Gentoo Linux Security Advisory GLSA 200605-06 - Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Versions less than 1.5.0.3 are affected.
ab71bb8673063363d71c9ff4835af73d7cb1adaaf9bf8575fc6edc628f8170ebSinFP is a new approach to OS fingerprinting, which bypasses limitations that nmap has. It only requires one open TCP port, sends only fully standard TCP packets, and limits the number of tests to 2 or 3.
0429d5c91cb785153e730ce42c50bb240fffc5888c0171585875414932b9a543X7Chat versions 2.0.2 and below suffer from cross site scripting flaws.
a27552747b99f74782585acc56116be0de958712e09a10cf260cb6414a449813WebsiteBaker CMS allows for injection of HTML and javascript.
16c209df6f3f3b2082a5395d9ff1cf10146b9f3cdaddc85387fcdb2953e9554dVisionSource CMS versions 0.6 and below suffer from cross site scripting flaws.
c059b2ab89d1d3daccd442ad939d4364b05dec802fd247b03dbde2ba925072f7PassMasterFlex suffers from cross site scripting flaws.
e6eccd95311e6e7c124d1aea8916c940bb438076e1e17d1d58e39768d90e0109myBloggie versions 2.1.3 and below suffer from cross site scripting flaws.
250ee007879282d10c62b89ebb52948f314f5586726780295ec33a3769ce53caFlexCustomer versions 0.0.4 and below suffer from SQL injection flaws.
9844b12ce1c067e9cded58c227aea07123fb501bf77349e0822443e20efd3dd1ChipmunkBoard suffers from SQL injection flaws.
8e48025ab789e02d66182537ffeacdf36f3fb1d66d3f0e518740d807b296e26bChipmunkBlogger suffers from a lack of input sanitizing.
d4d3e44bb90e99c4147fcc4fd2c26662900e5f481f9768d293ad592060052eceRemote shell command injection exploit for AWStats versions 6.5 and below.
941a06c7ed697547b47adcb24b4547271d29c41781f9d2f838ff3524b533683cJetBox CMS remote file inclusion exploit that allows for command execution.
6bb97b240608bb11c9ab173820e3e278793a4e618c1ac8e49d99bfbee4906bddGentoo Linux Security Advisory GLSA 200605-05 - An integer overflow was found in the receive_xattr function from the extended attributes patch (xattr.c) for rsync. The vulnerable function is only present when the acl USE flag is set. Versions less than 2.6.8 are affected.
d592560260da6f55837c376016e7035d8854f7bf46ab02109375c0661c2bd33fOpenFAQ version 0.4.0 is susceptible to cross site scripting attacks.
2ffeb55172208c07701cb7f398eb58ed12de453d7b6602d91a40d8bfb09a887eVP-ASP version 6.00 is susceptible to SQL injection attacks. Exploitation details provided.
88610c2c58aeabbf0a85467404b623b0dd9f1bf34a86fdf0a43adf16f0eafb0bphpBB version 2.0.20 suffers from full path disclosure and SQL errors.
f038ea39ebfcb19fdba73fba1e5223155e5b79addf97f621d56e5d29f6268420A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website.
847b6f1785975209852c8dfc4b78281784289bedcbf591c04c106ea438f64495CAID 34013 - A potential vulnerability issue exists in our CAIRIM LMP solution for z/OS. CAIRIM is delivered as part of CA's z/OS Common Services, and the LMP component provides licensing services to many of CA's z/OS solutions. IBM Global Services discovered an integrity problem, which could be exploited by an expert user of a z/OS system that utilizes CA's CAIRIM LMP component. We worked with IBM Global Services to understand the nature of the problem and to make certain that the remedy we have now provided addresses the problem completely.
25441e6a3e621cc379e0b1ebc1b28c21793d35d4bbe5423529a5dd2ede625cb1Invision Community Blog is susceptible to SQL injection attacks.
102a07be00537fa9c1954db2ee583851e70eeb7275bac19e920a87ea837abd12CuteNews version 1.4.1 suffers from cross site scripting and path disclosure vulnerabilities.
2d3284ee43c5c18d1076a379f080ef8ec6f19ddd8dca6c281a69e3e7a8165290modules name(Downloads) remote SQL injection exploitation details.
13a0bba06b582746104b8ec1f9ceb014983dcc824cb0cf47bb6986e2efbd7e46modules name(Sections) remote SQL injection exploitation details.
c7dbb111fc6c70f5c5a9975281935e0246d081080dc9d982ec9c9ed1671699c7NFS client utility that runs completely in userspace.
f797fdb6c547a9b8de2b5dacd6b96e5c2dba907584de82dbcaebb4e73287e4d7WebCalendar is susceptible to user enumeration flaws.
935103eb1980f6dfbf36877ebf7bdf6873490fa42f6e438f5f00cb6731e32120SaPHPLesson version 3.0 is susceptible to arbitrary input and SQL injection flaws.
e144d79e0133c5bf2f15a75932738453c41e8cd66291c9016c3171bf4a1e0b69
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed