Secunia Security Advisory - ajann and double0 have discovered two vulnerabilities in PhpLeague, which can be exploited by malicious people to compromise vulnerable systems.
ccbd92eea88876522dc84946d48dd84fd58fce0cd0e5d7a2737fdb3d12e2f50fSecunia Security Advisory - Mr_KaLiMaN has discovered a vulnerability in Messageriescripthp, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site scripting attacks.
556026bbafa4bb72403303e7d9b0b6d068b1a7c60f672413767b38047e1bfef0Secunia Security Advisory - Some vulnerabilities have been reported in the Help Tip module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
1290b4972651f97b892ebf42dc80e4372b4a05d1323457b0e478731406e4ba46Secunia Security Advisory - Aria-Security Team has reported a vulnerability in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks.
b0a7cf5ab17a8ebbc5541ef267ce1671ef07275a66cd0ae3cb6d4254d5644e9fSecunia Security Advisory - David Ferguson has reported a vulnerability in IBM WebSphere Host On-Demand, which can be exploited by malicious people to bypass certain security restrictions.
7abb46a32f85dfcd2d693358da24436c5b39d4bb1bff041a57ac0637cd701ae0Google's Orkut suffers a cross site scripting vulnerability in Friends.aspx.
54f7fb968916a256650f6619e9ef894ef3d49e1e3ea0afc583c17ce227f4b391Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.
e3b72455fae8d556eade84f6b95183d9fb3856484b23d09de4ad46012248b887Secunia Research has discovered a vulnerability in MailEnable Professional Edition version 2.35, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing data sent to the IMAP server. This can be exploited to cause a stack-based buffer overflow by first sending a command in the "Not Authenticated" state (e.g. "login" command) with a specially crafted parameter to make the IMAP service wait for more incoming data and then sending an overly long string (greater than 512 bytes).
50845d9664d4795bef5673fb158d9b6f36ae9ac4b5a0fc08c947afcdd0f0ba55ColdFusion MX7 suffers from path disclosure, internal IP address disclosure, and cross site scripting vulnerabilities.
55f86e7929a884f0b6dd3f764aaf710b98410a62ad57cf00d38bfc635592b514Winamp Web Interface versions 7.5.13 and below suffer from buffer overflow, directory traversal, and file extension bypass vulnerabilities.
b6d39a0ed8bf2392f5a542363514335b444bec94eeaab3c0764f8dfc8ddd9a1fRFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
f7a557d1d7629d43f156797a46704123e0578b55fa26893a8e1e21966d6eb64esqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
5c8f9dbd2871c17777b26f9f1da10ac0a5d1fea40e3cb8292a2e858940d4e91cDue to a poor regular expression in FilesMatch in DadaIMC, arbitrary files can be uploaded and executed as PHP code.
69ba2b17e70b67cd3adbb888cdc09d556212c484e2b2bda33594d66adc41c10cTwo fuzzers written in Python. One is for PostgreSQL and one is for Informix.
af75ebb6e79ccd3bd1ad92b298d15a7e2ac9de795241f8cfa6b826f5bf9a6938Debian Security Advisory 1233-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
abdb183f40070b89b9064b102b9d38042eed09878c658ed2ab595012212bb014Gentoo Linux Security Advisory - The Resolution proposed in the original version of this Security Advisory did not correctly address the issue for users who also have GnuPG 1.9 installed.
28300367f0f1980b052817aa44ab90bb7814ba8c9c0852f0c6a9f449408932beGentoo Linux Security Advisory GLSA 200612-09 - Laurent Butti, Jerome Raznieski and Julien Tinnes reported a buffer overflow in the encode_ie() and the giwscan_cb() functions from ieee80211_wireless.c. Versions less than 0.9.2.1 are affected.
c4cc14a0242dcdd4b4ae7f95cac8ae6f9faf9af0fa3a0a756466818a01d755dcGentoo Linux Security Advisory GLSA 200612-08 - The SeaMonkey project is vulnerable to arbitrary JavaScript bytecode execution and arbitrary code execution. Versions less than 1.0.6 are affected.
61b0cfd1549aa75f25e12455e972f0d4d7dbdcf3db623941ce5be694e3a888bcGentoo Linux Security Advisory GLSA 200612-07 - Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary release of Mozilla Firefox is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.
d29a4e949c4e6c623ca1e6c3bd4d19212dfc4cba2c61f35fbaee4ea84281a475Gentoo Linux Security Advisory GLSA 200612-06 - It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Versions less than 1.5.0.8 are affected.
a4a757f65aeee78aefd96ff6331df1d3b3655a661d4175732c7163d5d331f69aGentoo Linux Security Advisory GLSA 200612-05 - Kees Cook of Ubuntu discovered that 'KLaola::readBigBlockDepot()' in klaola.cc fills 'num_of_bbd_blocks' while reading a .ppt (PowerPoint) file without proper sanitizing, resulting in an integer overflow subsequently overwriting the heap with parts of the file being read. Versions less than 1.5.0 are affected.
a3d683d3deb8544801f40db173ea37a597a3bc75de4e2f4e2976fa67684f87f9Gentoo Linux Security Advisory GLSA 200612-04 - Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the CSoundFile::ReadSample() function in sndfile.cpp. Versions less than 0.8-r1 are affected.
9cc79aaa1aefdc8b1b95acd0b11e41c6a5abd1dabe839cbf312ab07616ed737bGentoo Linux Security Advisory GLSA 200612-03 - Hugh Warrington has reported a boundary error in GnuPG, in the ask_outfile_name() function from openfile.c: the make_printable_string() function could return a string longer than expected. Additionally, Tavis Ormandy of the Gentoo Security Team reported a design error in which a function pointer can be incorrectly dereferenced. Versions less than 1.4.6 are affected.
7d3d8421e9e44d6b109815c5c9659a27a917b90ca3eac250aa8a4056eb89c4daDebian Security Advisory 1232-1 - Stephen Gran discovered that malformed base64-encoded MIME attachments can lead to denial of service through a null pointer dereference.
14f8511a595499af5c1bc9b288fba4ac69f2c0272a26d6083dda6aab67fdfab7Debian Security Advisory 1231-1 - Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitizing function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.
f67a2d1c90c023729e0ddced605f0a8606af3720511cb5300dd9784ea2090aa4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed