Liferay Enterprise Portal is said to be subject to multiple cross site scripting flaws.
6a406562d84aca76726075d51e3b23200851d5566a3bce7dbf86b4d418ad6b38A vulnerability, caused due to an unspecified error within Xconfig, has been discovered in Exceed versions 9.x. When exploited, local users can bypass certain restrictions.
ed2ff2c4f566f565d33db59092d739c063a6c615a912c4ac303918b0f624d4d2An ActiveX Control provided by Symantec Norton Antivirus 2004 contains a remotely exploitable DoS condition. In order to trigger this vulnerability, malicious website administrators must induce Internet Explorer users to view a specially crafted web site, which will consequently consume a lot of system resources.
b8d95ab82a67ea2b5d834503696acb10b2db9577517d8d464b4f51e4ac230bb8ucd-snmp versions 4.2.6 and below suffer from a buffer overflow on the command line when the daemon is spawned.
24514b893dcbc9255cf0b3b4192324d7c0f00059646711e8fb3fc0a35111ed7cAll versions of e107 have a vulnerability that allows html tags and content to be posted to the stats page and to be listed under Referers. This allows an attacker to put any site link or code they want on the list of Referers.
3d071845699b3f18e1a62591cd0f475ad46e2ef07f146eec7372ff10fd3ab1a3Microsoft Windows Explorer suffers from a flaw where it will execute underlying files when they are linked in html pages.
fa8e114e14244e1f93821759c64b4ffa1f4446012b15d9869310e70a1b766d32libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.
fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.
f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88Sun has released an advisory regarding Java Secure Socket Extension. Versions 1.0.3, 1.0.3_01, and 1.0.3_02 of JSEE allow malicious web sites to impersonate trusted web sites.
851e00d7595e3609cd0d8cb1108c79639bd8caa83fc7bef870c762fbbbc6dff7Zen Cart version 1.1.2d fails to properly validate user-supplied input and in turn allows remote attackers the ability to perform SQL injection attacks.
00045589f8f2e0543da948284faffdb7fa5dc401045ef97d927d197cb023d1bdWithin phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.
cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49cCertain system folders on Microsoft Windows XP are created referencing the shellclassinfo in desktop.ini, allowing for executables to be masked as elsewise.
a4456c08095c611bdcec5b288f26f62db8ddb5844e28427b806218b0eb3b2218Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1Blue Coat Security Gateway OS (SGOS) 3.x releases suffer from a private key disclosure vulnerability where the key and passphrase are stored in clear text when being imported via the web-based management console.
618fc697e20741645614005f71356499b25ff5da2c4770eaab63019f287b71c3Microsoft Outlook 2003 allows for a security zone bypass when an embedded OLE object with a reference to a Windows media file in a Rich Text Format (RTF) message is received.
5bf5bc65e12021c3781270decf58bd776d636f05498f59327d50d8ef47731e58Secure Computing has reported multiple denial of service vulnerabilities in their Sidewinder G2 firewall.
174e7ee25f3feb9fddbfa8a1396ac9d3eb41c7891c1870711074ce1e244ed73fSGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.
60b6fab3dcc07e154a22aa2c18072a5e408070846522782d959a9681d25da497ActiveState's ActivePerl version 5.8.0 and 5.8.3 on the Win32 platform seems to have a buffer overflow that allows for the crashing of Perl.exe.
cb74262362d1bc8c25961c0aed2a211fdd10c5d0201a54eb37c69c18a3cff6b0PHP-Nuke versions 6.x to 7.3 allow for possible file inclusion.
4d43d506de22ba54c5b3d72da244b7c2d217bc83ffb12200388c179db7006a74A vulnerability has been found in Microsoft Internet Explorer that allows an attacker to use a specially coded ImageMap to spoof the URL displayed in the lower, left hand corner of the browser.
8c3fdeaa071f14ee81765c1b6df9a48ff1f40f432e665e83159d54309433249dSafari versions 1.2 and below suffer from a vulnerability that can lead to remote arbitrary code execution via the runscript aspect of the HTML rendering functionality.
9e44db693ef039ea12ac05b37053e283a17b3e84e0532483b7f21b85bf1753f8WebCT is susceptible to cross site scripting vulnerabilities.
773b3e54431153fe94a1a32d6773c83940f16f7a00f8f405d5b7c3f5865313e0TTT-C is susceptible to multiple cross site scripting attacks due to the fact that it does not sanitize variables.
c91bdc0933621f5763fcee66756f8fc9671ef644afef3cba1e18de848a62e167NetChat, an application intended to allow users on the same subnet to chat with one another, is susceptible to a stack-based buffer overflow. Versions 7.3 and below are affected. The overflow allows for arbitrary code execution under the user running the application.
0b23d03452960631df48fd8aceeddd1515e1df9580a7a65525607ba2e60e0f00AUSCERT Advisory - A vulnerability exists in hardware implementations of the IEEE 802.11 wireless protocol that allows for a trivial but effective attack against the availability of wireless local area network (WLAN) devices.
a46c2a37097c474213beefb0ef777f388574dfbff75a232f91c1838edbf91fe4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed