Positive Research Center has discovered an SQL injection vulnerability in Dolphin version 6.1 due to a lack of input validation.
636687f3905f70ccf405816629109c6dGentoo Linux Security Advisory 201110-13 - Multiple vulnerabilities were found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code. Versions less than 0.2.1.30 are affected.
1ac41d75c08cdf31f32d48188e223f7fUbuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
07c255a807b2ef2512f9e255b336157dMandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.
5acb136fe11782bae8cfffc4eea36e81Packet Storm Widget is a Mac OS X widget that allows users to see all latest news from packetstormsecurity.org. A user can choose between different kind of news to see: All of the Latest Content, Latest News, Latest Files, Latest 0 Days, Latest Vulnerabilities and Latest Exploits. This allows a user to always keep up to date on their favorite security topics. Please note that this was *not* created by Packet Storm Security and questions should be directed to the author. This should run on Leopard, Snow Leopard, Lion and Tiger.
9e9a4400ad94b557bb3ded125342f1b1This Metasploit module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This Metasploit module has been tested on Safari and Maxthon. Code execution can be achieved by first uploading the payload to the remote machine in VBS format, and then upload a MOF file, which enables Windows Management Instrumentation service to execute the VBS.
f0f60d7d29a3200a4856dadf181df880Dolphin versions 7.0.0 through 7.0.7 remote PHP code injection exploit.
4e3cc6620c4f2852ff8d8819015f2a5eThe Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.
ff67d8a9e5cef25a473a2b924859000fUbuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
5abf0399f4bdb280ef482df2defc103eNorthern Racing suffers from a remote SQL injection vulnerability.
e8768697b23a20533a802fad2714e13dWhitepaper called Creating Your Own Abstract Processor. The author discusses creating a theoretical processor architecture that one can develop at the software level.
5516004d11b809e766566ed91c105645Eurotax.com suffers from a cross site scripting vulnerability.
188bbf19a758fd2eb292143f92042067Sites powered by Webciters suffer from multiple SQL injection vulnerabilities.
62c36f6c6ae7a8ca16cc58c0e4a3f716Secunia Security Advisory - Two vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to disclose potentially sensitive information.
952fd7ed2ab96abbbe4529407db17b0bSecunia Security Advisory - A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited malicious people to conduct cross-site scripting attacks.
8eeb77e757f124d123da69fcdc4417a5Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d9c9ad98e757b65c5f6c09adbf0045bcSecunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
d967f9287db83ae8cb46eaf4b37a205cSecunia Security Advisory - Core Security Technologies has reported a vulnerability in Microsoft Office Publisher 2007, which can be exploited by malicious people to compromise a user's system.
718a3efd2e7e2e5a94e4cedcb1d2f739Secunia Security Advisory - A vulnerability has been reported in Spree, which can be exploited by malicious people to compromise a vulnerable system.
ab7546fec794c99124e34097c754ec49Secunia Security Advisory - SUSE has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.
319bfd7306156896a11bc2c80ae3da2eSecunia Security Advisory - flyh4t has discovered a vulnerability in GNUBoard, which can be exploited by malicious people to conduct SQL injection attacks.
88f4e296f20d3c732d8df3b3d2fdf14bSecunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
b8b4448a6fedfa67709eca77a195f23cSecunia Security Advisory - SUSE has issued an update for php5. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d184a0ecce69ca6bb0fbb98773d89d0cSecunia Security Advisory - SUSE has issued an update for libopenssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
14166ba43d07173a6c0dfe4dd1e55762Secunia Security Advisory - SUSE has issued an update for libreoffice. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
7ddc891cbabdc43cdbf97d34dae0f7a3
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed