Debian Linux Security Advisory 2172-1 - Several vulnerabilities have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.
267dc10fad0c03e578ad3123414ea64b6e23736b2369d3414a6709c24c575adaUbuntu Security Notice 1069-1 - It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
fdba9a23075e131a564baf3270fe1ab05ec54aef3f93be54371d55937b4d212aZ-Vote Wordpress plugin version 1.1 suffers from a remote SQL injection vulnerability.
13d791ffcb1a9c96a5776d7f982764f873a591de1d238678b632b3c6d2a793e9A local file inclusion vulnerability in Batavi 1.0 can be exploited to include arbitrary files.
a038abd8026754cc3126eea68dfc655608815ea18b91adbf83dd2ace60b299b6ProQuiz version 2 suffers from a shell upload vulnerability.
211e8e13a88448d6d56d0bf2a3f94f1ea198056585e5027ab24034d66219c16dCDNVote Wordpress plugin version 0.4.1 suffers from a remote SQL injection vulnerability.
d34e005a0bd7606c9f77ff724fd460c5f3c2c37c8a2d28a01cef678abe4f1ad8Whitepaper called Leveraging XSRF with Apache Web Server "Compatibility with older browser" feature and Java Applet.
6541c1bf7d0873dfe88bb40e9d6326ebbe5842f6cded8e94a2222c6165df8dc0Ubuntu Security Notice 1068-1 - Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary files.
f936186c43ebc1ba3469742c7385b9e594e2d6a9049351c7ba02874a13de402aVanilla Forums versions 2.0.17.1 through 2.0.17.5 suffer from a cross site scripting vulnerability.
131274da1d8e516db815dd66f46168667b50d7ca29818157c75c7d269c880cd9Mandriva Linux Security Advisory 2011-035 - The tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. The updated packages have been patched to correct this issue.
bc3061e7437994cfa1e698306aec56aba5922b6fc005b13d7fec917c016f2077creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.
2a259b7a5fd401a38f81f8acb78327e378cd52ad47e8d01d4308642fa9bcea94Batavi version 1.0 suffers from a reflective cross site scripting vulnerability.
a08f8fbbcd702d34c02dc4327ee8bceecdb86b5324dadd5f09a343df84e1dbbbGD Star Rating version 1.9.7 suffers from cross site scripting and path disclosure vulnerabilities.
f317ba56bcfbe1dc8ad82983c22418ee06a8a56d68db97d325a5712c0561491bComment Rating version 2.9.23 suffers from path disclosure and remote SQL injection vulnerabilities.
729b2c251d993f050f0c291a3f198b00aec6b88a21c81465cedade6605f7c847Starbox version 2.0.4 suffers from a path disclosure vulnerability.
8466134ce1786590d051964a653bfd425f8b2db934be65292f7734d1bae3aaa0Vote It Up version 1.2.2 suffers from a path disclosure vulnerability.
9b73f7cb1e4470396b11ae5bed226c28fae20958c03297330f007d7645a76fbbOWASP AppSec USA 2011 has been announced. The Call For Trainers is now open and the Call For Papers opens March 15, 2011. This event will be held from September 20th through the 21st, 2011 in Minneapolis, Minnesota.
3177758f0b4cc56ec56c993aae415f5c9edad873e552ec89324dced831e58310Asterisk Project Security Advisory - When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable.
9b947dd4fce8b8d4d6dc7c6bc47a02bc75f6c9d8097ebaa822eda51e67ad2705Libecc is a C++ elliptic curve cryptography library that supports fixed-size keys for maximum speed. The goal of this project is to become the first free Open Source library providing the means to generate safe elliptic curves, and to provide an important source of information for anyone with general interest in ECC.
17a214e35a5a633f9c56af83eb96ee5160646a056909756f3ceec28711398774WinMerge version 2.12.4 project file handling stack overflow exploit.
a90d518f4b58a2d90381a86b1328947e877d00adeda5abb3f18c2dbec603cfa5ICCGI 2011 Call For Papers - The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas. This event will be held from June 20th through the 24th, 2011 in Luxembourg.
ce24c5b6536c58725997f34456f57ea0cdf52ccd86ac32d074b1401174cead18WordPress Uploadify plugin version 1.0 suffers from a shell upload vulnerability.
8f08b19c3d93727e4ee785ef51ff1e7e2e001c090da9144ce38ac7b2b09b4c01Greeklog CMS suffers from a remote blind SQL injection vulnerability.
12097a9a3575a918dc8f872c873f828c62588881b307322532a3adc6df584aa5Course MS version 2.1 suffers from a local file inclusion vulnerability.
b564b1dd81d56827c757a64356c59dc9e9a36978a56472bee76f312d3f2f6736Dotproject version 2.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
52f04fcb03efb43e7f685918ed0b0470b61f4c4f98e2e1b12f3227191e51d96b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed