Debian Linux Security Advisory 1985-1 - It was discovered that sendmail, a Mail Transport Agent, does not properly handle a '\\0' character in a Common Name (CN) field of an X.509 certificate. This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority.
7f363bfc3756efe52291262afeda37362d40aa4743af918350401f623bf2e9ccAjax Manset Haber Sistemi version 3 suffers from a direct administrative access vulnerability.
4f0c122f38a557788f375a4c95181c8fd9a7692d400ef3507c9c5975cb731a7fSnif (Simple And Nice Index File) version 1.5.2 suffers from an arbitrary file download vulnerability.
8d49044a22bb6ef51032fbf025432f7ed888926d599eceff9c9eaf303f52a675Tavanmand Portal version 1.1 suffers from a remote shell upload vulnerability.
fb168fa44563091154600a5cd9651be6263e25297384567ff0934a5b1c34233dThe Wordpress Calendar plugin suffers from a remote SQL injection vulnerability.
08a05486f33d13a0e2be43057015560487fa5f32a66513b4948a18473bdc7f3cEFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as a post install item) and pen tests (recovering the EFI firmware password).
83fe779b6bcdb2cbbb4da3359a7a5d0e75ca7ff27c8901c902ff4d15ec0f684bLast Wizardz suffers from a remote SQL injection vulnerability in content.php.
9466bbdd9f32a88c81de91d8afe6f63d45dd32b067d4a917071e9ff85eebd213Creative SplashWorks-SplashSite suffers from a remote blind SQL injection vulnerability in page.php.
611c1d0c80a95c7c5c72fcce83877382c76388a764e8db6df7270b6ad7efbcdfThis is a whitepaper on cross site scripting written in German.
84575c90ddd7b89abb93facb4b651f00ea940f399ca79081a089a8f99b5f6d80Debian Linux Security Advisory 1983-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service.
92494330a2cbeec055881203210e9efbe69ab0660d46baf67fa4e9b5cfd12fe2RaakCMS suffers from shell upload and directory traversal vulnerabilities.
f61f656cd196728cc713a69e33c70b17c446e8f1d860cf604928eca092e75851TopWS suffers from multiple remote SQL injection vulnerabilities.
0bbb637ef1426ec1bad19e8d1efce5a2583d915d8d42142023a7368b158741edCrownweb suffers from a remote SQL injection vulnerability.
b3f6d344d2d6a6ad43301ff46a61e364143d400824369f016d850200f6e6ab6bDebian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
e56530873719bbbfac147c6d114599e2278e2430011f76a5e4f6add741be4f43Maian Greetings version 2.1 suffers from a shell upload vulnerability.
4c78304f0079c43c202c94901f8943093c0c4d602fc9b505ac9d13f15a0e2bbbThe Joomla RSGallery2 component suffers from a remote SQL injection vulnerability.
55ca6626edc826434e43475084cb3c1940ae2eddb575fedb8a546d1e2e61324dThe Joomla Simple FAQ component suffers from a remote blind SQL injection vulnerability.
825557192d4925e60997c3f0e62d1996c2ac0885bf9e222b9dab631dc515c97dThinkAdmin suffers from a remote SQL injection vulnerability.
8d428cac2963233ecfc54a88a3ee48bc4a1c2a92f0c2add3c4e408067e4472e7Debian Linux Security Advisory 1841-2 - A bug in git-core caused the security update in DSA 1841 to fail to build on a number of architectures Debian supports. This update corrects the bug and releases builds for all supported architectures.
5dcc8ca33d09da65b2123daef88e0d64c824d7df810dac134737c258b0d72fd3Maian Uploader version 4.0 suffers from a shell upload vulnerability.
8ac4826ae8e4145a82378b7baf2962c9ed53b71212989a595ed80bdbd074c923eWebeditor suffers from administrative bypass, database disclosure, shell upload and directory traversal vulnerabilities.
4f156dfd0510795ce33ae305fe001950b391154e8114400d6479a2fa300fceb3The Joomla JE Event Calendar component suffers from a remote SQL injection vulnerability.
9592d26e0986f825e4393c764edab60436365f91f608307054a97bc4a36e5ca4Vermillion FTP Daemon version 1.31 remote buffer overflow exploit that spawns calc.exe.
8cd7207fe0c17003da397f372225d80927a3889b3b21db5b248fcf42b2164597HAWHAW suffers from a remote SQL injection vulnerability.
52b97d5c4ac44f99178320f8aef778dae4e629c415752f6a534b7de80507157fThe Xerox Workcenter version 4150 suffers from a buffer overflow vulnerability. Proof of concept code included.
0c47f97159b37b78391874db638835f12d96ef6db7c62a9f90fbaf6511284e7f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed