A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7eA remotely exploitable vulnerability has been found in Adobe Acrobat Reader/Acrobat Firefox plugin. Versions 8.1.3 through 8.1.6 are affected.
02dfa8f527d8d6db4d18a0236b10c85a02cc3272c626c753553d001851062481Safari fails to sanitize the file protocol handler thus leading to an information disclosure, e.g. local file theft. Dynamically creating a certain HTML tag and using a valid file path to an executable may lead to a denial of service condition. Apple's Safari browser version 3.2.3 is vulnerable.
cacf872f1106fc6da55a3d56af72a3d3d6d797892f96aa06e4ee001b4fa30ae6A Null Class Pointer Dereference in CoreFoundation.dll has been found while parsing a URL fragment with a high-bit character in a common protocol handler. Apple's Safari browser version 3.2.3 is vulnerable.
43353339aed37a33039bbc97039fb9b5ec525ae76af3ae86fbb10ebfa0788760The Opera browser suffers from a HTML parsing flaw that allows for remote code execution. This affects the browser on all platforms.
febf5df96d484a8dc165f206b1224c5465d7ce08b01af90bdeeac54a08cce767The Horde project relies on code similar to Popoon's externalinput.php to filter out potential cross site scripting attacks on user-supplied input. Other projects are using the same code base. Therefore this vulnerability affects also the popular Cake-PHP framework. Hence, all users that rely on the externalinput sanitization functionality are affected by this vulnerability, as in addition to many other unrelated, open source projects.
21fcfc2eb2dfbc50c7d42dd8d19fdf5f77e420370c183904809c229552d63d54Horde versions 3.2 through 3.2.1 suffer from a cross site scripting vulnerability due to the handling of MIME attachments.
c2a3082c148d60c17ee794b27d8f58dbea9dcafc37b3a98ef6dc4162c3890507PHProjekt version 5.2.0 suffers from a privilege escalation vulnerability.
d0eb6dcd238466f8bf02343caec6f02edb744728d2bc4c2e508a7480db337ddcPHProjekt version 5.2.0 suffers from a cross site request forgery vulnerability.
cf169ff516ecb37f27edb69c002fd063faf696d3add01baf063759d1e46d5b37PHProjekt version 5.2.0 suffers from cross site scripting and filter evasion vulnerabilities.
2aa0a61eb00ffdfcd305ae3b72f1e7744df2d56d283d55a0fa6bb630096ffbd8PHProjekt version 5.2.0 suffers from a SQL injection vulnerability.
a09402b443c16796539cd108dd61aedcdcd438ccc160783d39617bb171dd08f5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed