Invision Power Services versions prior to 2.0.4 suffer from cross site scripting and SQL injection vulnerabilities.
b8bf3466e307247bc48b42810996ed9e65cb7ab87a84029aa0f25cee9605095cCJ Ultra Plus versions 1.0.3 and 1.0.4 suffer from SQL injection flaws.
633b622b7664e227e0eb4e99a25efd7bb4cf4d8da806d4431050f188a3637defDebian Security Advisory DSA 721-1 - Michael Bhola discovered a bug in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
180e04f417cf4cafea4b6478b034d4d28b823b71e2594c367dd73be18f901646Ubuntu Security Notice USN-122-1 - Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error in Squid. This could lead to wider access permissions than intended by the administrator.
61a13e5fe5b4b4da41b9e1a72b60fe19b6da49a870d6c4924d47a1d28bc4f2e2Ubuntu Security Notice USN-121-1 - The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.
cdf1f9dd2da38e3b10b4658ab67df4dc1a8941af89e8d3d82768b76a27658a5dUbuntu Security Notice USN-120-1 - Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.
8138e2be0a078d5d656787fda86f83f293df9f68fdc2bad9d56fe03dac7414f6Statcounter is susceptible to a script injection user session hijacking flaw.
2f8b0a24361026c281e96ee3041e21b8b9c0a48c33866ddddd38ba3d356683b6MidiCat PHP Shopping Cart suffers from multiple cross site scripting, SQL injection, and other security bugs.
cfcaf4f2b96fe2bd8e82fdc6f46ae6caa96a374e250b09add3e5cb9c59f6329aEvery user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler on Oracle 10g.
89a141519dcef0c60eb5caae4118b9350bed9c359a49fba7854f155c388e595cFine grained audit (FGA) is disabled for all users if the user SYS runs a SELECT statement on a FGA object in Oracle 9i / 10g.
ef0e69af9d00f437ba72ca0fee630f111a4921211bcba924fef4da010fb8148cUltimate CGI Guestbook Scripts MegaBook version 2.0 is vulnerable to multiple cross site scripting attacks.
69540585fe0f27145e6811e2c70cdf8addf7a7e32745d148840ce097b8d9b69fThe Gamespy cd-key validation system allows for multiple use of the same key.
8139c1152cfd8033b373585e5ec3187e22c4c9b4dcd050934cf1cccab4456a1dSimpleCam 1.2 suffers from a directory traversal flaw.
d4e58f065d5c7588a794c9e5395507eab6a319a2473bb1d69625b852d95f74e6iDEFENSE Security Advisory 05.04.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X allows attackers to execute arbitrary code. vpnd is the system daemon which manages IPSEC or PPTP connections. The vulnerability specifically exists due to insufficient bounds checking on the value given to the Server_id parameter.
0237606ce969824dc940b7a556542ba770756a2abb6a8d17d8aad8742cfb0a93A local file detection bug exists in Adobe SVG Viewer version 3.0.
b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84bLeafnode versions 1.9.48 to 1.11.1 suffer from a denial of service vulnerability.
30b6c7c1e8d7eeb30cd82999c84bd5e80690a1a2b8ceede25323b0633cea4b3dUbuntu Security Notice USN-118-1 - Postgresql suffers from multiple vulnerabilities.
d115508980e6b35c51f9fb331119affaab6ae7c99bb8434b6050362aa9206618vpnd on Mac OSX versions 10.3.9 and below suffers from a stack buffer overflow.
cf228ea2cc508d49888b67af2c4fca70d0985d71b8d036276387de3ca4f74d36Gossamer Threads Links SQL version 3.0 suffers from cross site scripting vulnerabilities.
44db85324d70c4d5216d3f1c587472cb8e368e120d5434190724996e35f1f780Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow for cross site scripting, arbitrary file viewing, and more.
bbd44f9d66d0b59f4e1b162ed1fba5a48f52f53f725ac4d72198eda5661ffc2bApple OSX suffers from multiple bluetooth vulnerabilities.
1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b8182iDEFENSE Security Advisory 08.05.05 - Remote exploitation a directory traversal vulnerability in EMC Corp. Navisphere Manager could allow an attacker to retrieve arbitrary files from the system running Navisphere Manager as well as retrieve directory listings. Navisphere Manager Base 6.4.1.0.0 is reportedly vulnerable.
23db99e7edc094a9e39cedae3a001c17e7b01798c2fdcad6e2749c3b9dd31137nbSMTP version 0.99 remote format string exploit. Tested on Slackware Linux 9.0, 10.0, and 10.1.
10190d51efb7acc9891701971fa67cb9aa231b76267cf93d3c6f21332ddb0dbcWrite up discussing a methodology to bypass Citibank Virtual Keyboard Protection, a mechanism to help protect against keyloggers and spyware.
0bf50c337ec9fbe542418f18b4fc538ccfdf1b3d1c5af837b01094ce509c4dddMultiple Lantronix Secure Console Server local root exploits that make use of security issues allowing for unrestricted shell access.
c0a5ce471897d527b519e28394d96c4425c7cba31436744d12e76f3ba35bd3c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed