CSF Firewall suffers from a buffer overflow vulnerability.
cc81c562f832ca97cfa12a0a0300d7b63f4c4ee77bcb4b2807f06aabcfeb8e22Firefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type header is handled in HTTP, but probably makes little or no sense here. With the use of Unicode homographs, you can create fairly believable URLs especially in Firefox.
8b57d561f4e10efd5110b290028c3daaae1403920829de2c3cc32719b52d7e6eSePortal version 2.5 suffers from a remote SQL injection vulnerability.
dea9743f95ed23a9a24fa1697fd0934e16e1afa180ab42f7f2fd042cad1739aeVietsunit Script suffers from a local file inclusion vulnerability.
353b90ec967076706bbf9715833c216a0c448e3d8740d15819209c40ffd1a31bFree Opener local denial of service exploit that creates a malicious .jpg file.
f78d794d7c31426537cbac99be68c06f5d7ff85dd67698856b2a4efb271d0f05Multiple CyberLink products suffer a file project handling stack buffer overflow vulnerability.
47ae6efc123ab0a2d65e2470e0618b50d536f33edb978f5e8d4680db0541507bHTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
e73e95a4311308b98e3825e22e4fe06f71900b0c45ea2c0e25d03563da3eea17Ficha suffers from a remote blind SQL injection vulnerability.
5e04ad4387f661c358613c72b2414f5a7e0415744d5b79a4239e6968248f7f98WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
6e46638034d12ee47a4a4955583b5065ffc4d0142d553c15fc90abbf42ca5b89Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.
dde4d639d451106635a87c7b3b2c41c2b6129d36252423186294aad787478c61CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.
5f7582e4c67739253ed079afcbce2912fb91b1a5d275896bcb931df277369cf8Red Hat Security Advisory 2011-1807-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer to crash or, potentially, execute arbitrary code.
551860bbfbed65bc96b2aec76a0e19d04b2d750157b0bffbc560e1ce21ad6479Ubuntu Security Notice 1297-1 - Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. Various other issues were also addressed.
d90812dfe62d74192f723148eedd422416897927518969173061c4a5f2b9bc9cDocebo LMS versions 4.0.4 and below suffer from remote SQL injection and code execution vulnerabilities.
e46315812d5b95c6f37a97b202851f6750bba6797235113fb00891f28b0a59b7Pet Listing suffers from a cross site scripting vulnerability.
871cd36a36390a281dfaf784d90b9edccf645063687180eeb6aa0c9e5e203aecSecunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session.
b59b645d8b70fbff6b82f794ac3e00dcf7f22a175f08e28863ab32ca4cb6eda3Secunia Security Advisory - A vulnerability has been discovered in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.
fc9433fd6dc61c3f614b797f8a64e067ff269552cfa9b88c5f82911234e66f5fSecunia Security Advisory - A weakness has been reported in HP Application Lifecycle Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
854c1e8570839ea7e64f9960f4c17d1ac965d3a7df87b344998a21d2d52252afSecunia Security Advisory - Red Hat has issued an update for kexec-tools. This fixes two security issues, which can be exploited by malicious, local users and malicious people to disclose sensitive information.
17be39e1459e156495565b9d22d8253b456b9c85abb604020e94466c191e7e29Secunia Security Advisory - A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system.
e0c390b71f6436f8cadaab08dc258e529145c7d81a513e2dc0722899b2eeac87Secunia Security Advisory - A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).
b695688152a6e10c72a2df5a88b4e3373b69dabee3669a352bef93be30f34fdbSecunia Security Advisory - Ubuntu has issued an update for colord. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct SQL injection attacks.
8fb36275cf980778b1dc75959eb1cebd7ae76b222737093ef0f96a305f10d1a6Secunia Security Advisory - A vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system.
47c141f2dd3154603641ea19e0087a83fb7227e67f06c0071c3c3ba2b71f6842Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
804de282c36c3eccf14d64907932e3ff93814a8faa3be97855c926e069cfd485Secunia Security Advisory - Two vulnerabilities have been discovered in SourceBans, which can be exploited by malicious users to disclose potentially sensitive information.
0b0b1e4b687c37ae78a235655274280c13af4b086e58efe676101ec08ac04770
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed