Secunia Security Advisory - SuSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks or potentially, to compromise a user's system.
abb4debea36e6d7b74ea20790856fdf9a84c59cdd294db094df70ebe37ebf950Secunia Security Advisory - A vulnerability has been reported in various SonicWALL products, which can be exploited by malicious people to conduct cross-site scripting attacks.
03478b856a1e929e599f49b447d652c90f6eb63b6d3df1bae5ce080c3cd2368eSFS EZ Link Directory suffers from a remote SQL injection vulnerability.
eb7e30890089f881bd885fcacd95be7afa0760b0f7bd29fbfe54e7eda156b277SFS EZ Home Business Directory suffers from a remote SQL injection vulnerability.
53b4405c9f25066f52012c4ef68ccf4fd49c438e911c0d7e505397af56f903d9SFS EZ Gaming Directory suffers from a remote SQL injection vulnerability in directory.php.
b1c51dff86e37be1c66d6d00122d661facaa4e14f67979a83f16f8022c064b02SFS EZ Hosting Directory suffers from a remote SQL injection vulnerability.
eee0e246ff0054e3db5f3527a57848d0451fdf47e28245f70d8c8d1059cb8518SFS EZ Adult Directory suffers from a remote SQL injection vulnerability in directory.php.
9c7d5e52593c67f036a1ee78504e88cdfa17bd41f1e2596616191461ce05b011Logz Podcast CMS version 1.3.1 suffers from a remote SQL injection vulnerability in add_url.php.
62e1b4014c75ae8d8c85269234d464400f8cc7d8571a8725d35e251a57748d6cAbsolute News Manager version 5.1 suffers from an insecure cookie handling vulnerability.
ec21595204a96c02f2a4e95ab44c3a1e2632f5429a568deef9a18b63598e94deA-Link WL54AP3 and WL54AP2 suffers from cross site scripting and cross site request forgery vulnerabilities.
e521d8c668e30f86dd30fc18bb9c399f4bfd9ab97f2c13fc62dd214614f50f0dSecunia Security Advisory - Secunia Research has discovered a vulnerability in Interact, which can be exploited by malicious people to conduct SQL injection attacks.
237d3f47ddc0733f5345595417890b4a9b8c11d998826f880b43223fcfd8c5d2Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue. The patches used to correct the problem on Corporate Server 4.0 and Corporate 3.0 contained a problem where certain fonts would not be displayed and would cause applications, such as drakfont, to crash. This update corrects the regression.
e1196696c73c394dbf50e0a49b97c9f35c40bd02c8e77f3cb912fcb4250312f3Typo versions 5.1.3 and below suffer from cross site scripting and SQL injection vulnerabilities.
9574ae2fd17a5d2d1e2e6f280ad9dc7b454ebfe4fd847d968e506506add2e254iDefense Security Advisory 10.29.08 - Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service. A stack based buffer overflow vulnerability exists in the Apache Connector of Oracle (formerly BEA) WebLogic Server. When parsing a request with an invalid parameter the module uses a string without properly validating its length. This string is copied into a fixed sized stack buffer. This results in a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in WebLogic Server Apache Connector version 10.0. Previous versions may also be affected.
92646871e75b29ac768127a34b35cd0ed021ef5d8cb5332e1bcb8be06a4c49f1Whitepaper on reflective DLL injection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) loader.
d4c845146542e7c4daa316021f940f6a435e62c6de95c4a2ff54f948743b9bf2iDefense Security Advisory 10.29.08 - Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user. Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4.1.
fdb454b37d786a9ada30ce36452df4141a400dde4634b766ff1948e16de69370Secunia Research has discovered two vulnerabilities in Interact, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks. Version 2.4.1 is affected.
0a344337ca58023d8bc7f45f6b29427586180f34f0c225d4308d31fb3505ee02Cpanel version 11.x suffers from local file inclusion and cross site scripting vulnerabilities.
fc9c75fcc3826c552deabea223778dc3317c6103193863734ee77b6b2de9a031VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code.
9b95b2eac411ccf8ddbae9b70391be0685aa4158605a231698472c0a4d751e09Opera version 9.62 remote code execution proof of concept exploit.
99519c821d8e9aa73da7aa77657d8f49815122251f2c46111c03704a688e8fbcAbsolute Control Panel XE version 1.5 suffers from a remote cookie handling vulnerability.
692d052bff70f3969070fb053c2675c8a694b5843ef0c9fb83592a9a2bfbf096Absolute Live Support version 5.1 suffers from a remote cookie handling vulnerability.
eb46e92b5ef6376cd9fbe204087bc6377c7bd566152c8369fa14025fdb1700afAbsolute Form Processor version 4.0 suffers from a remote cookie handling vulnerability.
80322168e38ceb8461f657c816b8da6ce5e46df076e9e8c6a0d43b67e7ca7929Absolute Banner Manager suffers from a remote cookie handling vulnerability.
75d16864ed10f7ab4c6eb22f563dce11cda7275f35f89a36da7c54fc0f818c4bAbsolute Content Rotator version 6.0 suffers from a remote cookie handling vulnerability.
b03a8a5b9e1c935ddd45e62104f33c5ed37b6b907b7f53adf7175129ae2e7c39
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed