Red Hat Security Advisory 2011-1220-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
e9760fd558188de1a54f0616b4447ef1e4c3f61dd8e0e4e962b255930a150ba0Red Hat Security Advisory 2011-1219-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
5937696c9bd55e106006e37ce7137dfe26a1fa85701c6b3b20738adf722591c2The Axway SecureTransport device contains a directory traversal in the '/icons/' directory. An unauthenticated remote attacker can use this vulnerability to obtain arbitrary files from the root file system of the vulnerable host.
1b3c5c1df5ff2ebfb4d989500a0c88455f9836ec0f3075c8f7d42816d3df5526WordPress SH Slideshow plugin versions 3.1.4 and below suffer from a remote SQL injection vulnerability.
858a73020c238d3ee7c8b85b1895e08522176937230778d70a49dc689cc35d9dDVD X Player version 5.5 Professional universal buffer overflow exploit that creates a malicious .plf file.
297631087aa6a81541fe0ea4492a17b7895adc65c6308082fa7154a95d6b4f6fZynga Cafeworld suffers from a cross site scripting vulnerability.
1de5054521841a8b4b7f9e1ce5d0edc67d02933eb806e248c8fa2d44e4d20cf4WordPress iCopyright(R) Article Tools plugin versions 1.1.4 and below suffer from a remote SQL injection vulnerability.
455e13b885bf5838b4336a643244d6e3f05bc744602e084a853637fbd381d8d9Mini-Stream Ripper version 2.9.7.273 universal buffer overflow exploit that creates a malicious .m3u file.
788af66ef6c41cf2bfcd7f5a8d10913075ba1df617514df4e25dc968f9859e09Dienstplan version 2.2 suffers from multiple predictive password vulnerabilities.
a3b1ae5a968d69bc0d5fbf09c9a8eef18d7261dd23662e4cc9cb9ede23ef154cZynga Vampiresgame suffers from a cross site scripting vulnerability.
5ca4f7ae3958a37cb0dfedb149d2f403d39317d80e16e9ada9408d695cff8184EIN-SOF Solutions suffers from a remote blind SQL injection vulnerability.
67ac2848ef6cc6b81220fbb4a95b0bf90e4485d7a50dba804015bef0a3587a14Zynga Petville suffers from a cross site scripting vulnerability.
dc04e63dfe4b99e29c027ca6bf88c0fe84a065f6dfd3f43f820da1144504d024Velaro Live Chat Software suffers from an html injection vulnerability.
4048939afeb642f142f711cdc2622a412945997a5bdfe0ec7a522d67e2862c49Infomedya suffers from a remote SQL injection vulnerability.
39155afe90137dd18a85ffc61cedad58b11fa32313f4232e7c7af8077a416989Plomp is a HTTP banner grabber script written in Perl that also sends malformed requests to the server in order to determine if the version information has been altered.
7046c3463928e49abe3a505f5061cd467763d59028f8751f33833e12e511ee9cClickCMS suffers from anti-automation and denial of service vulnerabilities.
2d1627ad6df96db1447b7a24fc5ea5962d82933b6f84c2ef928aa74dd8c66811Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
bf73fe42fb72c58901a512b508e673688f4a56aa7452ccabecb3d92b0ca19e30Secunia Security Advisory - Miroslav Stampar has discovered a vulnerability in the MM Forms Community plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
ed908d2b03317f41b4fafe9810f2ccf919c7090b26a8152c90d437ec1a620f98Secunia Security Advisory - A security issue has been reported in Ipswitch WhatsUp Gold, which can be exploited by malicious people to bypass certain security restrictions.
d36428285b8e6b5ea1baa3ee168a08bb5ab2943bf33d9b5a77bc38d58f880e75Secunia Security Advisory - Fedora has issued an update for mingw32-libpng. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
9774b995508b994d6c59f85085edeed827091e1b6c2d54655652af5aea99c9c7Secunia Security Advisory - Xerox has acknowledged multiple vulnerabilities in Xerox FreeFlow Print Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, malicious users to cause a DoS (Denial of Service), and malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and compromise a user's system.
745635d7da8e8c8636b7394db92b0059680060c85433e458775448dcbe65b423Secunia Security Advisory - A vulnerability has been reported in Omnistar Mailer, which can be exploited by malicious people to conduct cross-site scripting attacks.
89829222ebd1c7fc30523bac788b49ef87f67a065d5390309fff49732c371ceeSecunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
0dd702eba672a1cbcb3581e097a111a02685a91cb1a4415f6d54818de8c622bfSecunia Security Advisory - SUSE has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
31e12687e0b27b6a781b61bc33d8fd94ec1c2f14ce17ebe9b13ed14149cb5d4aSecunia Security Advisory - Luigi Auriemma has discovered a security issue in HP SiteScope, which can be exploited by malicious users to bypass certain security restrictions.
cbe3fea840f2c4d9485b2f724df9d07a960ac525ec3e36ed082f5408d645a15a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed