Mandriva Linux Security Advisory 2012-139 - Multiple vulnerabilities has been discovered and corrected in postgresql. libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
b66de77e22452889b471a5c1be59d2a1Mandriva Linux Security Advisory 2012-140 - Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. The updated packages have been patched to correct this issue.
52209cb708f5309b599ec9fd0418633bSysAid Helpdesk Pro version 8.5.04 suffers from a stored cross site scripting vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
506dfea341f0b90490797c996febf32dSysAid Helpdesk Pro version 8.5.04 suffers from a remote blind SQL injection vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
5f57e3a1240ad05156fea1274af35a9eMoodle CMS version 2.2.1 suffers from a stored cross site scripting vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
346303279526efe88a7feb84129057f5Squiz CMS version 11654 suffers from a directory traversal vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
99ce265b57d5041a0966c0106fb9e8caApple Security Advisory 2012-08-20-1 - Apple Remote Desktop 3.6.1 is now available and addresses a failed encrypted connection that may result in an information disclosure vulnerability.
030da124f48598fbe36c590572e0ce19This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. In order to trigger the vulnerability valid credentials with the create folder permission must be provided. The HTTP option must be enabled on Sysax too. This Metasploit module will log into the server, get a SID token, find the root folder, and then proceed to exploit the server. Successful exploits result in SYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
17a13fb4ba1bb14aeec150eb94056c58Divx version 6.8.2 suffers from a denial of service vulnerability.
024bea783395e36718f72329eb049668Debian Linux Security Advisory 2531-1 - Several denial-of-service vulnerabilities have been discovered in Xen, the popular virtualization software.
30004334d377c624c01f26244b3795f8Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
f945a0e1b2466086833090bc9728b047Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
8119619c1e305025723c2b28001aaa71Secunia Security Advisory - Two vulnerabilities have been reported in Hastymail2, which can be exploited by malicious people to conduct script insertion attacks.
dc6ca3c0ac950e220bb6a46b95261ff7Secunia Security Advisory - Debian has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
2129db3f77ff1f8d0f784b21d6852932Secunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
32316c52a7ab95c6a3c98c8adc4cd842Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
f403ba7215219937703494cb331a88f7Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
284d37449184705558b9c23d20e6818eICAL version 1.0 suffers from a remote SQL injection vulnerability.
d1d8c5dc3eac6466166e6bc05fada0f0Secunia Security Advisory - A vulnerability has been reported in HP ServiceGuard, which can be exploited by malicious people to cause a DoS (Denial of Service).
08bc02097cc10ef89223b842837a5181Secunia Security Advisory - A vulnerability has been reported in OTRS, which can be exploited by malicious people to conduct script insertion attacks.
90105a328fa032e5aeef421eb382652bSecunia Security Advisory - Some vulnerabilities have been reported in GIMP, which can be exploited by malicious people to compromise a user's system.
81ba0b3d529aee2bdf71fd95381e2667Secunia Security Advisory - Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.
59f864372e600aca224258f59901094aSecunia Security Advisory - A vulnerability has been reported in McAfee SmartFilter Administration, which can be exploited by malicious people to compromise a vulnerable system.
468feb2c3133de4ee75966ddc4fe596fSecunia Security Advisory - Some vulnerabilities have been reported in MDaemon, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
ba460f382bb586f3c1aa7768c5e978eeSecunia Security Advisory - Ubuntu has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
e4947ac264932aa1e75ead827583715a
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed