Debian Linux Security Advisory 1999-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
e186bbcef4c76dd7c82263be160a64e36c680eae3464ff34fcd581db19a0af1ePHP-Kit version 1.6.1 suffers from a remote SQL injection vulnerability in member.php.
04144ce3bc149adf23bb00f62d88e1218d88bba64637ce4205fe7912fa16b7f0It appears that acm.org suffers from a serious data leak and may be ignoring it.
8e6b09b62e771606ad867f018b1b74c049773aab72fa56fc8c39418f207a5b4eThe Joomla Community Polls component suffers from a local file inclusion vulnerability.
3f0ff7fc4920e3d8f290a994dda63aaf12e15a63d80caf788ebc09983f7337f8SphereCMS version 1.1 Alpha suffers from a remote blind SQL injection vulnerability.
9431cbe88f2428736d7c267ae83535ba81f25462355a52476e9c29052d518294This is a whitepaper called The Operation CloudBurst Attack. It discusses exploitation methodologies in relation to databases.
884e7b3743a87e6ba8453db3261db1dd57ab459c1e082f67a505e417fa84c6a7Ubuntu Security Notice 890-5 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
52eb5cf05dd186c7c71a01ca7548fbcb53330023b7e0dfb24faca286a3ad70beOpen Source Classifieds version 1.1.0 Alpha suffers from cross site scripting and remote SQL injection vulnerabilities.
edb76ff2234a4a2dab661efc1a6f76fe7dee35d13cd0e0c436bc4ca9420b547cZero Day Initiative Advisory 10-018 - This vulnerability allows remote attackers to execute remote code on vulnerable installations of IBM Cognos Server. Proper authentication is not required to exploit this vulnerability. The specific flaw exists due to a hidden manager-level account with a default password defined in the user configuration of the bundled Tomcat server. This server can be reached via HTTP on TCP port 19300. A malicious attacker can use this account to manage or deploy a servlet onto the server. By abusing this ability a remote attacker can execute arbitrary code under the context of the user running the Tomcat server.
064aa92535214caeeb8183d2541bf5f3e9054cab2de49dcd22b6b2554e267dbaDynamic message box shellcode for win32. Supports 95/98/ME/NT/2K/XP/Vista.
44461bb59cc7467533b9c385216223311716e9343ca80fd2b5d82a5848c6a44aMandriva Linux Security Advisory 2010-041 - Multiple security vulnerabilities has been identified and fixed Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly. In a user in a multi-user chat room has a nickname containing ' ' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution. oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.6, which is not vulnerable to these issues.
fa9c0b2138d3b8fbc1ab0bfd2fde34bd63b64d1d1e05a2042455f5dfceb6006cFileApp version 1.7 for iPhone / iPod remote denial of service exploit.
4109c0d6bb570b74ebd596122ca5ea499cee774772a9d79c4476e2f770a5d8e7The Call For Papers for the 2010 BugCON Security Conference has been announced. It will be held in Mexico City October 27th through the 29th.
8b0ea45a2af3013dd290dfedd4267f1d23d223f7584bea351e3e3cb5023982fdCubeCart suffers from a remote SQL injection vulnerability.
db7a78ff121d3a197e0fb63d11d567199b738d089c65aa279fcc15b69e1abaa8The Joomla Otzivi component suffers from a local file inclusion vulnerability.
01a93d462ccd69d9a81bb33cd4caec81dd0bc9a89c544fab6344fad5a0cde8ddSecunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error when handling out-of-memory conditions. This can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page. Versions prior to 3.0.18 and 3.5.8 are susceptible.
a0dde42c067bab2639a7964ba57a0b6a1f2fb79a300e90d0ba7960cf79218090iScanner is a free open source tool written in Ruby that lets you detect and remove malicious code from webpages.
b24b4408248cf75aae3756669dc2ddc434a167578ae870ae51c3338e88d30689Core Design Scriptegrator for Joomla! version 1.5 suffers from a local file inclusion vulnerability.
3c624514cfbc530da7d627eb64fa261ec94c619832443d30ff91e7029a4afd30gitWeb version 1.x suffers from a remote command execution vulnerability.
531316ccb2f446d689c4ea64b60d34f3712be9d3316b609fe811614dc7b64166This Metasploit module exploits a stack overflow in Qbik WinGate version 6.1.1.1077 and earlier. By sending malformed HTTP POST URL to the HTTP proxy service on port 80, a remote attacker could overflow a buffer and execute arbitrary code.
894f43ed9ebd305fbfb850e6148306dc62adfbc8788b34ecf2cdb98d799e4036This Metasploit module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module.
f58aeb9136f2b509f52c0f2b286955d484d6b332b4b2c0c9edf999ea5b57d73c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed