Gentoo Linux Security Advisory GLSA 200812-18 - Multiple memory management errors in JasPer might lead to execution of arbitrary code via jpeg2k files. Versions less than 1.900.1-r3 are affected.
4d57aebd7f1e7f3c83b382b57ad902e73ac27115f7b4c7d96b63d1bae4385111Joomla fails to set the secure flag in the session cookie allowing the possibility of a session getting hijacked.
a0f0b11a97d38cd11e6da4f7b89ff1d72b8153bcd12e0b35bdbafea736cee8afThe Barracuda Networks Message Archiver product is vulnerable to persistent and reflect cross site scripting attacks.
7d5ba643cb91e384c25bc6c8b9b798506aa2c146a0eb1e25cdc27fb3cdcc863eThe Barracuda Networks Spam Firewall is vulnerable to various remote SQL injection attacks.
4a06cf636ddf600a8fa7b1e3104ca846b7810df35ab3c3da2a438c7b755bd9e4v6 is a script that performs SQL Injection, local/remote file inclusion and code execution scanning. It's controlled via irc as an irc-bot. It scans on a lot of engines, performs a mass scan, and a bypass for google and yahoo.
8e71b5b683b5e169ff5eded068320ed3e6687e1d1b55d98aa69608504172e1f0EvimGibi Pro Resim Galerisi version 1.0 suffers from a remote SQL injection vulnerability.
e8f5f29204963b8d74595cdf4d48b630601e20142e1af996f81579d2fd52400aGentoo Linux Security Advisory GLSA 200812-17 - Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. Versions less than 1.8.6_p287-r1 are affected.
fc3d0e1000f9f9bfede1eca24d080fd7125be4acdc61e8d5f8e06afcd003ef16Zero Day Initiative Advisory 08-088 - This vulnerability allows remote attackers to inject arbitrary SQL on vulnerable installations of Oracle E-Business Suite Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPS.ICXSUPWF.DisplayContacts package. The procedure fails to validate the contents of a WHERE clause containing user-suppled input. This allows an attacker to execute arbitrary SQL statements in the context of the APPS user.
45aace3526309f21ce527289fb342b9e73195493e59ce9dce43e859c100cfa9eAiyoota! CMS remote blind SQL injection exploit.
5fe1f519e4f3e8d6131052331a1e2520afba7ff252c5e3d08ca8a8fedffe9878FLDS version 1.2a remote SQL injection exploit that leverages report.php.
5d94a5a7ea6dce7ddf65ab0bab80b2fb2417b49558d782fe174b397b373b41e1Ubuntu Security Notice USN-691-1 - Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail.
8e6e9a4a0c546126aa35f85750f347d27b3886321646d22ce793a2ac11d744dfFLDS version 1.2a suffers from a blind SQL injection vulnerability in lpro.php.
eeca86bfa60726d6d88db68e98029bc47a279b2dd021a83f352a48710f441c60TableEditoR suffers from a remote database disclosure vulnerability.
c4025d206d7d798e5a6a3687064bcda8448b91f3dd12926fa6bb04cae009a72aPortail PHP version 2.0 suffers from a local file inclusion vulnerability.
f2a3c3253a127a6e100615a5eb7e4007d153297fdd9c9c2fb3eff3acc48f8c09Web Wiz Guestbook version 8.21 suffers from a remote database disclosure vulnerability.
12a1d911ce3e44a1ae03dc5639f41d374c1b052712e7fd084fdf6804f3106b06FaScript FaUpload suffers from a remote SQL injection vulnerability in download.php.
23ef236a5ece965a75b46e1929801b3871f530cb11ecb0241168031615b46eb7GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
896f9eae255dd403dea8c387a2642b6f82e829828c9731874a0b7b48721d414dSecunia Security Advisory - shinnai has discovered a vulnerability in Realtek Media Player (RtlRack), which can be exploited by malicious people to compromise a user's system.
f8b0bb94897577ded3db589558d8e8a830733120f8c9b84cf836b2e8faced230Secunia Security Advisory - SUSE has issued an update for freeradius. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
706f37e282f37557acfc21a241647be3a0239af982011de3d79d13eacdacfd55Secunia Security Advisory - SUSE has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c363e382bc9b1ef47fb92de14e7fb9bba0cc83be09f7ed4eaaba2c2ae4a628fbSecunia Security Advisory - SUSE has issued an update for IBM Java. This fixes some vulnerabilities, which can be exploited by malicious people to disclose system and potentially sensitive information and bypass certain security restrictions.
7f68293b74255ad08d1de471f04ffba4f068dfd5ea47ff735a7f44898650dad8Secunia Security Advisory - Dr. Marian Ventuneac has reported some vulnerabilities in various Barracuda products, which can be exploited by malicious people to conduct cross-site scripting attacks.
62d39486e0c0180ede2c66aa137ae9ae285954ed51fb2bb3b43db2127bb1f18aSecunia Security Advisory - Red Hat has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
89f251820b78e8a90b6fabc6659f6e0c23a8fb55454ff1770c36b71d798b08fbSecunia Security Advisory - Gentoo has issued an update for aview. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
71413bd02aec3c0a7e8a1cd3b8073ca68b14411ad7fd70982e32433ab22765a9Secunia Security Advisory - Fedora has issued an update for gallery2. This fixes some vulnerabilities, can be exploited by malicious users to disclose sensitive information and conduct script insertion attacks.
7c7247d88ee7fa6cea7f067a4f59534cbacc403ff2f07c41ce05766d0352523f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed