The Miva store has a flaw where tax calculation can be bypassed.
1d01c13dc921e88b57fdf3d00029318da56b748446d547d8daef6d751bd9f727iDEFENSE Security Advisory 05.24.05-5 - Remote exploitation of a denial of service vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service thereby preventing legitimate usage. Version 8.13 and 8.12 are confirmed vulnerable. Earlier versions may be susceptible as well.
d455c61f41de713d78f506feae80b9cdb938e88634bbc2cb59c35860836cbccfiDEFENSE Security Advisory 05.24.05-3 - Remote exploitation of several buffer overflow vulnerabilities in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The first vulnerability specifically exists in the handling of a long username to the LOGIN command. A long username argument of approximately 2,000 bytes will cause a stack based unicode string buffer overflow providing the attacker with partial control over EIP. As this vulnerability is in the LOGIN command itself, valid credentials are not required. Version 8.12 is confirmed vulnerable. Earlier versions may be susceptible as well.
9f4c8c937937e246b73f6c5f56b49c2fa4b93c73ae1086201553c84363cd706diDEFENSE Security Advisory 05.24.05-2 - Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s 8.13 IMail IMAP daemon allows attackers to cause 100 percent CPU use on the server, thereby preventing legitimate users from retrieving e-mail.
a5edfc0b27df6ff1737295a9fee8adc88a51d14e0d51929410345acc43a5b540iDEFENSE Security Advisory 05.24.05-1 - Remote exploitation of a buffer overflow vulnerability in Ipswitch Inc.'s Imail 8.13 IMAP server allows attackers to execute arbitrary code with System privileges. The vulnerability specifically exists in the handling of a long mailbox name to the STATUS command. A long mailbox name argument will cause a stack based buffer overflow, providing the attacker with full control over the saved return address on the stack.
b52c4eafcf24128417eb48204d02e859bd572c5f3adf53efcaf617cddcf64290A vulnerability in Halo: Combat Evolved versions 1.06 and below and Custom Edition 1.00 can be exploited by malicious people to cause a DoS (Denial of Service).
3bac6e930e7192cb2524eed969e3949d1fcc3673e20aaafdb5adefd1f157937fWebLogic Server and WebLogic Express, Service Pack 4, are susceptible to cross site scripting flaws.
2619b3310f3c47e89eec1626a229bb5d830f5decc8011308daf41b04d6db1c6aWebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.
4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003net-snmp fixproc contains a security flaw that allows a malicious local attacker the ability to execute arbitrary commands with root privileges.
e45fb19f19ec442e148803aa640b440b3b0b5470ff6e7fbd34aec296f42a3019Warrior Kings 1.3 and below and Warrior Kings: Battles 1.23 and below suffer from format string vulnerabilities.
f404dcbc41bc0647bdb271e3dc2e805c773c4f7afe035d0b957a73eae9ffdafdComputer Associates Vet library provides antivirus scan engine capabilities. Vet scan engines allow products to analyze various streams for malware. Vet is vulnerable to an integer wrap during the analysis of an OLE stream. The integer wrap causes an arbitrary heap overflow with no character restrictions allowing remote attackers control of the system(s) Vet is protecting.
c4e6ac4f3f3118a3c7dcd8f30132e256ee811e86703d139084b225e408b0b4fcCookie Cart Shopping is susceptible to remote password hash extraction.
0ce1029e80556b205972414f257b404113a48da5ea46e74dc6f33b41af192ce7This proof of concept explains how Microsoft WGA validation check can be defeated and any Microsoft product with the WGA validation feature can be run and installed on machines running a pirated copy of Windows XP.
f0ce619089e25cac5ce67e00f1bbdd6bcafd35a9367e9e68693cf0d792c122b2Microsoft ASP.NET Web Services have an unhandled exception that leads to file system disclosure and SQL injection attacks.
236c5cf9bbf6b70888b54d9a9318d4f0f4cfc9764531136f0d161c981e0f7f8cA Unicode buffer overflow exists in the handling of .mcw files in Microsoft Word.
bd6af65a00560736f607e17816c217de9f27ad59f1769adbd5fa1f8de4ff8e02Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
01dafcc1bc58909222ef4156137e400a52a279ca84e2d0c3ed11f3cd0a056652D-Link DSL routers suffer from an authentication bypass flaw.
01030e48e04783c5d62e6e5be6312ae735d07e23c4c8fdc75e726bbb3a6acd8dThe Apple OSX 10.4 Dashboard widgets allow system commands to be executed, which is normally not considered a vulnerability in itself as they run with the user's permissions. If the user has recently authenticated to perform a super-user function, however, Dashboard widgets can hijack these credentials by calling the system's built-in sudo command and execute arbitrary functions with full administrative privileges.
a50c6951f75d23dfbeceb299ee744c63c29ccd29bc3eed02301998c3ff432d0dSuccessful exploitation of Novell ZENworks allows attackers unauthorized control of related data and privileges on the machine and network.
675bd95a6c61ec70ddbfeed484b02dfcfb969f70e96bb8ec044f07d61ce04d33Debian Security Advisory DSA 724-1 - Maksymilian Arciemowicz discoverd several cross site scripting issues in phpsysinfo, a PHP based host information application.
65767afbf78d91bb37e2f35693b18b7120ff31d2ee8fe26cc12bd5542b8611c3MySQL contains a security flaw that can allow a local attacker the ability to commit SQL injection attacks.
a6162c7a6873c2af86c56725d216d20b2735c99db4b74692c0a079b627ea6131Technical Cyber Security Alert TA05-136A - Apple has released Security Update 2005-005 to address multiple vulnerabilities affecting Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service.
d3edf956afdc27eebd1ae3de94c8634a013a3e81aae7f454ddf34b6c3db5ec00DotNetNuke versions below 3.0.12 suffer from multiple cross site scripting flaws.
c2cd718a3f563a4496cb58b9ce3ec07339462cd89d63d0b53d80e0a555d3b950Woltlab Burning Board versions 2.x and below suffer from SQL injection flaws.
8aaa17b35fe9b9eb7bc37e0e67686aa8655bea20e33ffaf7572daeb02521c7f1OllyDbg INT3 AT format string vulnerability advisory. Version 1.10 is affected.
4e248085ea289108462324432c3a447b216daa32ef90603b528efb433b1b757d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed