Secunia Security Advisory - Chris Steipp has reported some vulnerabilities in PatchLink Update Server, which can be exploited by malicious people to conduct SQL injection attacks, manipulate certain information, and potentially compromise a vulnerable system.
8de5227f0252db1822a96d8871c4f91e89ae5ad294d891eed46ab3ec4e1662d6Secunia Security Advisory - Apple has issued an update for Mac OS X, which fixes multiple vulnerabilities.
023d75c045931ea136f455acc881f48c3138e7892dffc22fb373e26cef081140Secunia Security Advisory - Mandriva has issued an update for mutt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
bc15159ec8d8f02f74fa9e76c4f874b9ee1cea5ad29b171c7d1cfb04efcb759fSecunia Security Advisory - luny has reported a vulnerability in PHP/MySQL Classifieds Script, which can be exploited by malicious users to conduct script insertion attacks.
17862de0cdf684e9fe664e19c4e6d271f03465f5399a0bdb97052b03fc0e0002Secunia Security Advisory - KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks.
bd940625f521d1ce18e097cfa59acbd1699ab234d5af3a59199712fe5993e4f9Secunia Security Advisory - Botan has discovered a vulnerability in PHP iCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks.
d73b14aa9ecf535ed2f0ddd2086b0ed9c5439c287fd6cea49159bf6db242bccbSecunia Security Advisory - rUnViRuS has reported a vulnerability in MKPortal, which can be exploited by malicious people to disclose sensitive information.
130c097f59440a2bcb8701749153dbac86ea05146dded7b1c9ad5c6aa44e59ffSecunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious users to bypass certain security restrictions.
3902c49b4dd5291ec748ad6f300d2c11f106f6595001c3565c5990947d04d5ddMicrosoft Outlook Web Access is vulnerable to an HTML code injection/cross site scripting attack. A malicous user could craft a mail containing HTML and Javascript code. Such code could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails.
dccfbc946917b8c4d45a7217924d48a440d871a4d69d0cbdf997231cd6903b20MyBB 1.1.3 suffers from cross site scripting
02593e619b497f64477fe47c68cdda55f9b82219e889a8db18f9a9c03232be35Hanaro Search suffers from cross site scripting
7c07151188639bae810aefe451feda3e692030173f7fb09f71f56b130567596aUsenet Script v0.5 suffers from cross site scripting in index.php
1ccc621b4089584ddd76df052fc4861b60845bbcc2632642bd2c35ce5cb5d1ffWinged Gallery v1.0 suffers from cross site scripting
2b28ffb3f73ead59c1df5a1909f5e2aec4d49f2bd23334dafdc770f2cab1da2cApple Open Directory Pre-Authentication Denial of Service: A denial of service condition exists in slapd (OpenLDAP-2.2.19) during the anonymous bind operation. By sending a malformed ldap-bind message, the slapd server can be forced to abort
d9553f5df18483b93dbebdc0884e1242dbb918c1e00d9668340b5b3a8f0e9f9eCisco Security Advisory: Access Point Web-Browser Interface Vulnerability: The Cisco web-browser interface for Cisco access points contains a vulnerability that could, under certain circumstances, remove the default security configuration from the managed access point and allow administrative access without validation of administrative user credentials.
859665dfe1c85f40a979f9ca36b048dd0a83308ea7421fb15d991ac3cae9b180Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System
30b1c1d3922d75b004336cf7173601ec3300f0b854269945b3afb020eeb58508OpenPKG Security Advisory OpenPKG-SA-2006.011 - The Portable Network Graphics (PNG) [1] library contains a vulnerability caused by a potential sprintf(3) related buffer overflow.
8071437e497695cd666fb98667d1187ce2643a3e0816095481e038b740d89d9cSecunia Research 28/06/2006: Opera SSL Certificate "Stealing" Weakness - Secunia Research has discovered a weakness in Opera, which can be exploited to display the SSL certificate from a trusted site on an untrusted site.
a3d06dc28b9a3860f0785ca6c06ab1785ff2b547543ae217f9b6eafa812ca22aMandriva Linux Security Advisory MDKSA-2006-114: Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code.
fb5bf8bd015ec069bbe71c5e1381a6ac1d81e7da580af58984884a9cfcf53158Mandriva Linux Security Advisory MDKSA-2006-113: Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Tetex contains an embedded copy of the GD library code.
65d1ad94500b01309e4f5fdd0aa0e88857564c61654b75ee36db1006e80664d9Mandriva Linux Security Advisory MDKSA-2006-112: The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
0742d372f21535a306ff7393bc568a090f427c13a2d69119edad8097713dc60aA format string vulnerability was discovered within etrust Antivirus 8.0. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service.
904184d605233967c52fd67cc3154342d54a0fa06cabd165e584e86fee6cb3b3smartsite cms v1.0 suffers from a remote file inclusion vulnerability.
838ce200bdbeb0af6705849afacc47faa7637c3069a163fa2eb27216c118e948Codewalkers ltwCalendar 4.x suffers from a SQL injection vulnerability.
14c4a543df895e011a180eaa4ad6d126004f65fa383265dc4a31510315e02864The Quake 3 engine version 1.32c revision 803 suffers from several vulnerabilities which may allow a malicious quake server to compromise a users system.
91f59db2395e25a3d9afea9c61641c3801bc21cad8841138c59b9a967cb72a9f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed