Debian Security Advisory 1663-1 - Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length, which allows spoofing of authenticated SNMPv3 packets. John Kortink reported a buffer overflow in the __snprint_value function in snmp_get causing a denial of service and potentially allowing the execution of arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). It was reported that an integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c allows remote attackers to cause a denial of service attack via a crafted SNMP GETBULK request.
a19804a0912f8fe7ac6238d40b4580eace04fe36d7921f60bea37ac8cae27f8fKsplice is practical technology for updating the Linux kernel without rebooting. It enables you to avoid the disruptive process of rebooting for kernel security updates and bugfixes. By making it easy to keep your systems up to date, Ksplice helps you avoid the security and stability risks of running out-of-date software.
6f671a0853bee3d0f898ea083d17154e5177ad04b1c9a40a619535004ac4ad63Whitepaper entitled Using Parent Domain Traversal In Drive By Attacks.
d4d787c3d1f2cecfefafa05d2971a62b461e882fb8960cf9235ced39cfdd1187ZEEMATRI version 3.0 suffers from a remote SQL injection vulnerability in bannerclick.php.
178f6d7dbcc30d0877d51f7158df43778391aef8f365b6b68db61b1e6d78994fZeeways Shaadi Clone version 2.0 suffers from a direct access authentication bypass vulnerability.
614ffd97d1f4420ae85fa94cab3eaa2e26446c69f078b59d3c3addf40a33db3fZeeway PHOTOVIDEOTUBE version 1.1 suffers from a direct access authentication bypass vulnerability.
15e168fe7b2c5a57ea44f91369b2043aa1c30da08dc125f70ec6cb023edbba58MoinMoin version 1.5.9 suffers from denial of service and path disclosure vulnerabilities.
69551d639e909c8105507593eda4f7945172f4e91bf44a580a6c4db9f7308eafDigiAffiliate versions 1.4 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
3500ec3c41a225300a3ebf63d448c9462d0e4a5b8cdd9401096a5d599daee6bbCyberfolio versions 7.12.2 and below suffer from a local file inclusion vulnerability in css.php.
1b18ff55b4dad1008c829b688f60694f02c1c14bf5895628c05840647ce844c0Enthusiast version 3.1.4 suffers from a remote code execution vulnerability.
348e9e6a52277a58feca1ac07f0794a550b7596b64279ec1bd0f72cacdad7d42Metrica Service Assurance suffers from multiple cross site scripting vulnerabilities.
efb76074db6deb06f9b1d9ffd0b5981c9af7ef7fc6bc3af21f420e06067ac80fRemote blind SQL injection exploit for the n-form Mambo component.
36123b9120432bc219cdc7ac599b38ea0276c4d9a511e87a1cc31c3ac5377157ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the 'clamd' process by sending an email with a prepared attachment. Versions below 0.94.1 are affected.
6cc70ca47bd8e70a162e0b466166e4ae4e11b76c25c6b31b93bb29214c73de19This Metasploit module is a credential leak sniffer for the GE Proficy Real Time Information Portal.
9788f2d35640353df39ddbc0a6e32a572a688684a9eee64d17eb6deecfd827e3V3 Chat Profiles / Dating Script version 3.0.2 suffers from an insecure cookie handling vulnerability.
083ce5cbfc66af1765fad42e050c02a673559fcb0fe21f8b7fe6b29ab3172d05Swish-e suffers from a cross site scripting vulnerability.
32c0c8336502d1198e951bae46476b17a3d80992062f0907edefd211475d531cSatCom CMS suffers from a cross site scripting vulnerability.
92cc1fddeae81cd07e57885a33912fcfaf5569149e4332d58b88dd0e32f8ebd0Ez CMS suffers from a cross site scripting vulnerability.
be3747e852c5239e532ee42f8b7b16eb758126a3729c31560c90acd3b92f03baReview Script suffers from a cross site scripting vulnerability.
9105373e4d44f044880bf5963ddcb28f4014c965ce451ee6811a69ea4631f902Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
d6e1a9cfd1f0a0acb9cc65e58bc24a6acdcb7bd149a4ff9cdf2f2f0b8d54f1d8Secunia Security Advisory - Nine:Situations:Group::strawdog has discovered some vulnerabilities in hMailServer PHPWebAdmin, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system.
fb60589b5bee0df364527efe1bcd5a87d3c2f5ceb483d80df21906268f746cc6Secunia Security Advisory - SUSE has issued an update for yelp. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
f08e39c838a244d61d7f8eb5a88772062dc88ed47b3fe781a766fb15de832eafV3 Chat Live Support version 3.0.4 suffers from an insecure cookie handling vulnerability.
c261e9035309495ce49192c6af6bdad1dafc7d71ef9450bd5f0f0a8299c0f2c5Mole Group Airline Ticket Script suffers from a SQL injection vulnerability that allows for authentication bypass.
1b77f32df3f7b5b2696c0cdd4a8ac990b57c065003d21d00e35b83d14b17fc1dExoPHPDesk version 1.2 Final suffers from a SQL injection vulnerability that allows for authentication bypass.
b5bea9d01c53684ba3d4180c8ffc9f4591ce9a7474ccf045ab1057ce11db37c4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed