eVision CMS versions 2.0 and below suffer from a remote SQL injection vulnerability.
9c8d713c7c35a06064f7bf6581fe29cc3b13eb24149ab46c58068d0d87aa92a0Spider Player version 2.3.9.5 off-by-one crash exploit that creates a malicious .asx file.
b37924ca969231857597c6d80c70325c1e5ce9445a881ee2eb632255500c7376Orca version 2.0.2 suffers from a remote cross site scripting vulnerability.
916cc9d1b3596aac9e10d1096cfb1304c660a986a0ca4b448435203756a4c7b3SkaLinks version 1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
85cf8611765eb9db0d0df17c831ed0d0ef03a9724505f23eeea2a0a553e75317BPAutoSales version 1.0.1 suffers from remote SQL injection and cross site scripting vulnerabilities.
c023e0c309be5317be25973826c74be4242842fb27f5c736b0797e8db4d772edReVou Micro Blogging suffers from remote SQL injection and cross site scripting vulnerabilities.
3c5169d763298c5231c8f2d1d773b6e643d7a8d1aa9e1ce5795a96318c8f8c00Updated version of the Google Chrome chromehtml: code execution vulnerability that demonstrates disabling of the sandbox. Version 1.0.154.46 is affected.
51fc96a054aa0a16bfb637685259cda45d65bdab9ef532392919c35d2dc90cd4Enomaly ECP/Enomalism versions prior to 2.1.1 use temporary files in an insecure manner, allowing for symlink and command injection attacks.
c2f83d754ab9d6bdb0af2e41fc5bf6c46034f1807d705f25738a759685b5720dNovell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8348d6de98893f1fbe8f491cb7e3dbf8a1f1b7c208a476cf8a27a8b3c4e972c9Novell GroupWise WebAccess suffers from a cross site scripting vulnerability. Version 7.0.3 is affected.
8c6f6fe9e4d988f1180099d2a613b38e803523f9b1e5b972d27ba0320dec08c6Novell GroupWise WebAccess suffers from a cross site request forgery vulnerability. Version 7.0.3 is affected.
720e54a18ca643bcc529127da3cfa1c3758769a635c402db883befa22705bec0Bugs Online version 2.14 suffers from a remote SQL injection vulnerability.
0a88d3b55f28b0a4f82f0dce8c3bbc62c5a92db5018bc1800885eceaafb87f28SalesCart suffers from a remote SQL injection vulnerability that allows for authentication bypass.
272e003df6bc0f8bfd7425c36a392cf8f9a03239d5d94771f9f1a8d8b7c38288The Synactis ALL_IN_THE_BOX Active-X control version 3 can be used to overwrite any file on the target system.
4afaabb56023a25add6063e9ec59e28b576018aa311b37d57b0e39e863ead25cRFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
6ad7db2fee05e7f77e25141a1ffe1e2520f58a86433a935340e2606f12d65c95OpenX versions 2.4.9 and below and versions 2.6.3 and below suffer from cross site scripting, SQL injection, and directory traversal vulnerabilities.
1832f2bf4c9549691dc54114426b945ebc52efd40a6911f23a26b27c4143a951Ubuntu Security Notice USN-716-1 - Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Fernando Quintero discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting vulnerabilities. It was discovered that MoinMoin did not properly sanitize its input when processing user forms, editing pages, relaying error messages, or when attaching files.
3cf813802484b2e1dd4008c636dbd66d0098aaba73a35e91aab0e08180c8c49cRemote SEH overwrite exploit for the Amaya Web Editor version 11.
2c0b2d54999c4dfb93c0f9554c5cdb8eca499a61d6e95636691122746b9f35b5Ubuntu Security Notice USN-715-1 - Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts. It was discovered that the inotify subsystem contained watch removal race conditions. Dann Frazier discovered that in certain situations sendmsg did not correctly release allocated memory. Helge Deller discovered that PA-RISC stack unwinding was not handled correctly. It was discovered that the ATA subsystem did not correctly set timeouts. It was discovered that the ib700 watchdog timer did not correctly check buffer sizes.
38c520869098e9813d93864d6c37bc8de4fe7d2bc92f3b2be53a69a2c73f4c00PHPass hash brute forcer. This cracker works against any hash created by this framework to encrypt and store hashed passwords. Such projects that use it include Wordpress, Drupal, bbPress, phpBB3, and many others.
961a2e5522b52e08738a3bc9be03961d5712e7df699ec03509de6d004107c36fDebian Security Advisory DSA 1704-2 - The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files.
a53dde812a55df0e6191af651858f7f511c485436ae9c37e4f3c81409cb7e605PerlSoft Gastebuch version 1.7b bruteforcer and remote code execution exploit.
b5868e023a69e0ce31dbec8579a2cfec5d5c25a32f25f07c9f3aafb5365e85efBeltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
55980cb2ec1a2cfdd01689595f3efd138b5d2f80dc934022f5f5a11b2fb20f71Cross site request forgery exploit for the Zoom VoIP Phone Adapter ATA1+1.
b7a879af0e63dfc674bbe105d6e012812a973586e3a3408e57c389415d5f7ed3The D-Link VoIP Phone Adapter suffers from cross site request forgery and cross site scripting vulnerabilities.
c4e3b913ff8a3c1893e65e9fa06fdd4a1a81f7006e219e1c4da73116200e008e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed