11in1 CMS version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.
8f338fea05da8a70b14eac783e7ae853bff8a0601221110a05476767993f0b9dOpen Compute Project suffers from a cross site scripting vulnerability.
88e6bde7b4c4895292ce9f4a199b111a24d596ec4238e6e02d7a952e19a48ef4Etano version 1.x suffers from multiple cross site scripting vulnerabilities.
28b57175c61bb258524bb27853354f3bca4d3306fb2ca9247fdf33298840c1e0ZB Block version 0.4.9 Final suffers from cross site scripting vulnerabilities in the User-Agent and Referer headers.
c14c01d2f9b5490074a0f43558bc480240ede588e35082f8a3c66d424173a91eDej CMS suffers from a remote SQL injection vulnerability.
a7d1c2eecc91ab2fdc1ae5c516aa0dc7a39a3ae2e3e501334e83b556f7641528The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.
41c5e9ed24bcfedc86e11b0fbb5e857209c2e898342bd3b498a8707a5985fdadUbuntu Security Notice 1382-1 - Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact.
6197a7d618282d62205a6a7b667ca47b5e9604ccf33b90b4f62aea535d58518bThe Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
edd85665d7b90ac56ede22daa681765beb0fda23fc185dbf676283c9186e6397The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
318900245c518a8794796a8f52d7da21d13c57f032476a863283f40f224062c0Open-Realty versions 2.5.8 and below suffer from a local file inclusion vulnerability.
b7403ee8713627a04dee9c28d85404db32ef1423c9f7f749ddb3a171f72c378bLizard Cart suffers from a remote SQL injection vulnerability.
4cf5c87edb263c7d0e6dacf4371892c991d7ae35cdbe5f4c87d69d4506498f86This Metasploit module exploits a vulnerability found in Sysax's SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. Please note that previous versions (before 5.53) are also affected by this bug.
4c79bc67dd01aa9c6f086a33e5e924a0b8feec60ac0ce68bacb83a81e643b256Secunia Security Advisory - Debian has issued an update for plib. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
062baec2ccd14826ea060543332c49e6cf4e93bb307e5ea2d1bd6152901506bfSecunia Security Advisory - A vulnerability has been reported in Refinery CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
4e433f68592f72d3d7f1949adfc6dd83d689e5ae69d72da1198573d277a322eaSecunia Security Advisory - Debian has issued an update for movabletype-opensource. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system and by malicious people to conduct session hijacking, cross-site scripting, and cross-site request forgery attacks.
fdf07a2f47f0b896780d2fc0ed194cffa8131c64218cbae7ed5779ec74ef20a1Secunia Security Advisory - A vulnerability has been reported in Parallels Plesk Panel, which can be exploited by malicious people to conduct SQL injection attacks.
25eb28f694bc47be7ded7a5b133263b7d7d8b252f5303fa2a187951b39df9157Secunia Security Advisory - A vulnerability has been reported in the Witze addon for deV!L'z Clanportal, which can be exploited by malicious people to conduct SQL injection attacks.
ffc5ef0672c3dc0b09eef95981a013b8785bbc3f4fa30ac110036be49fc2fc11Toronto Web Design suffers from a cross site scripting vulnerability.
469b950fab3a913816f7a78be0c0c5769e996236773cce5d5008bc8a489a89edJhwebstudio suffers from a cross site scripting vulnerability.
4e064aae257ace6ea73fa453639ca5842a8464f8a063e80d443136e3c2688db4Secunia Security Advisory - Two vulnerabilities have been discovered in RivetTracker, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
ba094eb7d07f2e24dba29c7ad9b63c7d425928f7d175522ca8d4ffa2a787f5abSecunia Security Advisory - Debian has issued an update for libxml-atom-perl. This fixes a vulnerability, which can be exploited by malicious people to potentially disclose sensitive information.
51c77e17c64624a02c1d6ad96a52d91f1b5e5a4752e7a45deae9228de184095aSecunia Security Advisory - Two vulnerabilities have been discovered in AjaXplorer, which can be exploited by malicious people to disclose potentially sensitive information.
82d1724348ec2fdd45b1209d4347435d4e7e229fc02e33fe68b8ccad0673d5c9Secunia Security Advisory - A vulnerability with unknown impact has been reported in Novell ZENworks Configuration Management.
759423f080b34dd26675c4324e18342e9362c5f703b85a360b333a771a8ec11c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed