MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
e6b0a6d0eb5642150f170e010552ff83ed91020020af670d6d374c55c6a6add5
IPA-IAC.org suffers from a cross site scripting vulnerability.
77a9e2f310258d1940bc0fe562fc77d876b8fef7e84ca4cef9c39a6d6b387064
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
4cc0cb65a43b084856fe6c79649ded144d8b596d567a16eaa32c9ede9bc42ab4
Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.
52c7580faddde89c8ddd93ee504f0bd91f907d7b0db98c6e88c400c8de82300c
VMware Security Advisory 2012-0008 - VMware ESX updates have been created for the ESX Service Console. The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. Various other issues have also been addressed.
27151f1e6ac2161133d87031a0879739a1b47509b25590993f62b5efcc45c458
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
ce91c089270db6db060c9c1d7c9215979ae30446e5abfbcc9e91e77982f91126
eRealty Shop suffers from a remote SQL injection vulnerability.
2c251560027262d87f3e58becdb1eb1ef90c4a4ac1aea433394fd3f03b13a30d
Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.
a018be1990be06d135afc8ee885fd862474162711692134a45a97fbfa7ed502c
Maxxweb CMS suffers from a cross site scripting vulnerability.
38c469861a4a9cf8469dd60047951e878965800747f1740ea27f2c4ac072974c
Uiga Personal Portal suffers from a remote SQL injection vulnerability in index2.php.
b9152582b0c4f0b77c7e1db220fcefc393f21d4e2076d4a38a60087190e6ac5d
Uiga FanClub suffers from a remote SQL injection vulnerability in index2.php.
b891f30b05c9592cda7573ce5109fbc6144061bfe8d26859be66aca92711d27f
theEZsite CMS suffers from a remote SQL injection vulnerability.
9d4acd5f831e225a13cf452da26b915dc83f601ab922fbf3a0630f1c39bc075b
Source CMS suffers from a remote SQL injection vulnerability.
79b3712cd4d46a746e6e373928813d3bb4c12657dbdfd1e1fecc9438702f9c46
SirmaNET Web Design suffers from cross site scripting and local file inclusion vulnerabilities.
82d0637ff83a42cc44ed8c044e1f9e0dcabe34f24bbab3100d24e3c13d2e84a5
Yemen Ecommerce Technology suffers from a remote SQL injection vulnerability.
f51b1a1576d7feed485a266362e0cab38dacf7bfad107472d28a3b207289a6f1
WTE CMS suffers from a remote SQL injection vulnerability.
3556e960654d7215572a57baccb5310d001a923e6fc6f58654628d9dba33f3e6
WebData CMS suffers from a remote SQL injection vulnerability.
5dde49bffb8af6f4ce1f513def31f5d83b95a38b65eb5ef6cd7170d7afab8779
SKYUC! version 3.2.1 suffers from a cross site scripting vulnerability.
3982ad9e40a0678d1010f856e07de6df194966b900e7b16bfc6b815020530512
Pinnacle Pixel CMS suffers from a remote SQL injection vulnerability.
392bf9f1cc7ca0b7bd7402211e1845dd2a1a29fdc25a66315fec05c5d0663864
Joth CMS suffers from a remote SQL injection vulnerability.
e6118f872aee4c1c88eb16c51a5ce4fe2b1d0cf98a7b2f7dadc712606a935e1c
Ubuntu Security Notice 1430-1 - Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
67ae4e60c7c4227d24e8e863ffc4b31d3d982effbae4356720ddf768ebcda670
Ubuntu Security Notice 1430-2 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. Various other issues were also addressed.
44f4181bac4074a9c5247b38e39020bfa8f6cf272fcd0fc6ab6e22817c81fadf
IrIran Shopping Script suffers from a remote blind SQL injection vulnerability in product.php.
1703679c4b5ba39e6767969af92a5147040e106eb1128223146240fb7bf29163
Gold Coast Web Design suffers from a remote SQL injection vulnerability.
432790a06bfbf9cdd71a9fe459409dbe1682c951fd163408259b68d132c4b9c8
GO Infoteam Solution CMS suffers from a remote blind SQL injection vulnerability.
508a680a80fc7d14f67ffde36bb99d342b9ffe11b79a9d64160e9079bf7ae904