Gentoo Linux Security Advisory GLSA 200801-10 - Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the movies parameter in file tiki-listmovies.php. Mesut Timur from H-Labs discovered that the input passed to the "area_name" parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user. redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php. Versions less than 1.9.9 are affected.
651e1e41f4d9e09219c2a40f47e60b2c82e9082ee3055d3805702f973677544aDebian Security Advisory 1474-1 - Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code.
7b33e06bd5959232e170d0a4ce8d281c53430944e859ed18f198945e30826d2eDebian Security Advisory 1444-2 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. It was discovered that the patch for CVE-2007-4659 could lead to regressions in some scenarios. The fix has been reverted for now, a revised update will be provided in a future PHP DSA.
dda79c6d77254050d19f65dcad2c8f912bd1eaafbc90711f0b3651b4cf9362f5Seagull STABLE version 0.6.3 suffers from multiple cross site scripting vulnerabilities.
7d451d9d5a98c7d6e782faf4ac2192048d2b61edb154b1cdd72bd858a52506c7efront e-learning LMS version 3.1.2 suffers from cross site scripting vulnerabilities.
e6144a7c9d5d381e91195a19b7116260cfd5cf614fa5cc0937251ccf3c3e12adComodo AntiVirus version 2.0 ExecuteStr() remote command execution exploit.
860eaa5b7ca93f42fedbecfe93bbdec266a10c29dab3d1d52b87859defc21004Lycos FileUploader Control buffer overflow exploit that can bind a shell to port 4444.
eeb507f6b97c9fdbb1d1f9f4a434fbbe12bc7ec5751927cafa8975907655166aAconon Mail 2004 suffers from a remote directory traversal vulnerability.
ee1ac69ccb17d1b1a2145e6f7919e50f8bac4518d9f9e6a2877bb76184271805Liquid-Silver CMS version 0.1 suffers from a local file inclusion vulnerability.
fa849d3fc76f9df5f2625df137ee27be5b0bf91228ecb0a2583a681eed4ef2adSLAED CMS version 2.5 Lite suffers from a local file inclusion vulnerability.
af400b87370b956274750ff712748b1b64e9a1745e6ac4676cce456d143ac66aSiteman version 1.1.9 suffers from a remote file disclosure vulnerability.
ea8e30d9620d5a2919cc0117103b200d807d851491a43ae372cedec665772941Woltlab Burning Board versions 2.3.6 PL2 suffers from a remote delete thread cross site request forgery vulnerability.
669314e58a743df84d9015b4310e8e66e99e3c79cfe01f1bcaa59b97bda1ead6HFS versions 1.5g through 2.3 suffer from username spoofing and log injection vulnerabilities.
5b3cbaf4dc12bfae2a139d34b04a6f0260e498eb9425aab233e032444fa1c0a7Syhunt HFSHack version 1.0b is an exploit for various vulnerabilities found in HFS versions 1.5 through 2.3.
cf5241d98b767c660b1da691f06531bdf11802f7be9b965f8b6a271445f08f40HFS versions 2.2 through 2.3 suffer from arbitrary file manipulation and denial of service vulnerabilities.
b808645f02dd720f4b5dc129b8f8e58df6ca146c7b5158604938c0d0f8bbd55eHFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities.
c6417b3811c50e7ea4316acb3c097304bd8f5ebfd4d871f85cbc2532a0cd2f0dLulieBlog version 1.02 suffers from a remote SQL injection vulnerability in voircom.php.
9205cfb1ce3c419a94b91d33289f4d544401fa07946f02846382e35e3d095f16Foojan WMS version 1.0 suffers from a remote SQL injection vulnerability in index.php.
cdac73b331c6325359ca88b57592db2134089609ba2941cbd5521eaf47fd33d3Invision Gallery versions 2.0.7 and below remote SQL injection exploit.
5b16dc6ec2bf29626d8b3b08435a7ff9d8d72680ddd5ba4cea2d3acc54bcaf17PHP-Nuke versions 8.0 FINAL and below remote SQL injection exploit.
bbc33d7d2f086e2e6bad6d462abab40ff6701f9a9f9281d6d264ff209b82899dPHP-Nuke versions below 8.0 remote SQL injection exploit that makes use of modules.php.
331d41cc3b124ed0de14c1abaa701666958fb35bda1e467571ed8d5b9e022bfeYaBB SE versions 1.5.5 and below remote command execution exploit.
a2dcb2e7f2a0ef13472c20454a0c9d7ef8cdd9d87b017f7b1718b35cf0e2f9b2Cisco Security Advisory - Versions of the Cisco Application Velocity System (AVS) prior to software version AVS 5.1.0 do not prompt users to modify system account passwords during the initial configuration process. Because there is no requirement to change these credentials during the initial configuration process, an attacker may be able to leverage the accounts that have default credentials, some of which have root privileges, to take full administrative control of the AVS system.
a9b8503c174834fdd7037d56ec24ac8e700a7b5d581a4afd28b0429f4d4bf515Cisco Security Advisory - A crafted IP packet vulnerability exists in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. This vulnerability is triggered during processing of a crafted IP packet when the Time-to-Live (TTL) decrement feature is enabled.
a9bfcafbcc2bd9db894d429c2e0b5218197bcf4f1789e04f655f2bc97c9864f9HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ARPA Transport. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
64dacf07175228bc7dc09a139827ead4e66a2362fe30e40bdae2cf8af0ec625c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed