 InoculateIT for Linux is vulnerable to various symlink attacks and also creates multiple world writeable files and directories that can lead to system compromise.
8b163eb967dcd0f8561591434297e9b857a280d9af0cc48874c8eca5debb3f11Nokia 6310i cellular phones (and possibly others like it) could be subject of a denial of service attack when invalid OBEX messages are sent to the phones' protocol handler. This attack results in the phone resetting, terminating any current operations. No device pairing is required therefore anyone in range of the phone could initiate an attack.
9cfbea225d202aee5698f1855d4076fa4a3b72eedbf0d7613f683cf859f02257Eggdrop IRC robots versions 1.6.x to 1.6.15 have a programming flaw that allow remote attackers to turn on share status, allowing for complete compromise.
0b1577d795dcba10443573e756575770ca4c02d6416e16106f8850386aa500c3PHP-Nuke versions 6.x through 7.1.0 are susceptible to SQL injection attacks.
4962278b44fd6ae11b16d0e252e35a512ae43148f98b8d43daa77867c0f0b293A cross site scripting vulnerability exists in PHP-Nuke 7.1.0.
20ab7b5e841d9d4fb0e967215db2605948f0ef833bf39f0559bbbf06b316eec7Palace chat software versions 3.5 and below are susceptible to a stack overflow client-side when accessing hyperlinks.
6b59705371a6f396bf8cd5763612bbfe1c4172c46ed1a2384433e4941833b2fbDotNetNuke versions 1.0.6 to 1.0.10d are susceptible to file disclosure and cross site scripting attacks.
53e05d2df3888af46549f045b457473e3f5a8930124b0e49bf694ced25fafb8eIf configured with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth, Apache-SSL 1.3.28+1.52 and all earlier versions would permit a client to use real basic authentication to forge a client certificate.
451c67a07615fb41c04236b83880095a572fd4760c9b81fc36692baed757e5a0S-Quadra Advisory #2004-02-06 - A backdoor exists in CactuSoft CactuShop 5.0 Lite shopping cart software that allows a remote attacker to delete any file on the target system.
264371449a786722a768f921a478dfb456e426a3e7b10e8ae5eea3fc8f03d804A cross site scripting flaw exists in formmail.php.
d49f56633d701471196ff37392bfceff436e67bd19935a0a27674c25c4999346CERT Advisory TA04-036A - Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. This allows the attacker to take control of the firewall, and in some cases, to also control the server it runs on.
185ba52ee2244db8227bfa7c35e8337b0f6af6a360d2b7dd4c77a80b22414736FreeBSD Security Advisory FreeBSD-SA-04:02.shmat - A programming error in the shmat(2) system call can result in a shared memory segment's reference count being erroneously incremented. It may be possible to cause a shared memory segment to reference unallocated kernel memory, but remain valid. This could allow a local attacker to gain read or write access to a portion of kernel memory, resulting in sensitive information disclosure, bypass of access control mechanisms, or privilege escalation.
f7980b18cb45849dee668cc1f8462772ff11b36dfae7efe38bc3e239fcbc054cXlight FTP server version 1.52 is susceptible to a denial of service attack.
511b209bcb63756b0f54e17bbd6805e98022cf7a5b59c6d33db5ead77bd28491iDEFENSE Security Advisory 02.04.04: Remote exploitation of a denial of service condition within GNU Radius can allow an attacker to crash the service. The problem specifically exists within the rad_print_request() routine defined in lib/logger.c.
27e5d61d8aa96ef31e1857babed89baabfb9f8676fbbbaca5f84f097f8158e8aIBM cloudscape SQL Database (DB2J) version 5.1 on Windows with jdk 1.4.2 is vulnerable to remote command injection, denial of service attacks, and information leakage via specially crafted SQL statements.
c978f42930b6ec8b774c8919d065e66eb3f5f2a2502016807c1aba06dba01d78NGSSoftware Insight Security Research Advisory #NISR04022004a - By crafting malformed .RP, .RT, .RAM, .RPM or .SMIL file, it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player.
08c196447e2192d2c612710832b2422a990dbc5bd70ac8d47941a572f399a72aA cross site scripting vulnerability exists in the rxgoogle.cgi utility. Patch included.
022463e79ee629b878bc318a032bd03483c447129593257ae5eb4f3b28807b11Pine Digital Security Advisory PINE-CERT-20040201 - The shmat(2) function has a flaw that allows local users to achieve escalated privileges. Vulnerable systems: FreeBSD versions 2.2.0 and greater, NetBSD versions 1.3 and greater, and OpenBSD versions 2.6 and greater.
a574248c2ca40bfc4b92b9ac9a645d17d7ca2b2477dbce0dd28b3dd3e9b6ce84TYPSoft FTP Server 1.10 for Windows 9X and WinNT is vulnerable to a denial of service attack when a blank username is supplied.
6742b201cd2b6ef95b013bdd107bdd1bd745427ac9b35928d0acd2abe70ad198
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed