MagicISO CCD/Cue local heap overflow proof of concept exploit.
d0c77263a385d2009c8736b1c54b6d73chCounter version 3.1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6013e665e13d93c9c56d25aed0f52edbSMA-DB version 0.3.13 suffers from multiple remote file inclusion vulnerabilities.
2b1172fc21875e15700edc73c31140bacpCommerce version 1.2.8 suffers from a remote blind SQL injection vulnerability.
43077fd50880301ab96cb65602dc75a7Gentoo Linux Security Advisory GLSA 200904-15 - An error in mpg123 might allow for the execution of arbitrary code. The vendor reported a signedness error in the store_id3_text() function in id3.c, allowing for out-of-bounds memory access. Versions less than 1.7.2 are affected.
15e85ae8c6e52124d209323e0c29efc2Ubuntu Security Notice USN-760-1 - It was discovered that CUPS did not properly check the height of TIFF images. If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile.
d38359ae4536587eaeea7ea5915fec87Ubuntu Security Notice USN-759-1 - Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that poppler contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
a43a33a30ef0000bd0f3cc2a4ed6b10eApache Geronimo Application Server versions 2.1 through 2.1.3 suffer from multiple cross site request forgery vulnerabilities.
8fdc6c35c9122287c7a9fd49de8856e9Apache Geronimo Application Server versions 2.1 through 2.1.3 suffer from multiple cross site scripting vulnerabilities.
f854fa4f33005b4677a8f70f32e711bdApache Geronimo Application Server versions 2.1 through 2.1.3 suffer from a directory traversal file upload vulnerability.
92ff869ef57bdd6cb65e66edf4765131Razor CMS version 0.3RC2 suffers from cross site scripting, weak file permissions leaking credentials, and arbitrary php code execution vulnerabilities.
fabc9ae5fa5547ede7d47cfc47c37a43DNS Tools PHP Digger suffers from a remote command execution vulnerability.
3071a7831f3a1428fef70989512bc59eThe Miniweb webserver suffers from a buffer overflow vulnerability when a URI longer than 120 bytes is requested.
a19152f8054041359a0c0cb34d61f6c5The Miniweb webserver suffers from source disclosure vulnerabilities.
a6bd24d83103eba57b49aeeadf61d941Apache ActiveMQ version 5.2.0 suffers from multiple cross site scripting vulnerabilities.
730bcdba54ba8bcb45c891039e83c7e2webSPELL version 4.2.0c suffers from a BBCode bypass cross site scripting cookie stealing vulnerability.
7f0686dc0a504a7d8fc47cc8479daad3Online Password Manager version 4.1 suffers from an insecure cookie handling vulnerability.
14b9cd5c70a11ad7c667d2819c1f290fNetHoteles versions 2.0 and 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0f9b8c4a89c3bce865ed0a6250aa9c87Debian Security Advisory 1772-1 - Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon.
b3f3ea7fe0eba5dd6681b2acc9340bf3Secunia Research has discovered a vulnerability in Danske Bank Danske e-Sec Control Module ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in DanskeSikker.ocx within an error logging function. This can be exploited to cause a stack-based buffer overflow by passing overly long input to certain methods when the ActiveX control has been initialised in a specific manner. Successful exploitation allows execution of arbitrary code when e.g. visiting a malicious web site. Version 3.1.0.48 of DanskeSikker.ocx is affected.
67e14bef91ae6dea80fb83dabc256986Unprivileged database users can see password hashes in APEX version 3.0.
9b427a240f309953a54a45c86cfb03a5The package DBMS_AQADM_SYS contains a SQL injection vulnerability. Oracle versions 9.2.0.8 through 10.2.0.3 are affected.
81ea5e5cbda3261558cac5a966655936The package DBMS_AQIN contains a SQL injection vulnerability in the procedure DEQ_EXEJOB. Oracle versions 10.1.0.5 through 11.1.0.7 are affected.
866f9e1ee4fe79cde7302249f4e73b68Phorum versions 5.2.10 and below suffer from cross site scripting and cross site request forgery vulnerabilities.
8091104d3b5ff26d919f9b2bcad6f9baGeeklog versions 1.5.2 and below savepreferences()/*blocks[] remote SQL injection exploit.
4d2e1e0e03c6aada4e9a5a57aaf47182
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed