Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan version 5.53.00, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system.
70227b6f2cc310218fac2ae9e81c5d58bbd5500f893213d04e068eff7fce0cdcSecunia Research has discovered some vulnerabilities in DeluxeBB version 1.06, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
dabd3850dcb181b78f640f41286930158f735aa2641bb4e983e057e7c47f4b6bSecunia Research has discovered two vulnerabilities in CMS Mundo version 1.0 build 007, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
c01cb438a40a860be28eb49b660964a6dcff479b929e888513af815a54a05093Secunia Research has discovered a vulnerability in MyBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the username field when registering is not properly sanitized before being used in a "preg_replace" call with the "e" modifier in the "domecode()" function in inc/functions_post.php. This can be exploited to execute arbitrary PHP code by first registering with a specially crafted username and then previewing a post containing the "/slap" string. The vulnerability has been confirmed in version 1.1.2. Prior versions may also be affected.
c59306225b180770f26b6156627ae47fc1bec7b713c1aec00ae29f93c21adac2Secunia Research has discovered some vulnerabilities in SelectaPix version 1.31, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
93e653e7eea27cd305721490efe229af9bb3c11026f732cfdc7bd444fe7daa41Secunia Research has discovered two security issues in ADOdb, which can be exploited by malicious people to disclose system information, execute arbitrary SQL code, and potentially compromise a vulnerable system. Details provided. ADOdb versions 4.66 and 4.68 for PHP are affected.
a212b5763393fa5ec35a8dfe35d726cc4f7c2a8000c581074fd8516fbf88411bSecunia Research has discovered a vulnerability in Microsoft Internet Explorer 6.0, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to a design error in the processing of keyboard shortcuts for certain security dialogs.
8cbe12f30ecdf09218a3ea3684d7b349517dd89e19fcae3c26d49df76d3c246eSecunia Research has discovered some vulnerabilities in ATutor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerabilities have been confirmed in version 1.5.1-pl1. Other versions may also be affected.
ea4981890b687d4caff07c6b7157202c331ffe371d5cb42efe41a196ad0226d2Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the t_core_path parameter in bug_sponsorship_list_view_inc.php is not properly verified before it used to include files. This can be exploited to include arbitrary files from external and local resources. Affected versions: Mantis 0.19.2 and 1.0.0rc2. Other versions may also be affected.
9bffa4eac73d1c9558283150c0455ab3a80cf530a7ad18fdfa75a7a20f03f5d7Secunia Research has discovered two vulnerabilities in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. Version below 6.00.110 are affected.
f9c204d96d4414417c87801e9766a44a5edd45b03eb95dd55b165f028e2cdc4fSecunia Research Advisory - Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious people to trick users into executing malicious files.
513774c469defad1cd93cfb1ccb109ae36b76b727993df1dca8cea05c194fcadSecunia Research Advisory - Secunia Research has discovered multiple vulnerabilities in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions and compromise a user's system. The vulnerability is caused due to insufficient validation of drag and drop events from the Internet zone to local resources for valid images containing script code.
2eee21ac49aa560258b69dd6762e4286626ce13abb43d92f80b9357c13e36ac2Secunia Research Advisory - Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in the javascript function createControlRange(). This can be exploited by e.g. a malicious website to cause a heap memory corruption situation where the program flow is redirected to the heap. Successful exploitation allows execution of arbitrary code.
e83fb11602b47295a7788c8bcfa19e0e7589f43c11094461b867690119fb22f7Secunia Security Advisory - Secunia Research has discovered a weakness in Sun Java Plugin, allowing malicious web sites to write arbitrary content to a file with a predictable name. The weakness has been confirmed in version 1.5.0 (build 1.5.0_01-b08). Other versions may also be affected.
8ac5907e09fa5b9dd46bb903505f7837bf71e510eb6eeaa7181394353c2b6742Using the mozilla browser, while linking to a new page it is still possible to interact with the old page before the new page has been successfully loaded. Any javascript events fired will be invoked in the context of the new page, making cross site scripting possible if the pages belong to different domains.
8a39c48fd07d754c3d4be6f69961bdef39e4b016dba987bf15576e212c7df063There lies a way to inject a javascript url in the history list of Microsoft Internet Explorer causing a cross site/zone scripting attack when the user presses the backbutton. An attacker may use this to read arbitrary cookies/local files and execute programs leading to total system compromise if IE is run as administrator.
e01b9463a639085838e90199fac938b440e307d2558b62b00d81aa347385b6ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed