CSF Firewall suffers from a buffer overflow vulnerability.
db727d65fbb00f16a709a2c8c510383cFirefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type header is handled in HTTP, but probably makes little or no sense here. With the use of Unicode homographs, you can create fairly believable URLs especially in Firefox.
0b64bc5e8487abfa6e49c3b0e324b12aSePortal version 2.5 suffers from a remote SQL injection vulnerability.
496666e10a8d51f887d37677dc5bfdf4Vietsunit Script suffers from a local file inclusion vulnerability.
9e13792b9133c5451a60e37911776718Free Opener local denial of service exploit that creates a malicious .jpg file.
ceddc7e16be3678a1a2f197e3a7282c4Multiple CyberLink products suffer a file project handling stack buffer overflow vulnerability.
40c4212ec2b7b74593f44d50562a722bHTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
aefef4e78f84322cb0e770893f62b152Ficha suffers from a remote blind SQL injection vulnerability.
c9e5ca37329be466478d7af1bf98711bWeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
983c15146c1156bde098d9e81f412157Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.
def059b81354c49994d1128fdf133f47CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.
9435d2cbd0b2a3a7c849068263dac9ffRed Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
2a4b80e4a8cf02b7d8ebf21cb5a9adbbUbuntu Security Notice 1297-1 - Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. Various other issues were also addressed.
ce1617b82ce87632b4a9519fd8b13045Docebo LMS versions 4.0.4 and below suffer from remote SQL injection and code execution vulnerabilities.
fddbc1f9aafd6746e19ae1aaf615a654Pet Listing suffers from a cross site scripting vulnerability.
4b4a29e9ecfd716ed0901e19d7242539Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session.
d16778be3eee2eb3d652d44bc26bb9c9Secunia Security Advisory - A vulnerability has been discovered in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.
6f8606b0cf7016214f699f21cfbb0d77Secunia Security Advisory - A weakness has been reported in HP Application Lifecycle Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
6f97154c6fb1c62b858df16aaf3963c1Secunia Security Advisory - Red Hat has issued an update for kexec-tools. This fixes two security issues, which can be exploited by malicious, local users and malicious people to disclose sensitive information.
d2734d6ae8f2d94c50d88a1c9b618d13Secunia Security Advisory - A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system.
846a90b866871c0855bd23c307638b44Secunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).
54f8a96289ad8dd0f321056b69f3bb67Secunia Security Advisory - Ubuntu has issued an update for colord. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct SQL injection attacks.
5e15d0e66ee440256712cf5bc44caecdSecunia Security Advisory - A vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system.
ef9e72b82ec502d06d9a0d5ea6a3e3e2Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
c3395559fa8d45553e0c090e6c1e1a1cSecunia Security Advisory - Two vulnerabilities have been discovered in SourceBans, which can be exploited by malicious users to disclose potentially sensitive information.
ac81ce2e26e7e9932bdf636e98f7b74b
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed