Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.
ea4821effec5ebd51f45bdf732d362fc22eb10a99a7363c2441cceeedc97dfaeGStreamer suffers from a null pointer dereference vulnerability in the gst-plugins-bad plugin.
3468810ab7e2ea28debe4af3d9f8a21108429b03b6accf08511c15139b700b06Courier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.
425cff4ddf61bbeaf9670a04c641dac78fd64b617955be6dc1d7dbc7d51f3a76Wireshark versions prior to 1.12.5 suffer from a heap overflow vulnerability.
1ae5af42f7ef14100630d0010d301d92234b3bf167a0e4c7fedd8095c080e3c8SQLite version 3.8.9 suffers from two read heap overflow errors.
6d38b29159cb2a72081129ea22c70ddea6a6ec86333d10d263a11edc4d1c9794Fuzzing GnuTLS, it was discovered that a malformed certificate input sample would cause a heap overflow read of 99 bytes in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().
3b4b298d51f795e837fdad045082d8d21888b30a3c72b0d84495cbda9339fe16Fuzzing libtasn1 led to the discovery of a stack write overflow in the function _asn1_ltostr (file parser_aux.c). It overflows a temporary buffer variable on certain inputs.
6564e0941811d6f26c35eb0f2deeda26a4f79f67cc76157b329dea8a102e4fd7An out of bounds read access in the UTF-8 decoding can be triggered with a malformed file in the tool less.
347f4926038ecad2d6a29f7ea51b42576cbdba32e0a8492bd6c7800ee394189cImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.
f7f73acba950fe2fcdd7e2d0fba2650f734595e55003788431688a9c2e9377d9PowerArchiver version 14.02.03 creates files with an insecure encryption method even if the user selects a (secure) AES encryption in the GUI. If a user clicks on the "Encrypt Files" and selects "AES 256-bit" for encryption, the outcoming file will not be AES-encrypted. It will instead use the legacy PKZIP encryption, which uses a broken encryption algorithm.
a48e078a1bd32e704a5fbf11c4d4b61c8d037f81b323e1195c53539b587ab28bPHPList versions 2.10.12 and below suffer from a cross site request forgery vulnerability.
b5bb4955da0a735dfa018ccf451ebac4b437a2335d31fee95b7fb4a779d849e1O2 Classic Router suffers from cross site request forgery and cross site scripting vulnerabilities.
94d6ca9d702ec4f5fdb7414e8e935b6e8e12b2ba4c775e2b2fd39a04eff4c71fCMS Made Simple versions 1.7.0 and below suffer from a cross site scripting vulnerability.
c234bcd08fbe8dd9ae72b6a0ca19941afe45cdaa2d5374ec53ee5e0ce5834ad3Pmwiki suffers from a cross site scripting vulnerability.
8135712c4e30ac2b866fe68a60d138de462502df7db3a5bbf3f31a0eda3bcf3cJoomla fails to set the secure flag in the session cookie allowing the possibility of a session getting hijacked.
a0f0b11a97d38cd11e6da4f7b89ff1d72b8153bcd12e0b35bdbafea736cee8afDrupal CMS fails to set the secure flag in the session cookie allowing for session hijacking.
6d5d4657228cd6039e3ccbfbac2cd8adc8cdb25a11f076f03f379e89ca0016dbMenalto Gallery versions prior to 2.2.6 failed to set the secure flag in the session cookie allowing for session hijacking.
abff3ad67ab14ebf55f9da0c0e8959080407847a2106e0bb1f87d45c942811acA fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited.
e250a5f0d10ff7b3553d66f2c5e2679545b01252c627bd11aee974decdecce50Serendipity version 1.3 suffers from cross site scripting vulnerabilities in the referrer plugin and installer.
25a716caa89c016ca24d532a7d1b04d94cf20e36557d232ea4afb38aacaa2e77Clam-AV versions below 0.93 suffer from an endless loop vulnerability when handling specially crafted ARJ files.
f975acf9d28711c1ba81f2592579ef7b9338976b9b3020f121d957117570ee4dPHP-Stats version 0.1_alpha appears to suffer from a cross site scripting vulnerability in phpstats.php.
3618c612ee4162d17f9fc290f06a253a6d5732d738df7c77d8298e2dab348a76Serendipity (S9Y) is vulnerable to cross site scripting vulnerabilities.
dd63fb188152a551ba836b956d929e9d741646329f28f1ee2f401f93732ec998Moodle versions below 1.8.4 suffer from a cross site scripting vulnerability in the installer code.
22b5d751e513045185f5825a9ebcf9539597b2972bdcf26c37f38e5dcbf5eeabThe Serendipity blog system contains a plugin to display the content of feeds in the sidebar (serendipity_plugin_remoterss). If an attacker can modify the RSS feed, it is possible to inject javascript code in the link part, because it is not correctly escaped. Versions below 1.2.1 are affected.
532a5907669cbc68a7275efbcc42fe90f3ef0ef37fef8ab43b25ea77019e9b13Freewvs is a tool to search web roots for known vulnerable versions of web applications.
2e9c27f6e626fef7aa38d3e7b98a01a05a47689c85c5f26e63d231fdc715a024
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed