Secunia Security Advisory - Maksymilian Arciemowicz has reported some vulnerabilities in PostNuke, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and to bypass certain security restrictions.
7fc36021b3b3d623dc3ea2f4649581b8fa5da037450d0f7cdf07b72f832706aaSecunia Security Advisory - A vulnerability has been reported in CherryPy, which can be exploited by malicious people to disclose potentially sensitive information.
b820be2be77b44ed7e8d0b38947823ece4b99fa4e47faaedd2ab6841bc379226Secunia Security Advisory - l0om has discovered two vulnerabilities and a security issue in Guestbox, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and conduct script insertion attacks.
ca5668c160429c80534ce4cb2eef62c04d35f0740d37067bf2cbbfdbead575f7Secunia Security Advisory - Two vulnerabilities have been reported in PHP-Fusion, which can be exploited by malicious people to conduct cross-site scripting attacks.
2c9b5d0f392b496e05525b9f1e69bbb5ee667526ddcd637a6f1cc1a77fdee5fcSecunia Security Advisory - x128 has discovered a vulnerability in ilchClan, which can be exploited by malicious people to conduct SQL injection attacks.
3040fd056ced28c4c29ceeea64ef63fa77036fd300fba8bee5245b327640511bSecunia Security Advisory - Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system.
6c2391cac67f7d53edb05ec78876bf1c7c7a1fce60616166899a0fca3e321099Secunia Security Advisory - A weakness has been reported in Dropbear SSH Server, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
e4aa1525c65da37d5e8e7f591329764f8a3cb268f37b23e366566257a2ac4b98Secunia Security Advisory - pcps has discovered some vulnerabilities in Barracuda Directory, which can be exploited by malicious people to conduct script insertion attacks.
6038d0c874fa97150e36f0f48a8abd775474978548877ce1147925fdf2f88adfSecunia Security Advisory - SUSE has issued an update for gpg / liby2util. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
afdbbfe561a4939c2e617c70e7e5b50f98583a1626568252742ffd5e406bccb3Secunia Security Advisory - Gentoo has issued an update for openssh / dropbear. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
a865d132fb5cedf9d64c9264d1de7c30c0bf0543b5a28636aeaf4e4d3b27d607SUSE Security Announcement - With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct.
dbcd94580d937c8fdef6ffd158eb912f1108bcb0aa65778e07df99b105d01d9bSecunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
f61370fbbebc0b233634c48add43e1717d790ddf432d0c18c9d602041c886b71OpenPKG Security Advisory - An allocation off-by-one bug exists in the TIN [1] news reader version 1.8.0 and earlier which can lead to a buffer overflow.
64e27cc817d51c76569266a91682b2158159cd0d6564041947d43eeeac5e2676OpenPKG Security Advisory - According to vendor security information [0], privilege escalation vulnerabilities exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.
c40cab37f34f78513b56727208269fd48812b531d971509e3a808ace7e30a5b9Magic Calendar Lite suffers from an authentication bypass vulnerability.
6682f06fe6b89ff05adb4eea45cfea38d405f94dd88ecd9d3ecc03a73a4eb702TTS Software Time Tracking Software suffers from multiple vulnerabilities including XSS and SQL injection.
92b023be3b6678e1268a8ca48e3f664fac208f949fa14b224f3ed1e3c05f0ac8CALimba suffers from an authentication bypass vulnerability.
0495f9484c0b6d6baf8930666f3414bde78582337f38b55f25d0320a570add42PHP/MYSQL Timesheet suffers from multiple SQL injection vulnerabilities.
62a2a25c114d4ea7c4b1d95d6e4d484bfc89df8c72f9a056973523be384bac0eScriptme SmE GB Host suffers from an authentication bypass vulnerability.
f02c790b64c7675d20ff20e89902eec2bb8ca5ec5b8ce281d347eb210a5b96abScriptme products "SmE GB Host" and "SmE Blog Host" suffer from arbitrary script code insertion in the BBcode [url] tag.
19a3fa43bdd0dfcc8ede4249507fe15db1e263755f93bc20dab6246118b230f8Winamp versions up to and including 5.13 suffer from a .m3u buffer overflow vulnerability
e4574457d5bc6b9d0f12e56864b885fce741a0f53c0a098bee785a94b91de1dbIt is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.
b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19beIt is possible to gain administrative access on Kyocera 3830 printers by using telnet.
7aeebf751b381ae2252541ba8745ebca6d719e929fef24288eb300f0b88b85f5Security advisory for MS06-009 - Misuse of ShellAbout() API could allow elevation of privilege Affected system: Korean version of Windows XP, 2003 and Office 2003.
5040ef262c895b9b0fe3b2f1e23e354a9fc3d0a36e0d103507a8fd05a91fd8f5PLUS (PatchLink Update Server) version: 6.2.0.189 suffers from several bugs and security issues.
58baf2f29a5064e0b84a52fab2ed18a11b809e4bf44d324bf4320abd35865304
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed