The Joomla Deluxe Blog Factor version 1.1.2 suffers from a local file inclusion vulnerability.
af49934322e6220c48bbbb7d1777c299a6853beb5271fce7c5f82a3aadfbda4e
The Joomla BeeHeard Lite component version 1.0 suffers from a local file inclusion vulnerability.
4fd510973c5201c59b2ec4c0171cb190c9075150e8a1fdf7e047440925273edf
Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
8bc79655fa60e411cb4fc6c4176a462670c99e50077d17a036d4c694df5c95cf
Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.
04b880873291bf9e96e7792410acaf5e20d102688c675e803a6b526a4a5279cd
Cisco Security Advisory - Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.
42ba22b1e884d90f48a493bc080a4d64de688557c3c9617d491a9550b2094598
RJ-iTop Network Vulnerability Scanner System version 3.0.7.x suffers from a remote SQL injection vulnerability.
18208e79e66a424b10725228781a8592509adbce1f8398f37360c0f70aea380a
6 bytes small DoS-Badget-Game shellcode.
262d1ce51e806c472bbaf0a41a2e35372d81549352c88f2f96f00277f2085d44
25 bytes small execve("/bin/sh") shellcode.
05747c8729ac0266f979b287ca4bfeb2e4dd2a30e38dc6d54fd7d6c156d8688d
36 bytes small chmod("/etc/shadow",0666) shellcode.
beeeb62cd5e78a23e54cbfa7bdc2ba1f2a5a8b2972f3c67b46ef5c6bb1d0d2c8
Mandriva Linux Security Advisory 2010-072 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.
87a1b81e834c7351f9b23a53bf106959914ab7a068d03785563229a2e13f2d5f
School Management System Pro version 6.0.0 suffers from a backup disclosure vulnerability.
ca079511b492f3f2ee9b408e7af1fc21f140ee0a6da064230ce332b6b21c9033
Almnzm 2.1 suffers from a remote SQL injection vulnerability.
64594d15858b9cd3463ea86421a5ef3c22466c0675cef9e430578e7ae3f65dc6
Bild Flirt versions 1.0 and below suffer from a remote SQL injection vulnerability.
97b141caf6f614dd78df49253ef14d6ff546b0b296ccecadd87b75fc2f4d90ed
Bild Flirt System version 2.0 suffers from a remote SQL injection vulnerability.
bc18f23a9d223330807031dab00ea9954724bfdf133c651faf95822666ff6eef
PhpMesFilms version 1.8 suffers from a remote SQL injection vulnerability.
6af31a7d1ab136392d9d4d8c0728ec3110d58b4152f41bc4865633ae347e9e1c
Secunia Research has discovered some vulnerabilities in Visualization Library, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors within the "vl::loadDAT()" and "vl::isDAT()" functions in src/vl/vlDAT.cpp. This can be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted DAT file. Visualization Library version 2009.08.812 is affected.
1b996f0ac827e76e221d5d7baef175b040403eb6d12d81d8848b2e97d4502668
This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability."
2e5503b022c0eff22f86ef53b4b82291d06f5226c0191d0bf171a4153b4e71ac
Opentel Openmairie Tel version 1.02 suffers from a local file inclusion vulnerability.
86d447d189c26a0d9adf83cd91cff96c86c834d33a77285050cff9ba738cafba
Openstock Facture version 2.02 suffers from a local file inclusion vulnerability.
12b99f0633a24e8a2b598fae802a9e5f4135d01cd8206c7e510f043422cc6062
Cert-Lexsi discovered a critical vulnerability in Windows Media Services 4.1. The vulnerability is a stack-based buffer overflow when handling a specially crafted MMS TRANSPORT_INFO packet. It could be exploited to execute arbitrary code with NetShowServices privileges (which belongs to the Administrators group).
6c6934ecec3aa784faf405de8dc5970d7a01d8d3b72f94d3ab7f14b371036d0e
This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9a
This Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.
78422f19ea0d8bce6a74c02e6e26e1840301ad3c5fdd0f923caed537a2c47c13
Micropoint Proactive Defense Mp110013.sys versions 1.3.10123.0 and below local privilege escalation exploit.
cb1f02645b6edceddb222c851229894bc776510a193db2fb91b36d9eea0bd3ad
HP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).
c857682698953533dc63f2a6dcb131ef084d3854fb472410abd958573610c961
Imperva SecureSphere Web Application Firewall and Database Firewall products can be bypassed by appending specially crafted data to requests. Protection provided by the Imperva device against attacks such as SQL injection and Cross-Site Scripting is negated, allowing unfiltered requests through to protected applications.
ef7a3f4039881314d939c68cfe71ae130bcbfb48f7e4599d6e651e03a57bb143