Ubuntu Security Notice USN-723-1 - It was discovered that Git did not properly handle long file paths. If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the Git web interface (gitweb) did not correctly handle shell metacharacters when processing certain commands. A remote attacker could send specially crafted commands to the Git server and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 7.10 and 8.04 LTS. It was discovered that the Git web interface (gitweb) did not properly restrict the diff.external configuration parameter. A local attacker could exploit this issue and execute arbitrary code with the privileges of the Git web server. This issue only applied to Ubuntu 8.04 LTS and 8.10.
17d62f357f88613408934998f6f8acba1f9c1576a46661f6c95411b81a97727fsmNews version 1.0 suffers from authentication bypass and column truncation vulnerabilities relating to SQL injection.
d6b75155ae09016fd8e1f67bc93f99e04d4acb7781f363113f4a0510cd11a0f5Mandriva Linux Security Advisory 2009-042 - Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. This update provides samba 3.2.7 to address this issue.
efb5f8b23c9eedd417563c173288af30bba7270229333d7b3a27d00d1092a230Firepack remote command execution exploit that leverages admin/ref.php.
9f800e7811550ee7ca91685d945d94d78f45695c9afac4765475f0a9180ae474The NetMRI login application suffers from a cross site scripting vulnerability.
5f012b9993fa93366127afce061d47cc8d93f6d1000505273f4cce2c073aff27admagnet.com suffers from a remote SQL injection vulnerability.
20e334330d3ef3c19af98ea398d13e7b41f0f5e6a57314c92d3aaa8b295482e4moneycontrol.com, a well known finance screener in India, suffers from a remote blind SQL injection vulnerability.
9c1cd8b331cee84b582fc88547729bdb80b81fadad7103982bc33613d29c8cd4India's biggest hardware comparison website, compareindia.in.com, suffers from a remote SQL injection vulnerability.
f821f08efe58a7df57ee30d46c0247303db76a798e9b8a9a71d8c3f61d6513c5mtvyouthicon.in.com, the site for the TV show, suffers from a remote SQL injection vulnerability.
b90d613ba357c3d06448e92dfeb2cc46a1298f4a0a69426f4a1438536b3fad55bigboss2.in.com, the site for the TV show, suffers from a remote SQL injection vulnerability.
217062dc52bab5c9c4d8fc316ffb173f73d13db45beabfa3c9aac6cfa34347b3SAS Hotel Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.
585341fa02961eaffc8aa4656a64bf3e17d9e2a57f06258cd16f21e46151189cThis Metasploit module will escalate a Oracle DB user to MDSYS by exploiting a SQL injection bug in the MDSYS.SDO_TOPO_DROP_FTBL trigger. After that, the exploit escalates the user to DBA using "CREATE ANY TRIGGER" privilege given to the MDSYS user by creating an evil trigger in system scheme (2-stage attack).
84bfd4cbb0c258c978b6b3a520766d1e250483da872d06460174b4cdb2b222b5Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
615bf8765d51992e9d5921c727dd13956a255f2d3e98d58a7689cf9cacce1d50Secunia Security Advisory - A security issue has been reported in WebSphere Message Broker, which can be exploited by malicious, local users to disclose sensitive information.
8656c2abb7a6643b5ff3eed69bf3c4f73363cec32facba467475896d8573e6b0Secunia Security Advisory - Ubuntu has issued an update for fglrx-installer. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
308d216a297bb0041e844ba21f0b662dc242e0734cdbb7e0324626ca972d10c3Secunia Security Advisory - ZoRLu has reported a vulnerability in SAS Hotel Management System, which can be exploited by malicious people to compromise a vulnerable system.
5de8e16453046d88eb54d29550c4a6765d9d47da24b17c2a332358aa2ef7e6e2Secunia Security Advisory - SUSE has issued an update for websphere-as_ce. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information, and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, conduct cross-site scripting and HTTP response splitting attacks, potentially hijack a user's session, and cause a DoS (Denial of Service).
6abc0b8d57cf8e5a68ad6f48d38587cdb88a14fc10a157152b22c238a0d8ae4bSecunia Security Advisory - A vulnerability has been reported in Symantec Veritas NetBackup, which can be exploited by malicious people to compromise a vulnerable system.
6bfa574d825691ce0a15a8ec2015e69d56b55f8fb8a6505d4a6ec4d66fff2616Secunia Security Advisory - Kevin Day has reported a security issue in djbdns, which potentially can be exploited by malicious people to conduct spoofing attacks.
3454d654b01589a0e2f5ad090efb1cb2f4419a8b8986ab03ccf7fae66da6fd92Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and bypass certain security restrictions, malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and by malicious people to disclose sensitive information, conduct session fixation attacks, cross-site scripting and request forgery attacks, bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system.
3aac417cacad07dc406ccb7d1319d6c546f163f3e3e47021d2a1975457112c13Secunia Security Advisory - A vulnerability has been discovered in TPTEST, which can be exploited by malicious people to compromise a vulnerable system.
e7c8cb5feceefd73e0a29d1dfac6bcbf121c82217d431989c55799dc6b61042fSecunia Security Advisory - A vulnerability has been reported in phpDenora, which can be exploited by malicious users to conduct script insertion attacks.
7ee53391b86f00a6e2937303aa89ba3c9b102fd875fa49009b30d95b676f5892Secunia Security Advisory - A vulnerability has been discovered in RavenNuke, which can be exploited by malicious users to compromise a vulnerable system.
cecfd82b139a47ed36eae121994a0e2a212f422d7a1baa0dcd0d38ec232f2e3b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed