Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
7011750e86e2350ac4aa01c2801209a1471d2cfd530582dc3a9b8ae8243bbe30Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
dda119fab4bbfc092df5941a6d76ce66e859a53e5fab37e511b65b301d0251c9Mandriva Linux Security Advisory - A flaw found in the mod_autoindex module could lead to a cross-site scripting attack on sites where mod_autoindex was enabled and the AddDefaultCharset directive was removed from the configuration, against web browsers that did not correctly derive the response character set following the rules in RFC 2616. A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
99928353f403d25058b0be4b7ae1cc98fadff2fc75cd15dec8eded067ebadb82Ubuntu Security Notice 570-1 - Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.
7a75a95eb54b1bbce2d18c0f317d1d00bfab67a4f2488a2f0304ee0df2be5cd5Gradman versions 0.1.3 and below local file inclusion exploit that makes use of agregar_info.php.
ca111e9fb1506c339f9f40df6dac92f656d360efd1a0e8693fcd55c02f925e67Technical Cyber Security Alert TA08-016A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
0d75a1573438056b77ca77062f90d6189bc149f21669ac74ba399b9f7aa91c25MyBulletinBoard aka MyBB version 1.2.10 suffers from remote SQL injection vulnerabilities.
885bbf7ceb22b810e73389a89b065ea8674e690816429176224d81ae17320b86MyBulletinBoard aka MyBB version 1.2.10 suffers from a remote code execution vulnerability.
0af5fb9f4092490c864cd396a3c12fc32749674efb46e40b8f30df6709fffff1A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.
d1adddda0bed4abbd64d6b58766d7cbc90bbbd0ab44c72ddd31afb9f5483c8eeProof of concept exploit for BitTorrent versions 6.0 and below and uTorrent versions 1.7.5 and below which suffer from a buffer overflow vulnerability.
a1b23a4696407d59e6915297d68f6340b5ecfad5200b23d9a06671b31be1090eBitTorrent versions 6.0 and below and uTorrent versions 1.7.5 and below suffer from a buffer overflow vulnerability.
7804196a3c68e02a9fe62e20e0f7f315ca83a3091b52bb5c8dcd19974c4d5c8dCisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.
52f72ec33d9e80d1f5ccfe6b8f9bc28ae3aa05d9dabf8b942304ad24a75f4b86Mini File Host versions 1.2 and below suffer from a local file inclusion vulnerability.
dddd51585966fcd9b66dbec0becf9ad3af392735160b537fb09462ed4292c3b4Blogcms version 4.2.1b suffers from SQL injection and cross site scripting vulnerabilities.
7055b7f59b9b375b2ccf49e5707f2210d371270af651ca0fc33a90e6a5bddcf6aria version 0.99-6 suffers from a local file inclusion vulnerability in arias/help/effect.php.
2227798c61a6c13da0a219ab942db2a3c871e47e15fb18de1ad574438aa2c1d5MiniWeb version 0.8.19 suffers from directory traversal and heap overflow vulnerabilities. Exploitation details provided.
5799c6c5fc79d425ac6b418209397eb7731bd51687ee3c4949324fea94c6634cPHPEcho CMS version 2.0 suffers from a remote SQL injection vulnerability.
20a81541b7228837f34d9fa3ed90db503ae6f84ec485f9251da4fe85feb5a603MyBulletinBoard aka MyBB versions 1.2.10 and below remote code execution exploit.
aa91d6d3bd64d3a6cae6b907ab80fdb42fd3ac0121d79eba2812b0f1301bc5f2PHP-RESIDENCE version 0.7.2 suffers from a remote SQL injection vulnerability.
0a4e95a7c6bc4704625bcdbc71e2a9dce1790f190687a2bea5a5755222f2e8c0It appears that the cPanel hosting manager suffers from a cross site scripting vulnerability.
70f086f77ceeb8de20ed048dcbd207c15586d0caf99f40c2f0692062863390f2Real Estate Web by Site2Nite suffers from a SQL injection vulnerability.
3504ae1cc83a800900093ece5bf32c65897c23489000b66f9a6a096fe8fc3c8aThe HTTP URL filtering function provided by the 8e6 Technologies R3000 Internet Filter can be bypassed by simply splitting the HTTP request line (which contains the URI) into multiple packets.
187a0e359bab1a916b2621f03264d407ca323d63ed31f60f2ffb569d23c49607PixelPost 1.7 remote blind SQL injection exploit that makes use of the Content-Length header.
891146cdd1a875d925fb1624b11e8ded3420fe0aac29009d56d2c89a4fb37d43ALITALK version 1.9.1.1 suffers from severe remote SQL injection vulnerabilities.
e72f4f0993335bce4ad2605189a21e4ae4b90da1360217cd3c030f2263f55c0eMailBee WebMail Pro version 4.1 suffers from a remote file disclosure vulnerability.
1f8a66617da5a4d95951635a9e0eefca05834e5215a5e9990ddfcb14bcf22dd7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed