phsBlog version 0.1.1 suffers from multiple remote SQL injection vulnerabilities.
b43407d9972ba902ffa42200aa9b61cdccdf4b0fe1d7d55aa7845a9c611f4be0Secunia Security Advisory - Chris Evans has reported some vulnerabilities in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
1a9ac05f1512e499b7f599acc8e8bbf17e1a871b6db0cbf9d187b772be362fc1Secunia Security Advisory - Gentoo has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
b7ae2fd7329767e84b795c26a5aa0be3b7e3bc92010a80d024caf1ced739ba5aSecunia Security Advisory - A vulnerability has been reported in CA ARCserve Backup for Laptops and Desktops, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
c8c550b7bf59110c27e7b11f935ba696d826a3fe73afef60d4179a8c5c5aed3eSecunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a vulnerable system.
71c6cc791a6c8ac7e240d95c6e0214fd3deaed4ebd1261cdb82dd06b46355549Secunia Security Advisory - Avaya has acknowledged a vulnerability in Perl in Avaya Communication Manager, which can potentially be exploited by malicious people to compromise a vulnerable system.
6b1a1f0417f6ff55f37b89c3fc32f48e8914882ea6de76c405e42e8347c11dd5Secunia Security Advisory - Red Hat has acknowledged a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system.
09ec28dce648df9d92da512144dd8be210e6d45fd105b59d9f3e91b71ca258a4Secunia Security Advisory - Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious people to potentially bypass certain security restrictions.
6ba693ee1c026bbbea8b02505a732c2b3e4c4d6161d8e2da485682d39b752c67Secunia Security Advisory - A vulnerability has been reported in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of Service).
a9d9e123b90edb6d2025fc3c2e4e26c4fdcb9283bfaaf639e3488b68a88e3f04Secunia Security Advisory - NoGe has discovered a vulnerability in LetterIt, which can be exploited by malicious people to disclose sensitive information.
f00ef5288cf0dcb2760c3f2015039d679cb563622e4992ef3386c0dc792a127aSecunia Security Advisory - CraCkEr has reported a vulnerability in phpMyRealty (PMR), which can be exploited by malicious people to conduct SQL injection attacks.
f347df9ed467a51dad71dae31ff48355a8d0e7cc29b25ad0c44240febee3a3f6Secunia Security Advisory - Debian has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
a1ca0f3d13a9f03ee1e308977c1cdcf2f8c76cf8c41371a1ff731a0fc69f2135Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
13320530858bb6453e4fbddb4dd4db703c4bcde75121ca12988a8095be142c25Secunia Security Advisory - Red Hat has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
61fa0113c8d89178164663e9e995bc1a896eb7dd39ca0f23c34255d6e992c752PuttyHijack is a proof of concept tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers. The injected DLL installs some hooks and creates a socket for a callback connection that is then used for input/output redirection. It does not kill the current connection, and will cleanly uninject if the socket or process is stopped.
76638a2bf29bf449a398893790d01602a562f5a3b12f15a2683f50a4e6412ef4Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
a2953591352d03f3fc6c90ab19946e32ddae5e64c481789798ac6d7be0918ae6Secunia Security Advisory - Knud Erik H
67372112ae88c3fad2c70f2ef5424c57798662718f5a6247086b500e2df51ae6Mandriva Linux Security Advisory - Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibly execute arbitrary code with the privileges of the application in question. The updated packages have been patched to correct this issue.
9089398cc45e671c7ec770f0a3763c42365ff672d9dcb1251f16997f946ef7ceiDefense Security Advisory 07.31.08 - Remote exploitation of an integer overflow vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with the privileges of the currently logged in user. This vulnerability exists due to the way PDF files containing Type 1 fonts are handled. When processing a font with an overly large length, integer overflow could occur. This issue leads to heap corruption which can allow for arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.5.2. Previous versions may also be affected.
bd9422a741573a345861eba59adfc7d12e18e349884ec64a39129a4947283475The DNS Multiple Race Exploiting Tool exploits an inherent bug in the implementation of DNS Cache. The result of this exploitation is cache poisoning/overwriting with new entries.
7a3c264805686bedf06f10fa7536403d679cf69f269b95cb8a11d4f3e1d026e6A stack buffer overflow vulnerability exists in the CarbonCore framework from Apple, Inc.
8f10731877760081c42f76a582a1e55510222a994f2ae198ea5524a668039206arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
f50e2f3a2ec6cfe4e4d15a6de0cfb5c707b7e703687800deb35456f914492ee4eStoreAff version 0.1 suffers from a remote SQL injection vulnerability.
bed9936b0bc24714bb1f590da1c74602f35cc7d4a4442a63363de87d3bebde38iPost version 1.0.1 from Scripts24 suffers from a remote SQL injection vulnerability.
374f1cd31154c5966c4adad3783005ff5e2d1ad0dca3ce3a6642b474bc3b319diTGP version 1.0.4 from Scripts24 suffers from a remote SQL injection vulnerability.
9a9aea1ee96ce6decf1e851acd6d5dd44e15ef387db13679b263a2e3372f8037
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed