MetaCart e-Shop is susceptible to SQL injection and cross site scripting vulnerabilities.
5b1752bdc31faa1879fd8ae6525e8e6cfcd592f1d37994bb7c3c22ced414591bUbuntu Security Notice USN-126-1 - A denial of service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not possible to exploit this to execute any attacker specified code.
a3972f42ed956bc21421985a05fa3e50b0ab0cf627ca6abfbcee3c37549995aeExploit for htdigest 'realm' parameter overflow.
9a4dcdadd0dc2e74fcf88fb7dc4a3de8ce131898a421e629b8345d1f2389bc87btxml.c creates a backup of a Nokia 6310i phone via bluetooth. Outputs data to stdout in XML format.
00bc376dd83394be463a90501116682c2477a38d203a965c64e6995823730308FreeBSD Security Advisory FreeBSD-SA-05:09 - When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.
5e666245ff6f81ff72f602f77622595ea80e3cf57ceb0ef27419e4e10cfa5986Simple demonstration of a stack overflow in GAIM 1.2.1.
2939f7d4c5b8f352d2fe3b7a82fb15899cf63ac93e106ff54705d72ce886c439Packet Storm new exploits for April, 2005.
b037cc5b0bf138c22345d028f0f1abe9e783d6cb542cc195c5a4b1ae924cee0aosTicket is susceptible to SQL injection vulnerabilities. All versions are affected.
342e3812e317e1b0abd7304b7bd758488e158450bc02ecdbc5034c31a27f2569diStorm is a binary stream disassembler. It is capable of disassembling 80x86 instructions both in 16 and 32 bits. In addition, it disassembles FPU, MMX, SSE, SSE2, SSE3 and 3DNow! (w/ extensions) instruction sets. diStorm was written to decode every instruction as accurately as possible. Robust decoding, while taking special care for valid or unused prefixes, is what makes this disassembler powerful, especially for research. Another benefit that might come in handy is that the module was written as multi-threaded, which means you could disassemble several streams or more simultaneously.
151f9209bd20448587a879af39c6fc9f4e98f49ecbf3d726f97e5d214abd377dDebian Security Advisory DSA 736-2 - A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack.
7d806147c1352a31bea9ff1c8e30dc01371384c1bbf4cb1d4205d7561e0fdbebAn uninitialized variable within PunBB can allow for SQL injection attacks. Versions 1.2.5 and below are affected.
eb81280e35ea34327585e1b7b5729bfc63d2a0f2e92532ceca5e39189c9408beA poorly implemented feature of PunBB's template system can lead to execution of arbitrary PHP code. Versions 1.2.5 and below are affected.
bf008f3b79e34eaaecc1f82ba01fb769de6f07b844f0b7f4dd8378b54d52f33eDebian Security Advisory DSA 742-1 - Derek Price, the current maintainer of CVS, discovered a buffer overflow in the CVS server, that serves the popular Concurrent Versions System, which could lead to the execution of arbitrary code.
1eb72c0ea613bdc328be8e8128bd6abb28b8eb9e5a68e41cbdc6a722fae95bcaThe Oracle critical patch update released in April 2005 has failed to fix all of the vulnerabilities it claimed to have negated.
383a6999ae47ac35ce7d8021d5dbbcac0f545486211bebcfb856c3f21a79fe73SimplePHPBlog 0.4.0 suffers from a remote password hash disclosure vulnerability due to the password file for the system being downloaded and in the webroot.
016c4d9d240eea862bd808ef48b474ed8821e6fdc873c7d98a7fa1f9736e2147The CGI script kaiseki.cgi is susceptible to a remote command execution vulnerability due to a lack of input validation. Details for exploitation provided.
bc0460db05bca845ee18911023e1cc039a125bbe78c2169b02db98b996cf8ce3Lantronix SecureLinx console servers allow for retrieval of ssh-private keys and system logfiles.
65794b69da34ab37e036edabed103b8b0b403e60cc03e5b062026b7669922df6PHPSlash versions 0.7.1, 0.7.2, and 0.8.* suffer from an input validation flaw that can allow for account hijacking.
f1f584ddae33515379f349c6c88aaf4b2ad3066ac5c29dc727b3d0520b8b18d1A vulnerability in Whatpulse.Org profiles allows cross site scripting and session hijacking.
65bc34ab2a209fcd93b11511b52adf93be49f8fe02136a8c9616782452b62013Secunia Security Advisory - basher13 has discovered a vulnerability in PrivaShare, which can be exploited by malicious people to cause a DoS (Denial of Service).
a9372d29f6f604cc3b4020dec79cba6bfb1d4b8ede02368606ac49f97a4228a7Secunia Security Advisory - A vulnerability has been reported in Jinzora, which can be exploited by malicious people to compromise a vulnerable system.
3f6268a8af694428e1b43071343a45f3f1fca7ade9e80770dc81eb4a7dcad7b0Secunia Security Advisory - Several vulnerabilities have been reported in McAfee Intrushield IPS Management Console, which can be exploited by malicious users to conduct cross-site scripting attacks, bypass security restrictions, and gain escalated privileges in the web application.
3ef4d997d26752d3d9415349e870dee56830155bca8009276e7b899bd8b504ebSecunia Security Advisory - Several vulnerabilites have been reported in WorkCentre Pro MicroServer Web Server, which can be exploited by malicious people to gain unauthorized access, cause a DoS (Denial of Service), or conduct script insertion attacks.
b19c2daa3ac7b4e1da6ddeea36ee59e0498f7b5e4384ac25c04c4f2aa1f2f7b8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed