CSF Firewall suffers from a buffer overflow vulnerability.
db727d65fbb00f16a709a2c8c510383c
Firefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type header is handled in HTTP, but probably makes little or no sense here. With the use of Unicode homographs, you can create fairly believable URLs especially in Firefox.
0b64bc5e8487abfa6e49c3b0e324b12a
SePortal version 2.5 suffers from a remote SQL injection vulnerability.
496666e10a8d51f887d37677dc5bfdf4
Vietsunit Script suffers from a local file inclusion vulnerability.
9e13792b9133c5451a60e37911776718
Free Opener local denial of service exploit that creates a malicious .jpg file.
ceddc7e16be3678a1a2f197e3a7282c4
Multiple CyberLink products suffer a file project handling stack buffer overflow vulnerability.
40c4212ec2b7b74593f44d50562a722b
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
aefef4e78f84322cb0e770893f62b152
Ficha suffers from a remote blind SQL injection vulnerability.
c9e5ca37329be466478d7af1bf98711b
WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
983c15146c1156bde098d9e81f412157
Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.
def059b81354c49994d1128fdf133f47
CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.
9435d2cbd0b2a3a7c849068263dac9ff
Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
2a4b80e4a8cf02b7d8ebf21cb5a9adbb
Ubuntu Security Notice 1297-1 - Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. Various other issues were also addressed.
ce1617b82ce87632b4a9519fd8b13045
Docebo LMS versions 4.0.4 and below suffer from remote SQL injection and code execution vulnerabilities.
fddbc1f9aafd6746e19ae1aaf615a654
Pet Listing suffers from a cross site scripting vulnerability.
4b4a29e9ecfd716ed0901e19d7242539
Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session.
d16778be3eee2eb3d652d44bc26bb9c9
Secunia Security Advisory - A vulnerability has been discovered in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.
6f8606b0cf7016214f699f21cfbb0d77
Secunia Security Advisory - A weakness has been reported in HP Application Lifecycle Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
6f97154c6fb1c62b858df16aaf3963c1
Secunia Security Advisory - Red Hat has issued an update for kexec-tools. This fixes two security issues, which can be exploited by malicious, local users and malicious people to disclose sensitive information.
d2734d6ae8f2d94c50d88a1c9b618d13
Secunia Security Advisory - A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system.
846a90b866871c0855bd23c307638b44
Secunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).
54f8a96289ad8dd0f321056b69f3bb67
Secunia Security Advisory - Ubuntu has issued an update for colord. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct SQL injection attacks.
5e15d0e66ee440256712cf5bc44caecd
Secunia Security Advisory - A vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system.
ef9e72b82ec502d06d9a0d5ea6a3e3e2
Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
c3395559fa8d45553e0c090e6c1e1a1c
Secunia Security Advisory - Two vulnerabilities have been discovered in SourceBans, which can be exploited by malicious users to disclose potentially sensitive information.
ac81ce2e26e7e9932bdf636e98f7b74b