Small write-up discussing various issues with T-Mobile's site and security.
c85f78d5b785a5673ec6319cd4e213024eb515189ce4bd1e9c0abf0e8a0c23ccBensi Okul Portal suffers from a cross site scripting vulnerability.
7cdde2c9a60c31799fd1e32a97d1c480dc8ecc288ae29cd5a7616b5154cac007Escort Agency Script suffers from a remote SQL injection vulnerability.
53d6a77e808c03ffe1dd7998c91200771d2b95d712ba2774b7e23c53635e0eedImport address table (IAT) hooking is a well documented technique for intercepting calls to imported functions. However, most methods rely on suspicious API functions and leave several easy to identify artifacts. This paper explores different ways IAT hooking can be employed while circumventing common detection mechanisms.
7fc4f73e8ce5a00253ddb8deff3d09da7612ebbcf819c8a3ae17075fced2702eAdium versions 1.4.2 and below suffer from a cross site scripting vulnerability.
0bc772b94e276215873af7b4736035264927370480ad0412051e68b6bc0c92b5The accounts.zynga.com site suffers from a cross site scripting vulnerability.
cb844ad91bec5e440dbecccfc1b6571b8785726efc82a33375e8e1d1399bd7c6A 3rd party application may exploit Android's Browser URL loading process in order to inject JavaScript code into an arbitrary domain thus break Android's sandboxing. Versions 2.3.4 and 3.1 have been found vulnerable.
e69e53a920a455ea417e80477c2fab5c49deede7cf7c53b2cbeaf6c9493d8670Gilnet News suffers from a remote SQL injection vulnerability.
5dd5489ea9083aa1805d804f552978306d2eaf6a5ceb229ff73190eb77b27988MyBB MyTabs suffers from a remote SQL injection vulnerability.
f18c152cd26a147af425278fc655c37acf5fca20b7b0c6bd2224a57c6c268e2bThe Joomla Astra component suffers from a remote SQL injection vulnerability.
e1d0a46ab500ffbefc85f2574a3ea101bf3f764f8c9331dbfe352339c9f3b35amt LinkDatenbank suffers from a cross site scripting vulnerability.
966d22be00b25225059e4442ff11ea8de508b66d1b93161ddd97eda0f3312caeMC LinkList version 1.3 suffers from a cross site scripting vulnerability.
194edb048e10601bd4c9699a255c55ae73d21849cc46f428fc9a8e1a8194b00eByethost Cpanel suffers from a cross site request forgery vulnerability.
ab7232e1a064b6353a804d935d08d59ec6886f0915f9232a0c789f414704a465This Metasploit module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for authentication. This username and password pair are Windows credentials with Administrator access.
7c8e30e3bf5a9fd18f843efebdc225b819266ca4ca82d428c51238a4afa9d1c6Title Web Solutions suffers from a remote blind SQL injection vulnerability.
a992096f062e8e0ccc87053211f712fd805a4a1c1d10c912fc6dcde93822ecb9phPhotoGallery suffers from a remote SQL injection vulnerability that allows for login bypass.
d92b28488cc5a06f734a33138136af2d15351d6492877ff0ff78dab88cd9435aAtaccan E-Ticaret Scripti suffers from a remote SQL injection vulnerability in index.php.
62d7f7f57209ed9e6c3e4369c35e627bc5d1d887b563e5db301d369057e4432cOnline Yemek Siparis Sistemi suffers from a cross site scripting vulnerability.
03542a9082391b7ff5ad91f0d2087f11c93bf10e0399a7c1bba9bd2695f0ea76Powered By Website It 2009 suffers from a remote SQL injection vulnerability.
af8a04a7e9b4a3368dd5b608444e9c45f90f63560206460c85fe3f47ab84d30cSecunia Security Advisory - SUSE has issued an update for libapr1. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
06036105b03f88048c039ab831d8192719d882c8c74d9b6f57c5dd5187b8ed18Secunia Security Advisory - Rosinei Muniz has discovered a weakness and a vulnerability in Crafty Syntax Live Help, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
bde05a8bf9506fcc2f15537ad465d7cdf93257025d70c5d9260e2aac68916dc8Secunia Security Advisory - Fedora has issued an update for mapserver. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and potentially compromise a vulnerable system.
56272282c668afe6e2117b5ab559cff45bb7f2f799de003825e9b14fad6d0c16Secunia Security Advisory - A vulnerability has been discovered in the MyTabs plugin for MyBB, which can be exploited by malicious people to conduct SQL injection attacks.
2ba1d7b9bf6e32054965d02c8d3fba42bf51328eb78e8e2da9e5f9c25f6c5cf3Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Novell ZENworks Handheld Management, which can be exploited by malicious people to compromise a vulnerable system.
9cafab65ee75396a929446fadcd4bdfa05fd8c60edfee47831160a8a8842f9c4Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), conduct session hijack attacks, and potentially gain escalated privileges, by malicious people to cause a DoS and potentially compromise a vulnerable system, and by malicious people with physical access to potentially compromise a vulnerable system.
ad4f76f2ffc6813765043639b53d110cfad9d60a0d1d93e492536557cb1632b4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed