There appears to be a vulnerability in how Microsoft Internet Explorer handles (or fails to handle) certain combinations of nested OBJECT tags. This may lead to execution of code.
6880a1239046effd5defd553a873969d4f86cd06011c2e3d852b721791b32847RIblog suffers from SQL injection. POC included.
b37bde6ffa4540d6a62205acacb7eff62c9b79c4b495ebbfcc2e743f857b37e0Firefox 1.5.0.2 suffers from a buffer overflow which may lead to execution of arbitrary code. POC included that crashes firefox 1.5.0.2.
3bcdcf8e9858bdd514b50af3e51464c02f75764f9b25174f6b98fdc25bd86214Scry Gallery v1.1 suffers from XSS.
5927b3444ab2aa0d898c26b0ef9d345e7a28559c508e8b4b9e55d5d95279ff1fClansys versions less than or equal to 1.1 suffer from a PHP code insertion vulnerability.
29407a2b2f167f57c593bc3ae310f197012456c4a89fa12c3c9a270d54eb16baCoreNews versions less than or equal to 2.0.1 suffer from multiple remote vulnerabilities.
25de6652f5ae9f8c2ad915509e1b3624cbae55bceefc8ddcc5fbad143a0d620bThree vulnerabilities have been discovered in the Symantec Scan Engine which can lead to unauthorized access of critical data.
030a179c7996e7676ef83aab58100acfa484b11d85f5aa94d340a80dac313bcbSkulltag 0.96f and prior suffers from a format string vulnerability exploitable when a client passes a wrong version string.
62649cd57e18a1f22dddb4770c1e4efb93a0e15ae7ad93d2c1ab16515169b11cOpenTTD versions less than or equal to 0.4.7 suffers from several flaws.
a819727493428087200b3598dffc9d4dc2eb93491c611a3414bd30d2a2a7dc83TotalCalendar 2.30 suffers from a remote file inclusion vulnerability if register_globals = On.
1b720877142bcc02d5c11e21e8d3e6d589dcd24a3d0aac57eaf94436de1b1030FileLodge Bolt suffers from XSS in showonlineusers.php.
53e0689da7ea262cfba9282b818852e6227d5d5d8e3e6766ba4056dbb29e78beFenice - Open Media Streaming Server suffers from a buffer-overflow in parse_url and a crash in RTSP_msg_len.
97fd1021667245b031e7494691930e013c6617a325f7eb3099dd728b0863d800The recent exploit provided by aliHackers for VWar (VWar ver 1.21 Remote Code Execution Exploit ) has also another affect on the higher unptached versions of vWAR such as v1.5 and also on versions less than 1.2 . Apart from the successful code execution exploit even if the exploit fails still running the following code on the web browser shows the full path of the installed modules even if the remote php shell is not achieved.
d98282e373a41ebc4911fdf1334453f7ce03792cd17661405fcdf8ac04983e8aNSFOCUS Security Advisory (SA2006-02): IBM AIX mklvcopy Local Privilege Escalation Vulnerability
62545be78e2bdd657ef035511e3d0d122ea36c621b5faa8bea8ca547dd698287NSFOCUS Security Advisory (SA2006-03): IBM AIX rm_mlcache_file Local Race Condition Vulnerability
b78993d91feb9e19859cc9ecd3706f50c6b1b0f2cba30dad4fbd09d467c5de4cQuick 'n Easy FTP Server pro/lite suffers from a stack overflow when logging unicode.
5d0f58169dc6c03be6787b48959c3c6fb409f2d8fffc8273a09e5e26e90c04c9Multiple browsers Windows mailto protocol Office 2003 file attachment exploit: Application protocols handling in Microsoft Windows is badly designed, i.e. when someone types mailto:someone@somewhere.com into a browser the protocol is first looked up under HKEY_CLASSES_ROOT\%protocol%\shell\open\command, if it is a protocol that is allowed under the current user context then the value is simply replaced by the contents in the address bar at %1.
e9d335bf8d915cd060f8c111a59da1d0d42a6dbbbd5cadd09f58e5c92e11646fApple Mac OS X Safari 2.0.3 Vulnerability: A vulnerability exists in Safari 2.0.3 (417.9.2) and perhaps in prior versions which causes the operating system to slow down SRCOD (Spinning Rainbow Cursor Of Death), and therefore, it's not possible to launch any applications like Terminal to kill the process. After several minutes Safari crashes.
1b1b00d7a05322c9df74a0bf3744fc5fa2b4665c1d920ba9ac0ca53cb19b8700A buffer overflow vulnerability exists in the implementation of split() function in NASL. This causes nasl to consume a large amount of CPU and memory resources and stop responding. Execution of arbitrary commands on the vulnerable host may be possible. This affects Nessus 3.0.2, 2.2.7 and prior releases.
68a5c54fa28164efc323ca5826b72c0f02880ab4074690d5a28896ac257ac42bDCForumLite v3.0 suffers from XSS and SQL injection.
cc138d465fdf4a8e66d3961835ac5dd07e981b0f08d86bf4f50d45f9d68f0e1bInvision Power Board 2.1.5 and possibly earlier versions suffer from a flaw that could allow for remote code execution.
faceaa034a8ec3401f7b815e0ab17e115e8eea2f2bde4b80846bc9695d108006NextAge Shopping Cart suffers from XSS.
6ed1ea598389e542615d527b1e1f906d2c62c4f76c2340a4b854259f8e67d2a2photokorn 1.53 and 1.542 suffer from SQL injection.
b6f9cba84ee82a8e0b0806540daf45e32b4d31b9dfffdfd4a37ef8b014a84e95PhpWebFtp v2.3 suffers from multiple XSS vulnerabilities.
52c3c9539f9c8c690302211547cb89b2e70d232bf6cb56b17ed896729148ab00Instant Photo Gallery suffers from XSS.
cd0f466de4a727ce28cf3b5a9a1ff5c30c20f902e1c76b31d810d24cc4bd0ff3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed