Ganeti versions greater than and equal to 1.2.9, 2.0.5, and 2.1.0-rc2 suffer from an arbitrary code execution vulnerability.
38ad9fb8176a29c49ef7d6bc05a8b7d39a8a5f0fd8c68eab4b4ac8fe36fc89c9Winamp versions 5.56 and below suffer from PNG / JPEG data related integer overflows.
00ac4b07e29ca97458c3bf23efeb44c90db99bf75eae3b7d99c57c99fcb24140Horde version 3.3.5 suffers from a cross site scripting vulnerability.
1627efc1a062f84d9d9c5667d6a97f0f55081228b23f76fefb6717a55faaf8a5Cisco VPN SSL Clientless lets administrators define rules to specific targets within the private network that WebVPN users will be able to access. This specific targets are published using links in VPN SSL home page. These links (URL) are protected (obfuscated) using a ROT13 substitution and converting ASCII characters to hexadecimal. An user with a valid account and without "URL entry" can access any internal/external resource simply taken an URL, encrypt with ROT 13, convert ASCII characters to hexadecimal and appending this string to Cisco VPN SSL URL. Brilliant. Versions 8.x and below are affected. Proof of concept included.
eed08b404d2e80d03da94999244f8dcc1cc89b2c4db6f0ac79d11d118d8c4c7cSitecore Staging Module versions 5.4.0 revision 080625 and below suffer from authentication bypass and file manipulation vulnerabilities.
0021244a4c6cebaaec10e5a1c3d431de7999b29903a312e90b39f88e0151ebb6SomeryC version 0.2.5 suffers from the same remote file inclusion previously discovered in 0.2.4.
f3ec16bd27b334c53f45b7a77fadbbce3355d1f6297ca6ec6a8f1c3f6b984e5aRumba XML suffers from a cross site scripting vulnerability.
d25348706003b40e96af4297734bb2cfcc34deef0399ab25849570e52107f78eHostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby and licensed under GNU General Public License version 3 (GPLv3). It's goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.
a06c770c7aaaaaa5ceac444c53dcb693e0a188f472e1d9b614145219d8de7f17Secunia Research has discovered three vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions and can be exploited to cause heap-based buffer overflows via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.
ca49063a3ce1d04720b9450f40327282be08ce864b34b3207257c6a67a5ed246Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.
07e9de28b9074addc7c2002be4bc50f5d8a928740507ce513ac4af97b163c2e6Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Ultratracker files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
da211724536ef1c0859a7361b4f4cf6b1b6866921c4d73d47b44411d27b7fddaPHP F1 suffers from a remote shell upload vulnerability.
f8a3aaa2ecebf10bba91b9dd757a4fb77861c059319794df9cbaf53ec4392438Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Oktalyzer files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
123cb62bfd01bb8e6554db8f9fa0a7da3e9f532dcd856406860c649b903bde01DBLog suffers from a remote database disclosure vulnerability.
e85613a71a24eadb016d3ee0b8e925f7a8c9faf13410733cfe77edb58692a5c5Mandriva Linux Security Advisory 2009-334 - Multiple poppler vulnerabilities have been addressed though Mandriva failed to note them. Check the CVEs for additional information.
030273d5d33a240b7b1fd29191f45d4461d598cf3adb0356f63b653f5b433171Basic PHP Events Listed version 2 suffers from a remote administrator addition vulnerability.
74ed9b3642d70d0412605811887c34ceccf76ce3536f5299e16f7330254e7f58HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector running on HP-UX, Windows, Linux and Solaris. These vulnerabilities could be exploited remotely to execute arbitrary code.
6cc8f95ed238f04230a64989f4543105eec588432c89532c7c415c015f512406Jobscript4Web version 3.5 suffers from multiple cross site request forgery vulnerabilities.
065f02f1573dfa592a1aa6d0b782b4c891a70801860af56a5c95efcaf8bbc00bMatrimony Script suffers from a cross site request forgery vulnerability.
1716b41e4bcc6a693df27ace159b8b94f99ea19d9dd8d331b16924ee294ded5aSecunia Security Advisory - Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing attacks, or compromise a user's system.
25a2538fec74e08bc6d336d10cba14c00c3465b00148729b1dbb7407aca0e276Secunia Security Advisory - Maxim A. Kulakov has reported a vulnerability in multiple Kaspersky products, which can be exploited by malicious, local users to gain escalated privileges.
3ed36b5f9b1d604a9760c658a9e56ed5742a6d6999e0355612281237729ab11bSecunia Security Advisory - Some vulnerabilities have been reported in ScriptsEz Ez Blog, which can be exploited by malicious people to conduct cross-site scripting, request forgery, and script insertion attacks.
87515113710eb062a6753aca3446f3116ef235ce80cdbe2ad9d336077bbe24dcSecunia Security Advisory - A security issue has been reported in GNU Automake, which can be exploited by malicious, local users to manipulate certain data.
dc5a0bf1c63345153fc2af008d05c33860bda7796b89325f1675051b4db4fbf2Secunia Security Advisory - Justin C. Klein Keane has reported a vulnerability in the Sections module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
8ce8527c3873d7d56989db9f9efd9a840d4e8e403faf408cb14e8a3846da161fSecunia Security Advisory - Some vulnerabilities have been reported in Cisco WebEx WRF Player, which can be exploited by malicious people to compromise a user's system.
8baa669dcbaf015922a456ac5d58e3d8b4ad6d55c31a05dd2f9d9442d6fc35c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed