BEdita version 3.0.1.2550 suffers from cross site request forgery and cross site scripting vulnerabilities.
ccd8c35e20ee5a18923db0c1ebe2191a73eba9a172afcb366afb3a82e8788c15PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ac4f6cb5fd0daad47f72c6716075944a4a20bfbf6aa3769ebfc9f0115c29b5dfMantisBT versions 1.2.3 and below suffer from cross site scripting and path disclosure vulnerabilities.
18a95d91ab5662bc9da22edd42c6085d143c012493617b0a9f216e4bbb8cd78eIBM Tivoli Storage Manager version 6.1 local root in DSMTCA GeneratePassword exploit.
5f7abd0c6739167668463d5a54b15411b9b1095151be3d84b417ca38cc9b8c4fGoogle Urchin version 5.7.03 local file inclusion exploit.
6e4a248133ec68df035e49c941cd319ec7ea7bc8646e969f03155b233c5217e3MantisBT versions 1.2.3 and below suffer from a local file inclusion vulnerability.
abf8514ede0418cc0812ff5542f8637869d485480ee17472e692434df0836263iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. During the instantiation of multiple ActiveX Controls, a particular object is created along with multiple references that point to the object. The object can be destroyed and its associated references removed. However, a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.
4c0764ad14f98ee7df9da2ae3da2919d78490434383ec3b2809162fb897f8865BLOG:CMS versions 4.2.1e and below suffer from cross site request forgery and cross site scripting vulnerabilities.
ddc26b3fa1bcdf7e1487319c93eac4eb1e64a80447f44813930a4ae823627b75DorsaCMS suffers from a remote SQL injection vulnerability.
5f470d63c307ec009fbc2e0017592777c57a7eb044452c526018dc51a76bfcaeThe Cforms II plugin for WordPress suffers from a CAPTCHA bypass vulnerability.
9651927202406b32b942c8788261677321fc3d2a584e0a29325ea269b6706946A vulnerability exists in the Pointter PHP Content Management System version 1.0 authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
383447dee593575552b4ff1eaf381e999b313af64904e3e28897fc874dcfacd7A vulnerability exists in the Pointter PHP Micro-Blogging Social Network version 1.8 authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
5ed06a82856703845c31dcfc2e60d5e2c275c982d313bdc9e171cebe44ca0cc1The Open Source Security Testing Methodology Manual 3.0 covering security testing, security analysis, operational security metrics, trust analysis, operational trust metrics, and the tactics required to define and build the best possible security over Physical, Data Network, Wireless, Telecommunications, and Human channels.
4d306ccdeb4873051c47dc371e8de727b95cdd85d3762f650197820218b0eb6eEasy DVD Creator local crash proof of concept exploit.
3c7a275d3effdb21eefadb086122bb81b6c00d7edee39d6e2a578ebe14296530afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
66d8374c7516016aa8a7fce0af66cc5c2cfea6101ef18e20cdbfe33a76789658Digital Audio Editor version 7.6.0.237 local crash proof of concept exploit.
820e081085fd1ca4bcfd6c2a2807c9a1dfc73c0f4ac9523a262e5382d1c95d93slickMsg version 0.7-alpha suffers from a BBCode CSS cross site scripting vulnerability.
9c4afcd68a7d3392a71f0c50f9628856f356b810d66910a21a8546f1d0fe0a75Technical Cyber Security Alert 2010-348A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Office, Sharepoint, and Exchange. Microsoft has released updates to address these vulnerabilities.
85913a7c3a6dd148e01e4ede674b2adb3689bc4b66f5c1b7810d556323df8122Ubuntu Security Notice 1024-2 - USN-1024-1 fixed vulnerabilities in OpenJDK. Some of the additional backported improvements could interfere with the compilation of certain Java software. This update fixes the problem. We apologize for the inconvenience. It was discovered that certain system property information was being leaked, which could allow an attacker to obtain sensitive information.
f8ef5097e852023623aa4a3bd3b9189b367d50602a050f0b42b2b0149ae0b892VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed AAC files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
5892714bf8dcac92f1f837b80a5fe1dab9767058d8622e1e878f467c7bb64630VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling Audio data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
89b2a9aa2b9bfe058f8be7d8ae041339a47d117e92f473ae3ad518fe34dc5780VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling sound data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
e5db35a6d18d92db4e8e70523276d9edbb3abe1ffea4ad2f9882b6424c67ca80Zero Day Initiative Advisory 10-290 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Load and LoadTheme methods of the SapThemeRepository ActiveX control (sapwdpcd.dll) implemented by SAP NetWeaver Business Client. Due to a failure in bounds checking, a user-supplied parameter supplied to the vulnerable methods can overflow a stack buffer resulting in arbitrary code execution under the context of the user running the browser.
3ff07756f5b8556d59a4b7213aa9a522b1fbb579894c4abd3efccb174e669381Zero Day Initiative Advisory 10-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must be convinced of visiting a malicious page or opening a malicious file. The specific flaw exists within usage of a particular element that's part of the Timed Interactive Multimedia Extensions component of the browser. By removing an element referenced by a tag used for implementing an animation, the application can be made to access an element that has been previously freed. Successful exploitation can lead to code execution under the context of the application.
b4d52f8a75f8683836f0c4ad65452a92bad0cfbb5334d2309cd7df74bfcdd8faZero Day Initiative Advisory 10-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for the select tag. Upon adding a particular element to the select tag, the application will free the contents of the select element and then use it. Successful exploitation can lead to code execution under the context of the application.
61f5e8f466396207dedcea5902bc212ad15d0919c484844baef988f261e33d09
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed