The Netgear DG632 router suffers from a remote denial of service vulnerability.
9a8958aabaf48784b84218497d65d53cbbb47505c242c143bbbd7ec98c035307The Netgear DG632 router suffers from a remote authentication bypass vulnerability.
1818feb50968cf0776a3746ebe2f0f7b13166a30328356c4b83002d2e9df1e9bphpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability in listing_view.php.
c58ad0cfb7c0c94d8a5f4d360488dacd934c24ef0963d31a64c763ee6bbee7e9Blind remote SQL injection exploit for the Joomla iJoomla RSS component.
121bdda0ee89ef2f6f6d5b486157850580201ad037e5bea6076ad541895912e8The Zoki Catalog is susceptible to a remote SQL injection vulnerability in the search form.
99906b09a99128cdb4be9548688bf6b09df220667c8bd9fe373bbb19ae65873bApple QuickTime CRGN Atom stack overflow exploit that creates a malicious .mov file.
fb8e543a1b14d05da7d1eaf72adb2dc68be619562fc03383b54d35808421f260The vBulletin Radio and TV Player add-on suffers from cross site scripting, iframe injection, and redirect vulnerabilities.
2a658ed82ade2cbe65d85e97696da855037c00a04db06e087702785efc20ec33Ubuntu Security Notice USN-788-1 - Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files.
03c46ab8e039d95b3d68d8fff432ef9ad26a6c0edc896dd0c164b176129017f4TorrentTrader Classic version 1.09 suffers from information leakage, forced database backup, and multiple remote SQL injection vulnerabilities.
e8769d9da4b097523f74971e6c76bddfba18b6af3bdc4de9d5059363ee58d5d2The WordPress Photoracer plugin version 1.0 suffers from a remote SQL injection vulnerability.
79d64286fdeb1c3c428240c4f0ef515ae6d370c9864776e13470184dcdd133cbDebian Security Advisory 1815-1 - It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files.
ad63608a9520d0d064fda0d70c6160937238a9bb33814e1fb611af3e163f35cdSugarCRM versions 5.2.0e and below suffer from a remote code execution vulnerability.
b46bbb1752deb1c9295ffea5807d2e474bb3c4c6de135549995c2c9d75270085Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
6d97fadeca01d2e5ee203525b223ac4cd679980f47e622d67703c64b5711e36dAdaptWeb version 0.9.2 suffers from local file inclusion and remote SQL injection vulnerabilities.
d4add75fa25385d92452041623a88df0efa077f1ed23a576e5d434b05ae11008Elvin BTS version 1.2.0 suffers from remote SQL injection, cross site scripting, cross site request forgery, and local file inclusion vulnerabilities.
191399e1fec220534cbe41495d53b0c6358f217c80972cab1524de35fa59f90dDB Top Sites version 1.0 suffers from a local file inclusion vulnerability in index.php.
71352bf1853bab4b83bdfafa46d1b078a606412620ed42cf0d1956f5ae43e6ebDB Top Sites version 1.0 remote command execution exploit.
93d8a06caaf5690de2bb7c27089cc5e73ea3b9d8d141da2eba7acf6d96f1afd4Impleo Music Collection version 2.0 suffers from remote SQL injection and cross site scripting vulnerabilities.
8f6e16161583651c0a985b99937c04928d00eeaacc2ff6d35eec8d075fc758a7Evernew Free Joke Script version 1.2 remote change password exploit.
da90bddae0b91d23a85262ef92a35e133173075a5ca21eb3e480de7ef9160630Debian Security Advisory 1814-1 - Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data.
1251a085719d046c220358316daf5f8f362b05eb479e9c0d4ad744ff518c15b4Calling a CSS attr attribute with a large number leads to memory corruption in Apple Safari.
8696c6faba5a8300579b75b6979bea48b7c31cb18483efb7802cc5c6b277d26cApple Safari and QuickTime programs suffer from a denial of service vulnerability.
afebe5688f42de20f215c74637ba9a8e5c736d7c2a3f411f2ba4e22b0910b105The F-prot parsing engine can be bypassed by a specially crafted and formatted TAR archive.
dfbeadbf4429aedb4b3293e8587c35d54104a2ec76c6f28051b8946cbab51a94Norman with decompression engine versions below 5.99.07 suffer from a RAR related bypass vulnerability.
2752bd6cbaf45a3d245c65d2ae96d8968b3aaa13fc4e7e50d8bb6ee07d35ab7eThe Ikarus parsing engine versions below 1.1.58 suffer from CAB, RAR, and ZIP related bypass vulnerabilities.
358d51815c888893939a997bfb094d5961c12e6b4660b3012c271b5bda414c4b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed