The Joomla Deluxe Blog Factor version 1.1.2 suffers from a local file inclusion vulnerability.
af49934322e6220c48bbbb7d1777c299a6853beb5271fce7c5f82a3aadfbda4eThe Joomla BeeHeard Lite component version 1.0 suffers from a local file inclusion vulnerability.
4fd510973c5201c59b2ec4c0171cb190c9075150e8a1fdf7e047440925273edfMandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
8bc79655fa60e411cb4fc6c4176a462670c99e50077d17a036d4c694df5c95cfMandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.
04b880873291bf9e96e7792410acaf5e20d102688c675e803a6b526a4a5279cdCisco Security Advisory - Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system. Cisco has released a free software update that addresses this vulnerability.
42ba22b1e884d90f48a493bc080a4d64de688557c3c9617d491a9550b2094598RJ-iTop Network Vulnerability Scanner System version 3.0.7.x suffers from a remote SQL injection vulnerability.
18208e79e66a424b10725228781a8592509adbce1f8398f37360c0f70aea380a6 bytes small DoS-Badget-Game shellcode.
262d1ce51e806c472bbaf0a41a2e35372d81549352c88f2f96f00277f2085d4425 bytes small execve("/bin/sh") shellcode.
05747c8729ac0266f979b287ca4bfeb2e4dd2a30e38dc6d54fd7d6c156d8688d36 bytes small chmod("/etc/shadow",0666) shellcode.
beeeb62cd5e78a23e54cbfa7bdc2ba1f2a5a8b2972f3c67b46ef5c6bb1d0d2c8Mandriva Linux Security Advisory 2010-072 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues.
87a1b81e834c7351f9b23a53bf106959914ab7a068d03785563229a2e13f2d5fSchool Management System Pro version 6.0.0 suffers from a backup disclosure vulnerability.
ca079511b492f3f2ee9b408e7af1fc21f140ee0a6da064230ce332b6b21c9033Almnzm 2.1 suffers from a remote SQL injection vulnerability.
64594d15858b9cd3463ea86421a5ef3c22466c0675cef9e430578e7ae3f65dc6Bild Flirt versions 1.0 and below suffer from a remote SQL injection vulnerability.
97b141caf6f614dd78df49253ef14d6ff546b0b296ccecadd87b75fc2f4d90edBild Flirt System version 2.0 suffers from a remote SQL injection vulnerability.
bc18f23a9d223330807031dab00ea9954724bfdf133c651faf95822666ff6eefPhpMesFilms version 1.8 suffers from a remote SQL injection vulnerability.
6af31a7d1ab136392d9d4d8c0728ec3110d58b4152f41bc4865633ae347e9e1cSecunia Research has discovered some vulnerabilities in Visualization Library, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors within the "vl::loadDAT()" and "vl::isDAT()" functions in src/vl/vlDAT.cpp. This can be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted DAT file. Visualization Library version 2009.08.812 is affected.
1b996f0ac827e76e221d5d7baef175b040403eb6d12d81d8848b2e97d4502668This Metasploit module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as discussed by Ruben Santamarta, an attacker can execute arbitrary code in the context of an unsuspecting browser user. This vulnerability was originally discovered independently by both Ruben Santamarta and Tavis Ormandy. Tavis reported that all versions since version 6 Update 10 "are believed to be affected by this vulnerability."
2e5503b022c0eff22f86ef53b4b82291d06f5226c0191d0bf171a4153b4e71acOpentel Openmairie Tel version 1.02 suffers from a local file inclusion vulnerability.
86d447d189c26a0d9adf83cd91cff96c86c834d33a77285050cff9ba738cafbaOpenstock Facture version 2.02 suffers from a local file inclusion vulnerability.
12b99f0633a24e8a2b598fae802a9e5f4135d01cd8206c7e510f043422cc6062Cert-Lexsi discovered a critical vulnerability in Windows Media Services 4.1. The vulnerability is a stack-based buffer overflow when handling a specially crafted MMS TRANSPORT_INFO packet. It could be exploited to execute arbitrary code with NetShowServices privileges (which belongs to the Administrators group).
6c6934ecec3aa784faf405de8dc5970d7a01d8d3b72f94d3ab7f14b371036d0eThis Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9aThis Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.
78422f19ea0d8bce6a74c02e6e26e1840301ad3c5fdd0f923caed537a2c47c13Micropoint Proactive Defense Mp110013.sys versions 1.3.10123.0 and below local privilege escalation exploit.
cb1f02645b6edceddb222c851229894bc776510a193db2fb91b36d9eea0bd3adHP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).
c857682698953533dc63f2a6dcb131ef084d3854fb472410abd958573610c961Imperva SecureSphere Web Application Firewall and Database Firewall products can be bypassed by appending specially crafted data to requests. Protection provided by the Imperva device against attacks such as SQL injection and Cross-Site Scripting is negated, allowing unfiltered requests through to protected applications.
ef7a3f4039881314d939c68cfe71ae130bcbfb48f7e4599d6e651e03a57bb143
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed