Positive Research Center has discovered an SQL injection vulnerability in Dolphin version 6.1 due to a lack of input validation.
6e7491c597fac9d80353c3599136713e5b76b1d076448738c1d54df96c58c841Gentoo Linux Security Advisory 201110-13 - Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.1.30 are affected.
096d2f83ba0d522e255e5c18f1589543888db4a3edfd2bea51bf8a0b475e1e7eUbuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
a04660c7b598d19e4f72432e2a317262cebfd0b9fa6d764460a7bd04e7a74a4fMandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.
b2c7cee78dc0a955a2f2c042e67a3848b405f7deb0d7e35b46e4354ba47ef1f1Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
69c119dd10637e93745b7d47028577720527e2e790477da1e00cfc3d5ceebc42This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.
c3cc069840b33d66dc0f5eb936fd86d7c0e81a9ca3077cb540669d0523d716ebDolphin versions 7.0.0 through 7.0.7 remote PHP code injection exploit.
f8491a4888891439bd445b8f8fad6b81712c31b0ac7b701243d0d96f85f10c23The Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.
e3ae091577864ca2191cda6842e17f20d23686b3a23d2de2b27c1ca2850d9f76Ubuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
69845e86133335adaba83dacbab9b866d4f7fa4fe3cf57ea5923181d6f1d3289Northern Racing suffers from a remote SQL injection vulnerability.
b537bbb9d4a91562f89cc78fa5612e6b135909ae054e17b2edda07a006528f79Whitepaper called Creating Your Own Abstract Processor. The author discusses creating a theoretical processor architecture that one can develop at the software level.
3377a9e7607686a8415eb224532b12bc436eda19656f6192d4f244d9c631a003Eurotax.com suffers from a cross site scripting vulnerability.
d9fe81ebef5026ce0ee70120ba44d61061a6692e1778b7957a06c7230d83c351Sites powered by Webciters suffer from multiple SQL injection vulnerabilities.
750e1c069dc13cb7dcdcaca62659ef9bb62002de1c8bf40379f2d0727ed67fcdSecunia Security Advisory - Two vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.
8a4a00a42e2f1eff392be67f5ced6c719f204f8137908da764ec55568a6acb56Secunia Security Advisory - A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited malicious people to conduct cross-site scripting attacks.
6ecce104a578fb17f8fb5af6793e1338a984159b1b6c78064479ecd6bdfcb578Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
bd7d31182b811bceaf24856de8cee7e70b162292a90736e9294de52dd26aa6dbSecunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1c36e8d197bf0173aff4a04601f5b80eca93d6bef674b5f04295ace455a65ed0Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Microsoft Office Publisher 2007, which can be exploited by malicious people to compromise a user's system.
9f8cd5af4fb62d219d656368b4151ddb77e67059235d35c11cb787fbce38e991Secunia Security Advisory - A vulnerability has been reported in Spree, which can be exploited by malicious people to compromise a vulnerable system.
c4715eeff1a934c5c05e48aa097fa768606f42dd20772d5c2353f5c25ae8f58dSecunia Security Advisory - SUSE has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.
e83806af24da53c32dc9ee02ebab6c0645864a294f3fb367267d073f973ac092Secunia Security Advisory - flyh4t has discovered a vulnerability in GNUBoard, which can be exploited by malicious people to conduct SQL injection attacks.
321b61472c9396f867fbdde92b2b32ec78d66ffe88ff61ac18c1754ef2be7e56Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
50e5befa2e5d2163402b22f35a74db3beb3b72263edeb52beda36e875146ac7bSecunia Security Advisory - SUSE has issued an update for php5. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
5a8c5dece21406fc2239d5914fb0664eef45f9635fab07b6d0e5af2c53965b2fSecunia Security Advisory - SUSE has issued an update for libopenssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
cb04905b104470c900e2b860a84f5fb775d469dcb07417959f80bab680d7404aSecunia Security Advisory - SUSE has issued an update for libreoffice. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
422e2cb8daf0dc6ad3ea753c95a66dd55d82f4423d7d730b8dcb42bc0b6a5827
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed