[MajorSecurity Advisory #29]: foresite CMS - Cross Site Scripting Issue.
8591278f8bbfc8be498a8207e57066ecce64c04c52e794b04cb177d5929572a8A SQL injection vulnerability has been found in the search.asp script of WebWizForum.
cead45ff35294fdd3b96eea233a7ef20ecfb57a70f0706f879b2c00a0b636710Applications which fail to provide their own filtering on top of the inbuilt .NET request filtering may be vulnerable to XSS attacks. Provided that a web application solely relies on .NET request filtering before echoing input back to the web browser, it is possible to inject scripting code and successfully launch XSS attacks by submitting a specially crafted request.
dd910ad2db757329a92d803219be35c477e9961683836178d55fca2a887cde87Secunia Security Advisory - Some vulnerabilities have been reported in Free File Hosting, which can be exploited by malicious people to compromise a vulnerable system.
c417f3b1403e655517cc03eadec6d6e8090e0a08c15c4b60a1fb71422e6e9226Secunia Security Advisory - ajann has reported a vulnerability in Techno Dreams Announcement, which can be exploited by malicious people to conduct SQL injection attacks.
7bc222043155d0bf4dd3e218da068579891041797baaa27eaffdf573b6d52a38Secunia Security Advisory - ajann has reported a vulnerability in Techno Dreams Guestbook, which can be exploited by malicious people to conduct SQL injection attacks.
113e49308775559397c4fb2c8dff44469c9df684ebdca1ccf88d9ecb2a9409deSecunia Security Advisory - Greg Linares has discovered some vulnerabilities in Easy File Sharing Web Server, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to disclose sensitive information.
c6e2c16cfa4a83180b50f49bc2a4d9cb918c90863de86047c096a0f9871232f7Secunia Security Advisory - Mandriva has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
0b5942cd94bfebea643930aa51b9cacbfb1c932ac7b938c12e97b0872a2f5456Secunia Security Advisory - Mandriva has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
9179cfbbcd8baad686d3eb81777e2aad92e506232be6e0a5ef93dc036327525eSecunia Security Advisory - Some vulnerabilities have been reported in various Informix Products, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
4474f9ffc116a320d92cc32a4f2f6260e9810704359684cdce62c387cef3b01eSecunia Security Advisory - Nms has discovered a vulnerability in PunBB, which can be exploited by malicious people to compromise a vulnerable system.
50b5b47f55323a7bfc259c7b749e593ed374c22e26207243f6809ca39e6a0decSecunia Security Advisory - ajann has discovered a vulnerability in E-Annu, which can be exploited by malicious people to conduct SQL injection attacks.
8205b1e486a175bb18d42c0bf7cadfffc71a57e9f01ffdc69413274e5a1de103Secunia Security Advisory - Gentoo has issued an update for cheesetracker. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
897774063149edaee2d5ebf02260b7a9c073785281bfeac22afa9178c4808803Secunia Security Advisory - v1per-haCker has discovered some vulnerabilities in phpProfiles, which can be exploited by malicious people to compromise a vulnerable system.
eba166697d775b3e6c9164e8c7cf859f79c2cf8b6ea82dd3dd963b8526d8d1e6Secunia Security Advisory - Debian has issue an update for qt-x11-free. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
29ddc870aeb9a5b0845e168dbe49f8b272cc89a57647b02a7512ee19e6536a58Secunia Security Advisory - David Vieira-Kurz has reported a vulnerability in foresite CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
6181e22590bbe9f9c85bbb9684490f698602d93dedb9fddb9ea50df60b202e3fSecunia Security Advisory - Gentoo has issued an update in php. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
a10e364019adcdd4bc2e22a368a171d92357ec306544f13c9dd9995fb12ac285Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
db11feaf1c259a300ccc9d5a89e6cd4116401492de668480f0c7e8d8f2eff891Secunia Security Advisory - HP has acknowledged some vulnerabilities in HP Tru64 Unix, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
ed9366f2229c5d8683161552844975502ba9bb712c513794e4a10636568ee2f8Secunia Security Advisory - Handrix has reported a vulnerability in Sun Java System Messenger Express, which can be exploited by malicious people to conduct cross-site scripting attacks.
2623f772e78a88f61679fc33ec47cd425389c2eb3d3c1781c90eecee4e8b2c98OpenPKG Security Advisory OpenPKG-SA-2006.027: According to a vendor release announcement [0], security issues exist in the personal publishing platform WordPress [1]. The "wp-db-backup" plugin accepts filenames which could be used to access security sensitive files.
786e8c5107fa0271085c49cebac3c5b1b20b0e7d0c2c919671a5d378f98e6762Debian Security Advisory 1200-1: An integer overflow has been found in the pixmap handling routines in the Qt GUI libraries. This could allow an attacker to cause a denial of service and possibly execute arbitrary code by providing a specially crafted image file and inducing the victim to view it in an application based on Qt.
164139ba980ab9d32154bee061c5bef7b490dd17b4a4973d1c31ba91ed30a90bGentoo Linux Security Advisory GLSA 200610-15 - Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances. Versions less than 1.2.13 are affected.
7da97c63b8d70d60c0b51785511e6d3d1a6ceb5bc517f75ec86487e728c91a87Gentoo Linux Security Advisory GLSA 200610-14 - A flaw in the PHP memory handling routines allows an unserialize() call to be executed on non-allocated memory due to a previous integer overflow. Versions less than 5.1.6-r6 are affected.
24fd15d792177179ef4dbacc3bf7f43884ae94a89b5aefdbfb4aa7af666fa023Mandriva Linux Security Advisory MDKSA-2006-192: The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption.
e82ad3dc1bfceb29448f2800b116b0e14eb98d470f43c94368a5d815b98b2f78
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed