Secunia Security Advisory - Multiple unspecified vulnerabilities have been reported in IceWarp 1.x through 5.x Web Mail, which can potentially be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, access sensitive information, and manipulate the file system.
86c6387d579030f9a351128ed48bb42d89598447d40d17ff06be88c479550ad5Secunia Security Advisory - Microsoft has released an update for Exchange Server 5.5 SP4. This fixes a vulnerability, allowing malicious people to conduct script insertion attacks. The vulnerability is caused due to an input validation error in a HTML redirection query. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website when a malicious entry is viewed. This vulnerability affects Microsoft Exchange 5.5 with Service Pack 4.
5d77c2dd825577cb210bef5a0a740d0a2789a0d5983874b737d7c8a2b8ce49f9Corsaire Security Advisory - Sygate Enforcer releases prior to 3.5MR1 allow unauthenticated broadcast traffic to pass through.
21d9a16475777b2c30bcd941e5e7faebe82c5cfe876f2a8709cdc45163e95f60Corsaire Security Advisory - Sygate Secure Enterprise versions prior to 3.5MR3 are susceptible to a replay attack that allows for resource exhaustion.
9518fde350500d8f1f17561d136500ea61cea2c37c0fb9f6ff05042d4ef28006Corsaire Security Advisory - Sygate Enforcer 4.0 and prior releases are susceptible to a denial of service attack via malformed discovery packets.
c0ffd3b2d0fc4b2f508557dda3a080b8daea38175bc4d73cf4d1a38f69678deeSun Security Advisory - A vulnerability has been reported in Solaris, which can be exploited by malicious people to cause a denial of service. The vulnerability is caused due to an unspecified error within the processing of XDMCP requests. Successful exploitation crashes the X Display Manager (xdm).
d8594b78d07db731b421e611b465e7cfd6c24a98820e9b94586a6a54688b4f21Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Clientless VPN Gateway 4400 Series, where some have an unknown impact and others can be exploited to conduct cross-site scripting attacks or manipulate users' signon information.
9f378f5658ca011e27d688e95c4f9924e0ea4e96411f0cce90a32c64bfe2df2eGentoo Linux Security Advisory - Horde-IMP fails to properly sanitize email messages that contain malicious HTML or script code so that it is not safe for users of Internet Explorer when using the inline MIME viewer for HTML messages. Versions below and equal to 3.2.4 are vulnerable.
338772f1964e654a99b8dc4a6f0e980ac1e4a7ea73c917388191d47d8380d55fHP Security Bulletin - A potential security vulnerability has been identified with HP Process Resource Manager on all OS versions running PRM C.02.01[.01] and prior. HP PRM is also used in Workload Manager, so this also affects WLM version A.02.01 and prior as well. This vulnerability could potentially be exploited to corrupt data on a system running PRM.
9f424afbc0a755d466b6bc6755b91cb3ab370a97e4a5a25e37abdd2b2a137e37Core Security Technologies Advisory ID: CORE-2004-0714 - Cfengine is susceptible to multiple vulnerabilities. Two were found in cfservd, a daemon which acts as both a file server and a remote cfagent executor. This daemon authenticates requests from the network and processes them. If exploited, the first vulnerability allows an attacker to execute arbitrary code with those privileges of root. The second vulnerability allows an attacker to crash the server, denying service to further requests. These vulnerabilities are present in versions 2.0.0 to 2.1.7p1 of cfservd.
972d6fe44e1fb797e09e548c7999686a7e9c3eebf006c0c00a601a175aa174e5Special requests using PHP on Apache go unlogged and cause a segfault. Tested systems: Windows / Apache 1.3.31 / PHP 5.0.0, Windows / Apache 1.3.27 / PHP 4.3.3, Linux / Apache 1.3.24 / PHP 4.2.
0d6e35558759b1bdcd894b8bb220468dfd6b6bf378afd89402c3fdd83f660625Typepad weblogging service is susceptible to a cross site scripting flaw.
11a5c797b20a6de2049a9f83ce9f07498398ce19087e85ec4771c68b6709cfefMoodle versions 1.3 and below suffer from multiple cross site scripting flaws.
39474593751158e5581fbeb17433849d7501b0600c4082a99e0be49a561c7f56A buffer overflow vulnerability has been discovered in AOL Instant Messenger 5.x that can allow for arbitrary code execution.
29f13f59caac1ab84f3df01e8a06deb1d8cdc62ada4a2048e3186f5dbe2a3dd0By placing the preferences submenu in a K Menu, the SuSE YAST Control Center can be accessed with needing root authentication.
cbe7b887ed960f3dd38fae5615d2f3de63b570dc8ad5a6c8ea7580c13375ac81The info utility version 4.7-2.1 has an overflow that is exploitable if for some odd reason the binary was set setuid, which it is not by default.
54453499bb8d1e2d481e27a361533ef943a9ad8124e4e917e57e31c75263b064GreyMagic Security Advisory GM#008-OP - Opera versions 7.53 and below on Windows, Linux and Macintosh fail to block write-access to the often-used location object, allowing an attacker to gain immediate script access to any webpage.
8765dcc665909546b2b59b8c80d65a8f048fbdd0669c220a3a67b998755b8dc6iDEFENSE Security Advisory 08.05.04: Remote exploitation of a design error vulnerability in Thompson's SpeedTouch Home ADSL modem allows attackers to spoof TCP traffic on behalf of the device.
653fcb1bbf625b3e65af4a9e195107bc5841574aa4142b944adfe2ad76420bd1libpng version 1.2.5 is susceptible to stack-based buffer overflows and various other code concerns.
9fc510600a44d8e31608573552503b13a04a1c01395734a87d480c64618ef40cTechnical Cyber Security Alert TA04-217A - All applications and systems that use the libpng library versions 1.2.5 and below are susceptible to several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
2e6b583e3cd882338a1877dfdce7abe25d050a36cd02d978497fe119a07f1f64Free Web Chat suffers from both denial of service and resource allocation bugs.
b362a9f9b51a02212145eb681c34e6703a1ce8028a93fa4e37eeca36ea288982Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.
e6a95aba557fecb0404997af5ad693bdb744910e82a8e30d9cad43caeeb4742eJetboxOne CMS version 2.0.8 keeps system passwords in an unencrypted state and also has a remote code execution flaw.
b1e5dc4defffff99c27ff9d8f7a58a28058aa20c7886e2691265f0547b90ded7eNdonesia CMS version 8.3 is susceptible to full path disclosure and cross site scripting flaws.
60638bbb95e9a7ce651c3e384bfaaa636ff1aff85d2311db1f9d4c5907dfc386When over 40 connections are made to Webbsyte 0.9.0, the service crashes.
12c2dcce1b42eb0808a9da9ec432387ab867d5469e37f8251f8f8ea3d4e6ff64
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed