Month of PHP Bugs - PHP versions 5.2.1 and below hash_update_file() freed resource usage exploit.
e652b275f5af74b30e28ae26e1d3ae9676875b9e3511eb6ab4432ae190113864Month of PHP Bugs - PHP versions 4.4.6 and below and versions 5.2.1 and below ext/gd already fixed resources usage exploit.
d59910398469036df4bf066bb414d7e6b581ed535fbec4ab6630a641c607ebfephpRaid versions 3.0.7 and below suffer from a remote file inclusion vulnerability.
51657e9f73937a81c2d85110244913741a2fa4e20a544aa9dfecfc0b4024ca02PHP-Nuke module htmltonuke version 2.0alpha suffers from a remote file inclusion vulnerability.
d14edac8ad1d6b8dd287a7c2935b9662de640638eb448b211043d0cc557134feGeBlog version 0.1 local file inclusion exploit.
721ab0cad67eb6811b2c5dea088623b45571c4a70430362c982e05df42162437Ubuntu Security Notice 438-1 - A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges.
f2b35298e2a943b4dc3c48ea468c2918ffe8accf76da0789c798e4f16ccd8b51Mandriva Linux Security Advisory - By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges.
1a31b1a9ae1ba8b786e797e19e3190c19c3691a4b1c5223f27307acea8bedd6eMandriva Linux Security Advisory - Luigi Auriemma discovered a number of problems with the nas (Network Audio System) daemon that could be used to crash nasd.
4e74bda94b89f0070dbd5c60146e11cfd024550c6faba146b3b37c9c21c5574dGentoo Linux Security Advisory GLSA 200703-23 - Wordpress contains several cross-site scripting, cross-site request forgery and information leak vulnerabilities. Versions less than or equal to 2.1.2 are affected.
1f104b4392583bd1176e47a233b0dece5acd97d66d1b15c5c0f29569aca7d6caGentoo Linux Security Advisory GLSA 200703-22 - iDefense has reported two potential buffer overflow vulnerabilities found by researcher regenrecht in the code implementing the SSLv2 protocol. Versions less than 3.11.5 are affected.
72a04b8fd36b196d5d79f64d9f94bfdc9b93cdc6b9aa31fbee63aed8a7fc945eGentoo Linux Security Advisory GLSA 200703-21 - Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. Versions less than 5.2.1-r3 are affected.
2a68bf4d09b8bcea9389593696b002f77d4faf366a29f85257aee2053ef4e678Debian Security Advisory 1271-1 - A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian.
0c44d847b6eb7dcdebf7013ee1e46bc1c3dd0d0e39e071bfedb66147f572c557Debian Security Advisory 1270-1 - iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.
0ddd6cae3eb3b01c6b9bd54992ea7953866af3e4536c39cf818f233f33040e70Helix Server version 11.1.2 suffers from a remote heap overflow vulnerability that allows a remote attacker to gain root privileges. Proof of concept exploit included.
20b0284d9e9d99fca43d85291edbe9351bd0685595b37229833f630cb7c7d7abMercur IMAPD exploit that makes use of several bugs in the NTLM implementation. It gives the attacker complete control over a memcpy to a stack variable and the outcome is a denial of service (crash).
84fc3e80797cb6515674112ded1476d513c92ca06b47bff1373db7fed2520cffw-agora suffers from file upload, full patch disclosure, cross site scripting and SQL injection flaws.
3efd765d970df008d312b5e83159a95f0e0ff9bac3d35929954a7b793a1a3995The MySQL version of Web Wiz version 8.05 suffers from a SQL injection vulnerability.
46e06067662bde321441a6d0fe076931e11a8bd16508818d4205deda46b5aa56It appears that Microsoft Internet Explorer 6 suffers from some denial of services vulnerabilities that result in a browser crash.
9e51edcb416e9349611acf43e4113af5fd75a2b16f05995f12e3f6b0c30ac448
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed