Jasmine CMS version 1.0 SQL injection and remote code execution exploit.
07fd84c504ba9ef31b7ee61355b21a2ed90c49e111f3f274c0add331555c58d8MiniBill version 1.2.5 suffers from a remote file inclusion vulnerability in run_billing.php.
474f3766765762c9a7a9ccfd2748616e12d51e852b804cbaa5d792606070e5eeSolar Empire versions 2.9.1.1 and below blind SQL injection and hash retrieval exploit.
5fc0ba250cada89b50bbdf2917ebb50b75cf1a9415a6be0b84099e72d552970aMiniBB version 2.0.5 local file inclusion exploit.
84a3770e4b1a2c8e8e1ecb284cb3d4115f3ff02a14739544654bc4cc883701a4YourFreeScreamer version 1.0 suffers from a remote file inclusion vulnerability.
7229cd86b3f1c419c56a46bcf0a792a0335eb626bd17d5c6452273fa308e7f21phpMyInventory version 2.8 suffers from a remote file inclusion vulnerability in global.inc.php.
3a13280f3a30004485abd8c7cb75aeb8385bd5eaaa3c9efa15e7da27c4f76d14Simple Machines Forum (aka SMF) version 1.1.2 suffers from PHP injection and a weak CAPTCHA system. Exploit included to break the CAPTCHA.
804c1a0a8f9eac81a336292bc52e53b359f021e708e75f6bfbf33aa684e05734Debian Security Advisory 1311-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called "security definers", which could lead to SQL privilege escalation.
f08303e0be1766a41d362b7f6b57ab00c0283603b5318df656b3e21da5e27cd5Utopia News Pro version 1.4.0 suffers from a cross site scripting vulnerability.
d44ae4310ef855d2f6a2512c581ae5743c5bae5757e51c7dc6de8af2e89f8899WSportal version 1.0 suffers from a SQL injection vulnerability.
63b3914006fdc477bafedb2046b91a6c12a734ab99f02367d62371c9fa3e41ecp0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
e5665aaef9dea1dbdd6c08e7f76453874a605f513f2c431e34a940104a886c8eDebian Security Advisory 1310-1 - A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
967623ddb81a7982e09c9a0c4fed2f8f1ce6412d50236b450aacc4657b41fd37Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4.
e1a9acb96925546add3e1ce254a50bbc614252f074056a0ef5979608da50141fDebian Security Advisory 1309-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation.
50aa9626cfa4730da2fe0ed5a11678a3a2a16dad9a652c32e07e8f4b9cd94973Whitepaper discussing security implications with PostgreSQL when improperly configured.
394fde0a55e01e4ceacd902f672a2e8f17f90c73974cfcf7a60f272b62d35440Safari version 3.0.1 for Windows appears to suffer from a denial of service condition in corefoundation.dll.
3eb10776e8d0480314e59dc2a8e510c996109a6b09fea84edeceb51250f9432fDebian Security Advisory 1304-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
32a9a2f20377739a47fa7d5c7bff44f5ffa3ce0d0a0a58fdfd7b4b880621dba8Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4.
05c53ade90b873cf4bb988e7c07cf6d6684d8a3da90559b82317f62755e0aff3phpListPro version 2.0.1 suffers from a cross site scripting flaw.
4ac08140ae3c4f00c6daf5b11559df1a45663acd0a1fd3b36d12bd4c45de1e95Papoo Light CMS version 3.6 suffers from cross site scripting flaws.
e579f75a655d419fa11dd11b26f62c32799f3cbefdaed0aa31631736bd823045Gentoo Linux Security Advisory GLSA 200706-05 - ClamAV contains several vulnerabilities leading to a Denial of Service. Versions less than 0.90.3 are affected.
b4e345fa075f4c567e32596985e2cd9f416f9aef985602312552f6b5d244db90Call For Papers for Breakpoint Security's first event being held in downtown Monterrey, Nuevo Leon, Mexico from November 17th through the 18th.
d7786dfa721cc722d1926c589272515ddd37a16c7bc86d0320b8b0b9f9736257
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed