LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.
c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26abVUPEN Vulnerability Research Team discovered a critical vulnerability affecting Adobe Acrobat and Reader. This vulnerability is caused by an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document. Versions 9.2 and below are affected.
1aa7c92056fdf6a92efa15fd83bcd82f7d102180f06fa7e2c1d656f2e3562927Mandriva Linux Security Advisory 2010-009 - The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct this issue.
d1aeec67eec6887d76ca8f55deb110bf96caf2a2d7dc196f59f2420f47db0f9aThe Joomla Uploader component suffers from a shell upload vulnerability.
e7a8ed914533ab8f44032d020abc9b1b5b343b92089b00cef55695849f9bd0dbTestlink TestManagement and Execution System suffers from directory traversal vulnerabilities.
83f339bed5abb1597662d74924888afa7fdc10c709333f7bf52d46be82a6cbe1Testlink TestManagement and Execution System suffers from cross site scripting vulnerabilities.
8a208e2fc273c56399bdd1d85eaf21d90d1e06ad4d3f4357aba6e056b9c2bfd1AthCon IT 2010 Call For Papers - This year the conference will take place in the Jockey's Country Club in Athens, Greece from June 3rd through the 4th, 2010.
aead2e21aa94d19811388ae9a86da1994a771a8921eb3a3aefcd6378e27670e1Funk Gallery suffers from a cross site scripting vulnerability.
2693d7cb467c2c79d91050cdd91539afa12a10c282b339895ea1a798f93e07a0Mandriva Linux Security Advisory 2010-008 - The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
c5438a6562ebbc112246d9acf0442254a06cf7b21ae5ccf722fd2dc399400237This is a whitepaper called Packet Sniffing. Written in Persian.
28f05e70d4182aed3be7382328c2b3298d5cea3b1f552305a53bab3386bf7486Mandriva Linux Security Advisory 2010-007 - The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable. The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. The updated packages have been patched to correct these issues.
a5e30a5cb2e7c44e5f7ca9485bed9a3fcf2dedcd62d54e21bee5b2d8140cdbabMicrosoft Animated Cursor .ANI buffer overflow exploit written in Perl.Works on Windows XP SP2.
43aede19b0ac28f7f9411fea3b80041598e5233b0d8a97c97ff5aec340e5f6f5OtsTurntables Free version 1.00.047 SEH overwrite exploit that generates a malicious .ofl file.
a7fdaa109e8fe81be46cdfcc3fb8311010c5f4907dea08453866bcf33b38e502Micrologix 1100 and 1400 controllers suffer from multiple vulnerabilities that allow unauthorized control of the PLC. Details of these vulnerabilities will be disclosed only to legitimate parties such as asset owners (utilities), after receiving the approval of the local CERT or any other local official entity.
488ad569c5cecbf68d458ed4c08071d485ed70de51bbe59a8bd1260aa745c3cbSurge FTP's administrative web interface suffers from an Apache Tomcat 5.5.26 directory traversal vulnerability.
5aa049891604b9dfa07b7722c2d65d120db87b6fa8bce970aa60b60c0e9d479d43 bytes small Linux/x86 MBR overwrite code that hits /dev/sda with LOL!
d5781e68ae3254e63aa024d28c5fa3b8bb4003a050b6fe75afadc434a7289359
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed