CompactCMS version 1.4.1 suffers from a remote SQL injection vulnerability.
0aae9c39dbe4e9932062fbd4f582ab7adcd21a2614b9791220cc11dffd746189Zero Day Initiative Advisory 10-252 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for a component within the SIZ marker in a JPEG 2000 image. When the component contains a malicious value, the application will add a corrupted object to a queue of data which will be processed by the Component Manager's JP2 decompressor. Later when attempting to decompress this data, the application will use the corrupted object. This can lead to code execution under the context of the application.
2f588dbb6899ad3e253001a14e3ed363f6e46d4eda11f8289acaf22cee93bdeeThis is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. Several of the vulnerabilities also impact Cisco Unified Videoconferencing 5200 and 3500 Series Products.
69ff03ff2b451e16c8342723ca698a082590a674746e6fb250333321452c49baWebRCSdiff version 0.9 suffers from a remote file inclusion vulnerability.
bf3cfc7a7901d32413def9013f50f085252bf69d3470e0051931b7d0cb78b928Zero Day Initiative Advisory 10-251 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for huffman tables within a flashpix file. By specifying an index larger than a particular value, a pointer will cease to get initialized. Later the application will use this pointer to as the destination in a copy operation. Successful exploitation will lead to code execution under the context of the application.
b572a2e8d78a4f466a08b3ac02f903f7e889a6396d757dd6dbf73752f4a5d50dSAP XRFC version 6.40 and 7.00 suffers from a stack overflow vulnerability.
9b8e7b9a5adb907ede97829d87b64a1087018e9595e7e83781a56c9d2180bf3aThe SAP NetWeaver administrator panel from ECC version 6.0 suffers from cross site scripting vulnerabilities.
3d805721f30788cc734b4cca6025ed61f899f4240facd6d677bd99feb4a472b9IceBB version 1.0-rc10 suffers from information disclosure and remote SQL injection vulnerabilities.
4154648b228af08be3aa2e468d9bb83b49c1495619524edd3be11f3ed3206b6dZero Day Initiative Advisory 10-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing rec chunks within an AVI media file. By modifying specific values within the data structure a heap corruption condition can be triggered. An attacker can abuse this to execute arbitrary code under the context of the user running QuickTime.
e82baa6e732f9c0d4f22b195f8a8ec9d5a7bc0a42d9cc0ffd5eeccd6a35f4812Zero Day Initiative Advisory 10-249 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime decompresses video samples that are encoded with the Sorenson v3 Codec. Upon parsing malformed video sample data, the application will calculate an index for decompression and use that to seek into a buffer used for writing. Due to lack of bounds checking on the index, a pointer can be made to point outside of the target array. Upon writing of the data a memory corruption will occur. Successful exploitation can lead to code execution under the context of the application.
7a76209d14c4e8dcd8ad0dee783cf9f4bea01ebaf939d4e1fbaa2c363885a0c3AWCM version 2.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c3dbab4a192a3d40470d5d16457409c6eb685ed45bb3478f445cbebf6d3c30a1Topics for this issue include database protocol exploits being explained, measuring web application security coverage, combating the changing nature of online fraud, and much more.
4f2d4bc104ae0632e16b20da43c4185ac5fb86ed068817c6e9e5e52ae884df94Secunia Security Advisory - Multiple vulnerabilities have been discovered in openEngine, which can be exploited by malicious people to conduct cross-site scripting attacks an disclose sensitive information.
a4f85e7bab83c6b6c427e81688bd42a5020327800071b5cf669b5ac136cae34dSecunia Security Advisory - A security issue has been reported in Apache mod_fcgid module, which can be exploited by malicious, local users to potentially gain escalated privileges.
2117a7e79bc97d5cffe5dde91b96bde8b2ae0cac9375b68fa52d8043feac33d5Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Commerce, which can be exploited by malicious users to conduct SQL injection attacks.
5d14c485af0f4a3cbd27643a70364595d4ea0bebcda7dd5972dcdeb14954349fSecunia Security Advisory - Aung Khant has reported two vulnerabilities in Eclipse, which can be exploited by malicious people to conduct cross-site scripting attacks.
e5d00fe0d48c5c09ae316d86b661311c812afd6034661ed13eb83de1c29f7cfaSecunia Security Advisory - Some vulnerabilities have been reported in IBM WebSphere Commerce, which can be exploited by malicious people to conduct cross-site scripting attacks.
6b4b66e8d54d6918891153f7eda0e5a9a7fd840481201bb996372d8cebcc3e1eSecunia Security Advisory - A security issue has been reported in Mac OS X Server, which can be exploited by malicious users to gain knowledge of sensitive information.
933907f8481fce461d7f27ae2251d550c4698eee8536706deb6dc1720b01c080Secunia Security Advisory - A vulnerability has been reported in HP LaserJet Printers, which can be exploited by malicious people to disclose potentially sensitive information.
650867058e289a62190aa6a460b9bef31f7d603f9bc62a8a38a4058a911ac680Secunia Security Advisory - Multiple vulnerabilities have been reported in DServe, which can be exploited by malicious people to conduct cross-site scripting attacks.
c1a25e5cbcf39763ee4e3d2c2ee75fff61378649ccecab4b5fb738e837fcbcb3Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to conduct cross-site scripting attacks.
bfb279913b5c34b1f4b69472c16dac0319fac83de64db364de3efecbc6d45674Secunia Security Advisory - A vulnerability has been discovered in Al-Furqan component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
983d1932981037fd601075d53382c661eef5adc5da38bb3cd757615a19b4f7c3Secunia Security Advisory - Two vulnerabilities have been reported in NolaPro, which can be exploited by malicious users to conduct SQL injection attacks.
e8a57b3de6a6e5d7b713e7cd77db3de21ac9ebdca103942d76683ca1fcd5e1afSecunia Security Advisory - A vulnerability has been reported in BPowerHouse BPAffiliateTracking, which can be exploited by malicious people to conduct SQL injection attacks.
be8dfb4f7a11537015ed026011907bff131f6e597eb4f84e401714dcf9268cf7Secunia Security Advisory - A vulnerability has been reported in BPowerHouse BPDirectory, which can be exploited by malicious people to conduct SQL injection attacks.
6fb0d87a44cb09b83016a7ff29b35ff3389cf5c2b21d07354b237967df8cf979
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed