XOOPS versions 2.x is susceptible to a cross site scripting flaw in the Dictionary module.
c9d74e35c666afa890dbfe02e5bd45d3a3948a68d94b538026df44d550bebca9Secunia Security Advisory - A vulnerability has been reported in Samba 2.x, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of client printer change notification requests. This can be exploited to crash smbd by sending a FindNextPrintChangeNotify() request without first sending a FindFirstPrintChangeNotify() request.
ee130cef4b714074de9166bee757621997f1bf5ef4e3f7f7b228aaffbbd958bbSecunia Security Advisory - A security issue has been reported in Smart Guest Book 2.x, which may allow malicious people to gain knowledge of sensitive information. The problem is that the database file SmartGuestBook.mdb by default is accessible by anyone. This may disclose various information including the administrative username and password by downloading the file from an affected web site.
b955a6994768bd799bfa35a4596aa97312a1d5f066225ce9b7d05858ff62ef93A vulnerability has been found in WS_FTP Server version 5.0.2. The problem is in the module handling the file path parsing.
0e9084f43b4dd2a738430735be464461a912bebcc7ffe06033f3e6e2a76d5da7Cute news versions 1.3.6 and below have a world writable news.txt file that allows for site defacement.
888f182df2b68a165e3e0b213cb4ae41f1446894967a95da68b89f850e712485Gentoo Linux Security Advisory GLSA 200408-27 - Gaim versions below 0.81-r5 contain several security issues that might allow an attacker to execute arbitrary code or commands.
b60403c853c18a5c0b61329b35794b50f6e063580ecc1b96de4158dca60f75f3Secunia Security Advisory - A vulnerability in Netscape can be exploited by malicious people to conduct phishing attacks. The problem is caused due to errors in the displaying of Java applets in a window when multiple tabs are used. This can be exploited to spoof the content of a HTML document from another HTML document being in a different tab. The vulnerability has been confirmed in Netscape 7.2 on Mac OS X 10.3.5.
c156bfd1618a6dc5ad052d0844d49de260fde926b32357fee71f463e842dafaeSecunia Security Advisory - A vulnerability in Network Everywhere Cable/DSL 4-Port Router NR041 allows malicious people to conduct script insertion attacks.
9a112b13d4c700c53499ba70b67a09d6ae6736e143c97ef7195074e130d0e605Gentoo Linux Security Advisory GLSA 200408-26 - zlib versions 1.2.1-r2 and below contain a bug in the handling of errors for the inflate() and inflateBack() functions, allowing for a denial of service attack.
5dd45523d1be0a0de8bc8b6b95ccd7dd19751763c9ebedbc759ab9feb8b48778Secunia Security Advisory - An unspecified vulnerability with an unknown impact has been reported in SugarCRM versions below 1.1f.
3b6fcca2858d32edd7ea58e9934867af995faa4b3c5cdc17c154b7c15cb98faaSecunia Security Advisory - Multiple vulnerabilities have been reported in iChain, which can be exploited by malicious people to bypass security restrictions and conduct cross-site scripting and DoS (Denial of Service) attacks.
9be23c6210d3b0740585b32e2b3e03963cf0d3c62fb6a2253fac624b9bd5e4e6Cisco Security Advisory - A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. This vulnerability affects all Cisco devices that permit access via telnet or reverse telnet and are running an unfixed version of IOS.
7d300bcc7b692206900f2d6cf794efe52fea14d569fa791d8f15d48c9d48615aGround Control II: Operation Exodus versions 1.0.0.7 and below is susceptible to a denial of service attack when a packet larger than the maximum size supported is received.
3aab2fa60104cbc914e3b25a83dfbf616abc2459c64bcf9311460f3abb7b0b10Gentoo Linux Security Advisory GLSA 200408-25 - MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users. Versions 1.2.2 and below are affected.
f04d90526276aee3d8576f9c89847d5e6577fa51274d45240a9db2d0f707a810Advisory addendum for the Winamp vulnerability where insufficient restrictions on Winamp skin zip files (.wsz) allow a malicious attacker to place and execute arbitrary programs.
d0b9121eb501f678eca87614f27cadf9bf2d44109ac70b814c9eb1b09cc86e2cSecunia Security Advisory - A vulnerability exists in GNU a2ps 4.x that allows local users to escalate privileges due to insufficient validation of shell escape characters in filenames.
a91ad13fc587ee3bc2dc23d7e93b275415f289ba7a22246614c1ad045d189616OpenBSD 3.5 is susceptible to a remote denial of service attack via a single ICMP echo request when set up as a gateway. Patch from OpenBSD included.
1859d246389547f208a64a5e998232a1a5254e1d8e3526ed6eecff6ec7a2f672Gaucho version 1.4 Build 145 is vulnerable to a buffer overflow when receiving malformed emails from a POP3 server. This vulnerability is triggered if Gaucho receives from the POP3 server, a specially crafted email that has an abnormally long string in the Content-Type field of the email header. This string will overwrite EIP via SEH, and can be exploited to execute arbitrary code.
bad2f2ceea309c37340f7b2126c6ee4bfceb4e9ad6e52b92245fda99089f03fcCisco Security Advisory: Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and authentication related vulnerabilities for the ACS Windows and the ACS Solution Engine servers.
6d030f78d216fb45b19f09f3821fa9cf7f724e6ed2a399b433e61b09fafd0dcciDEFENSE Security Advisory 08.25.04-2 - Exploitation of a buffer overflow in the libDtHelp library included with CDE can allow local attackers to gain root privileges. The vulnerability specifically exists due to a lack of bounds checking on the LOGNAME environment variable. Local attackers can specify a long LOGNAME to trigger a buffer overflow in any application linked with libDtHelp. The overflow is activated once the help subsystem is accessed by selecting any option under the Help menu.
4e0aced12468daa1bd790fda025e6ae00229c6c766c04cbfdc46ea9ccbd789c1iDEFENSE Security Advisory 08.25.04 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s WhatsUp Gold allows attackers to execute arbitrary code under the privileges of the user that instantiated the application. The problem specifically exists in the _maincfgret.cgi script accessible through the web server installed by WhatsUp Gold. By posting a long string for the value of 'instancename', a buffer overflow occurs allowing an attacker to redirect the flow of control and eventually execute arbitrary code. Fixed in version 8.03 Hotfix 1.
0ea91303c6cef00a91d278839e653ac5d8f44462a6f9b9b03560ebc10458660dIRM Security Advisory 010 - A bug exists in the Top Layer Attack Mitigator IPS 5500 software. In versions below 3.11.014, it can cause the IPS 5500 device to incorrectly enter an overload protection mode and negatively impact network traffic. In extreme cases, this can cause a denial of service condition. More than 2,000 concurrent HTTP requests can cause this condition to occur.
5fd5787749f2eb3da4b51617b7ecc4d5d1a285bb60b1a0746a2fcaa7b0f99339Secunia Security Advisory - Sourvivor has reported a vulnerability in Plesk 7.x, which can be exploited by malicious people to conduct cross-site scripting attacks.
4dcd2975870569afa4cadc62d4e5c9f43388c8204eccef813329b8fbf451da5dSecunia Security Advisory - ISS X-Force has reported a vulnerability in the NSS library included with various Netscape products, which can be exploited by malicious people to compromise a vulnerable system. Affected systems: Netscape Enterprise Server, Netscape Personalization Engine, Netscape Directory Server, Netscape Certificate Management System. Editor's Note: This advisory was posted because ISS refuses to grant Packet Storm permission to add their advisories.
a797eec259e149f15aa9e11995070349552e10f884bb788579738ede2148e430Secunia Security Advisory - ISS X-Force has reported a vulnerability in the NSS library included with Sun Java System Web Server, which can be exploited by malicious people to compromise a vulnerable system. System affected: Sun Java System Web Server (Sun ONE/iPlanet) 6.x. Editor's Note: This advisory was posted because ISS refuses to grant Packet Storm permission to add their advisories.
78ccd3aaf212c484b45d7cb421cd19bccfa5557bd78795ee4c2a562eba4f2d7a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed