HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code
04478cd17b34dd049c0353a2e2e9d88667982fff97edaba6fd983857530148a5HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges
47c7bf9cc87b0a7ee0766b584ed63da8c200eeecfd3afe0dfa7ceff61988128bwwwthreads 5.4.2 and prior suffer from multiple cross site scripting vulnerabilities.
b1ef28726e07dc33340c8f3569cc4da231bb64cc5c52893a7b61da9838adb4d9PhotoStore suffers from multiple cross site scripting vulnerabilities.
e8597abd8eec3302faf3bce96bafc0ba96f43ea3472ceff15b78495aeb1f97e2Opial Audio/Video Download Management suffers from cross site scripting in index.php
325ddc04dd64f00aca912e982c6e54efd4992fb06eab091933e32ced03edf610toendaCMS suffers from a local file inclusion vulnerability.
cfa27594dce544149069606ee96212e6d3e43fd1b0ea6d67437daf4954d66b15RISE-2006002: There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
94ae7ebd3c47291aab33892e9d461968249c807d5246b761a801423c4e3cd32eMandriva Linux Security Advisory MDKSA-2006:169: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.7.
f33758df224b00509a71f9625a4e2c13401139dc010b8ab80ed346ac90633989Mandriva Linux Security Advisory MDKSA-2006-170: Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
fcc70de1f0b8fb80bc654cefe2ac26bf287436e8af4d86d1327518633d1cb206SUSE Security Announcement SUSE-SA:2006:055: If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.
8d222b929117b6ffaf793e8d87050c7a1e45882b6558aa5a8d06d705379ca1f6jevoncms (.inc) suffers from a path disclosure vulnerability.
04942ab2ced107cc8835e6631092fbdcfa1f8c6ee0483a8add86a62e2ae08cf9Plesk 7.5 and prior and 7.6 for windows suffer from an information disclosure vulnerability in the file manager.
bdd23e84ef0b4ca5190c3113a7d720f79eb92f19f1d7035510920a849629b192MySource Matrix versions 3.8 and below and MySource 2.x may be used as an unauthorized HTTP proxy.
9e44da0c3056acc315f38f8bf87e5f99cd7b2cc75d4f87e766cb0933ad2bbf9eContentKeeper 123.25 and below suffers from a design flaw in the user administration interface which reveals account passwords inside the HTML source code. Any authenticated user with appropriate access to the user administration page may use this information to compromise the accounts on other systems.
7fadf9fa09f5f30be956b15ebca46178ed641e6a8ee2f3737f361a88553df408Zachary McGrew has discovered and reported that the FiWin SS28S WiFi VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a hardcoded user/pass of 1/1. Various debug commands enable viewing SIP credentials, WEP keys, etc. on the phone.
138cdacc373d3af2dbbd24f6e8d71941abf2c06921c5be017a9267824cfd6155Woltlab Burning Board 2.3.X SQL Injection Vulnerability
1a2d647f855fcf4342296872c4932b18906bfefcb550fe99ba24dfba76f998d0APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005: The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems.
5ab3add3a7b5042f8bbe07e6836bec97b033281f32280787bd33023539c5a892CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
b236dc13a9d36b5ace9a497fbaa92180a506c8f2c86ab714d159c59c043c12baDuring the analysis of RSA Keon Certificate Authority Manager, Arhont Ltd consultants have discovered several vulnerabilities in the Log Verification function. A rogue CA (Certificate Authority) administrator or any local administrative user with the access to the CA server could manipulate the secure logging process to disguise his/her activities. Versions 6.6 and 6.5.1 are vulnerable.
79163b2b0488c73c966551df79ceebef350345edfcadddadd34b53ddf8c53d3dscip AG Vulnerability ID 2555 (09/21/2006) Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities
99b3f6235975754f3df02b59c8103ade16fe507c2e7f51d1373c49aa0e89fe6bCommerce Bank's website is susceptible to cross site scripting.
4f24bca931198904b78b834449c469f90b91c1b41d3cc6a385a1413a2c9a0959Several greek banks suffer from cross site scripting vulnerabilities.
3684796542d0aecfd70e661bca5299f6a11b35b4ef5c750abe606690f5d2df71OpenSSL Security Advisory 20060928 - Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC. When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. Other issues were also addressed.
9502f989ec9da5214945e96a2d710fcdd773af905ce1f2c7d00260acc1346401SUSE-SA:2006:056 - The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite loops.
5824d78af59c485e4c5bb9f39940cd6e46ba645d578cca1837b78e822e4a3cddZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
ca61c977f812670146a0d94dbc484e48367957bd2cdc17f091fcd89dc5ca2915
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed