MySQLDumper version 1.24.4 suffers from code execution, cross site request forgery, cross site scripting, local file inclusion, and directory traversal vulnerabilities.
e6b0a6d0eb5642150f170e010552ff83ed91020020af670d6d374c55c6a6add5IPA-IAC.org suffers from a cross site scripting vulnerability.
77a9e2f310258d1940bc0fe562fc77d876b8fef7e84ca4cef9c39a6d6b387064ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
4cc0cb65a43b084856fe6c79649ded144d8b596d567a16eaa32c9ede9bc42ab4Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.
52c7580faddde89c8ddd93ee504f0bd91f907d7b0db98c6e88c400c8de82300cVMware Security Advisory 2012-0008 - VMware ESX updates have been created for the ESX Service Console. The ESX Service Console Operating System (COS) kernel is updated which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. Various other issues have also been addressed.
27151f1e6ac2161133d87031a0879739a1b47509b25590993f62b5efcc45c458HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
ce91c089270db6db060c9c1d7c9215979ae30446e5abfbcc9e91e77982f91126eRealty Shop suffers from a remote SQL injection vulnerability.
2c251560027262d87f3e58becdb1eb1ef90c4a4ac1aea433394fd3f03b13a30dMandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.
a018be1990be06d135afc8ee885fd862474162711692134a45a97fbfa7ed502cMaxxweb CMS suffers from a cross site scripting vulnerability.
38c469861a4a9cf8469dd60047951e878965800747f1740ea27f2c4ac072974cUiga Personal Portal suffers from a remote SQL injection vulnerability in index2.php.
b9152582b0c4f0b77c7e1db220fcefc393f21d4e2076d4a38a60087190e6ac5dUiga FanClub suffers from a remote SQL injection vulnerability in index2.php.
b891f30b05c9592cda7573ce5109fbc6144061bfe8d26859be66aca92711d27ftheEZsite CMS suffers from a remote SQL injection vulnerability.
9d4acd5f831e225a13cf452da26b915dc83f601ab922fbf3a0630f1c39bc075bSource CMS suffers from a remote SQL injection vulnerability.
79b3712cd4d46a746e6e373928813d3bb4c12657dbdfd1e1fecc9438702f9c46SirmaNET Web Design suffers from cross site scripting and local file inclusion vulnerabilities.
82d0637ff83a42cc44ed8c044e1f9e0dcabe34f24bbab3100d24e3c13d2e84a5Yemen Ecommerce Technology suffers from a remote SQL injection vulnerability.
f51b1a1576d7feed485a266362e0cab38dacf7bfad107472d28a3b207289a6f1WTE CMS suffers from a remote SQL injection vulnerability.
3556e960654d7215572a57baccb5310d001a923e6fc6f58654628d9dba33f3e6WebData CMS suffers from a remote SQL injection vulnerability.
5dde49bffb8af6f4ce1f513def31f5d83b95a38b65eb5ef6cd7170d7afab8779SKYUC! version 3.2.1 suffers from a cross site scripting vulnerability.
3982ad9e40a0678d1010f856e07de6df194966b900e7b16bfc6b815020530512Pinnacle Pixel CMS suffers from a remote SQL injection vulnerability.
392bf9f1cc7ca0b7bd7402211e1845dd2a1a29fdc25a66315fec05c5d0663864Joth CMS suffers from a remote SQL injection vulnerability.
e6118f872aee4c1c88eb16c51a5ce4fe2b1d0cf98a7b2f7dadc712606a935e1cUbuntu Security Notice 1430-1 - Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
67ae4e60c7c4227d24e8e863ffc4b31d3d982effbae4356720ddf768ebcda670Ubuntu Security Notice 1430-2 - USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. Aki Helin discovered a use-after-free vulnerability in XPConnect. Various other issues were also addressed.
44f4181bac4074a9c5247b38e39020bfa8f6cf272fcd0fc6ab6e22817c81fadfIrIran Shopping Script suffers from a remote blind SQL injection vulnerability in product.php.
1703679c4b5ba39e6767969af92a5147040e106eb1128223146240fb7bf29163Gold Coast Web Design suffers from a remote SQL injection vulnerability.
432790a06bfbf9cdd71a9fe459409dbe1682c951fd163408259b68d132c4b9c8GO Infoteam Solution CMS suffers from a remote blind SQL injection vulnerability.
508a680a80fc7d14f67ffde36bb99d342b9ffe11b79a9d64160e9079bf7ae904
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed