The QNX Neutrino RTOS runtime linker allows the creation or overwriting of an arbitrary file. Moreover the technique by which this can be achieved can be triggered even where the binary being executed is setUID and is running as another user. Version 6.5.0 is affected.
7d1751f1d7538142a5f545dae3d6e0f64cbacc7f8b27be5bec111384542a5645The Apache Traffic Server versions 2.1.1 and 2.0.0 suffer from a DNS cache poisoning vulnerability.
1dc0e9378f377c2bbcc492f5d1dc879dd8fb8b702f63ec2c802e48c3bdc43d67Brief write up discussing exploitation of the Linux linker.
e6a4092d9c7f6bfe19a47771315ef0b1edbedff573ad3adc8783e68166ac9c97The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.
b604a1d5db6b3f8fe6875b468e0971c8b0a5c62c937984575dbb59a86d78a575SSHatter is a remote brute force utility that attempts every password from a given list against a target.
9c288bea73f302b726bbb13e21594df22b82f73f874f130fb60e626f3abd3b2aThe TekRADIUS radius server for Windows suffers from a SQL injection vulnerability that allows for privilege escalation. Details provided.
04e03394380b7c464a8bd6dabc94060b07b1420c44f813a363aca9d1aa17f13dNullLogic Groupware suffers from account compromise, denial of service, and possibly remote code execution vulnerabilities.
c36c4bc118817c73caa7e27e4882f82a005ab7e206e99a27d5d2b690d6443b2aPortcullis Security Advisory - By sending crafted packets to ports on the Checkpoint VPN-1 which are mapped by port address translation (PAT) to ports on internal devices, information about the internal network may be disclosed in the resulting ICMP error packets.
51a82eb1b4c5f4d3532a75bb76489bb144459f7cdb950cf9b248f0ab003575f5Affinium Campaign version 7.2.1.0.55 suffers from a javascript injection vulnerability in the templates web page.
c82b2a5713558c8a53fa779387549a6224ad899d490bc09ef23b7240a40aa8ecAffinium Campaign version 7.2.1.0.55 suffers from a log related cross site scripting vulnerability.
053bcfa9891524f83f4ed4442a156d466047db8007c7ab7e014bb87db5b74a7aAffinium Campaign version 7.2.1.0.55 suffers from a denial of service vulnerability in its Listener.
409f174deb2734fb33455f715be458ca7771b4452e3a584a4fd9708637195cb7Affinium Campaign version 7.2.1.0.55 suffers from a directory traversal vulnerability in its Listener.
361a5fe7947bd8d0cd258ec7c536f58cde024e1a42d39189fab582b98aaed12dAffinium Campaign version 7.2.1.0.55 suffers from a directory traversal vulnerability.
5aa4e14f00895220101919783b0a5c8fe0eb4337483e36ca303cd968223bc8bcAffinium Campaign version 7.2.1.0.55 suffers from a javascript insertion vulnerability.
921ca5ae7e6ec08e4305b4dee7180b165fad9feed97d8ed15c114b81e10f83fdAffinium Campaign version 7.2.1.0.55 suffers from multiple cross site scripting vulnerabilities.
05611b417843f52ea40678830e68b64d55d8267452c95284bad6f9bea704a4dfNth Dimension Security Advisory (NDSA20080215) - The Festival server is vulnerable to unauthenticated remote code execution. Further research indicates that this vulnerability has already been reported as a local privilege escalation against both the Gentoo and SuSE GNU/Linux distributions. The remote form of this vulnerability was identified in 1.96~beta-5 as distributed in Debian unstable but it is also believed that Ubuntu Hardy Heron was affected.
679be8c3c5c41b4fce67f2ff8f104fcb7afbc9d058857614bb4a84ab75341837Nth Dimension Security Advisory (NDSA20071016) - The SiteBar application has single high risk issues with its translation module. It can can be made to retrieve any file to which the web server user has read access. The SiteBar application has multiple high risk issues with its translation module. It can be made to execute arbitrary code to gain remote access as the web server user typically nobody. The SiteBar application has multiple medium risk issues where it is vulnerable to Javascript injection within the requested URL. The SiteBar application has single medium risk issue where it is vulnerable to malicious redirects within the requested URL. Version 3.3.8 is affected.
f9787ab6aeb07593ce7cda6de093a36855c1a84a926762bb230871ba4fa62bdbSSHatter is a remote brute force utility that attempts every password from a given list against a target.
74989fe4b419899604f6db0946f0e0314f97a42cecc49672b4bf78d580842226SSHatter is a remote brute force utility that attempts every password from a given list against a target.
690c0e0d317026df8d9c423cc3c6e552372dbbaaab16953a32d76b120fd720c5SSHatter is a remote brute force utility that attempts every password from a given list against a target.
ccf0f5f7aa39fb59f5f5b2bd959ec841ca04f761de5c1c2da76f97a1bfa7976bWhitepaper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques used to dismantle protocols including documentation, observation and static analysis.
85eff0372eb6b927c7f66e8380f04f54c2152fb1202fd191238c82796096ff34SSHatter is a remote brute force utility that attempts every password from a given list against a target.
f36698575e0aefc1ed0903dc22c54cd9ffdeb171aa4341ea9cc93b770555d3adImgSvr suffers from a stack overflow vulnerability.
565d22b95eca8b9f9bc666c22a941d4f22918caf966cb2431c62ee0ee7aa6b51ImgSvr suffers from a directory traversal vulnerability.
587cd55bbcebb9efada9fd3e9fcfc6871ab6005bad8bc15228ce890a7df36ba8eVisit Analyst is susceptible to SQL injection vulnerabilities.
64578dc3aa5280d374e5a5e33556efa48bdbd09dd432b0ed80d48f0beb44bd5b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed