Cart32 suffers from an input validation flaw that allows for cross site scripting attacks.
f8106fd151c332f8cfb901effa0b209c6a4fea390a67c49519fe4d51dab84f71A tweak that can be made to the Windows Registry that will help prevent exploitation of the Shell.Application bug found in Microsoft Internet Explorer.
108987d18eacf19be4860b3c4dec37593b21417314f5d3af2a35f49b6405c391Exploit for a buffer overflow in drcatd 0.5.0 beta. This may allow for command execution when the system administrator has assumed that only read access to files has been granted, but as it requires a valid username and password, this is unlikely to ever be a high-risk exploit.
0155b39c65536150f635524e364054ab87c6d89aece5942882b50c8ecf65b315Sending an infected ZIP archive with a filename containing HTML or Javascript may allow for a Cross-site scripting attack to be performed.
e98c2ee1de4d3a879b43ce2ddf5143f9bf2e65e1f9e497e582b0b79f6f497ebaEnterasys XSR-1800 Security Routers crash when passing a packet with the option record route.
2576ea2745b4c9b63c20df5dc272fb16b20cf34707df1e32177222148f296bb2Technical Cyber Security Alert TA04-163A - A class of vulnerabilities in IE allows malicious script from one domain to execute in a different domain which may also be in a different IE security zone. Attackers typically seek to execute script in the security context of the Local Machine Zone (LMZ).
3018d809ec8c33d9aa35d9849eecffaa33b0b52cd7f226d20950eb53870042b3CYBSEC Security Advisory - A vulnerability has been discovered that allows a remote attacker to generate a denial of service condition against the IBM WebSphere Edge Component Caching Proxy. If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters. Affected systems: WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective.
a94bce55cdff38e98dc5afca9cd308f0f3e7bef5a5d9d2931d475ac1018b3c85SuSE Security Announcement - A problem exists in the Linux kernel 2.4 and 2.6 series where missing Discretionary Access Control (DAC) in the chown(2) system call allow an attacker with a local account the ability to change the group ownership of arbitrary files.
016299baba8db03cb7e0aa77aab766ca6012636db94e2bb330a1d595585702a8Tavis Ormandy has discovered a vulnerability in esearch for Gentoo Linux, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to the eupdatedb utility creating the temporary file /tmp/esearchdb.py.tmp insecurely. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user invoking the utility.
e59e3827b241da0be587c4f5008b80fa8f0fb686c731080a1ab72a5fff0eff55Secunia Security Advisory - Two vulnerabilities have been reported in RSBAC, potentially allowing malicious, local users to escalate their privileges. One allows a malicious user the ability to switch the AUTH module off. This affects 1.0.8 through 1.2.2. The other allows users to create suid and sgid files. This affects 1.2.2.
633262110f5ba297563fe0517966a9ebcee625e2740b1a125c4e2e94a53f290aThe IBM Informix I-Spy product has a flaw where the runbin executable present in the bin directory has set userid permission for user root. As a result, there is a potential for users to gain root access.
bc36c843c1b96aaeff7b62efae064641618eaf3e5b059409abc2a9e55ab081d1iDEFENSE Security Advisory 07.01.04: WinGate Information Disclosure Vulnerability - An input validation vulnerability in Qbik WinGate allows attackers to retrieve arbitrary system files.
417320e1f292817c15b6064e01b1e073aa5c59b5092bbb34c19aff8a1b0dd3b3SCI Photo Chat Server version 3.4.9 is susceptible to a cross site scripting vulnerability.
8575e09aa1bcbc883017a75c4aa4d09bca783a470652829a1020c77a2876379eEasy Chat Server version 1.2 is susceptible to multiple denial of service vulnerabilities.
c14351e99bc7c75e715099537ef5a044db63e359260141a3b392bcedcdb5a32d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed