XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.
56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".
8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18A certain remote message parsing function inside the Dameware Mini Remote Control service does not properly validate the input size of an incoming string before passing it to wsprintfw. As a result, a specially crafted message can overflow into the bordering format field and subsequently overflow the stack frame. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the dwmrcs daemon.
390aaf7607e85e8afb085d15df6d452b7949bc6e25747b8967ebc5477a0bd05bXOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.
5671c965146caf650a197ba8bd998b42a8f8678ee755c3c18fe39b0d594be1f2This paper discusses different techniques that an attacker can use to bypass NoScript Security Suite Protection. These techniques can be used by malicious vectors in bypassing the default installation of NoScript. The paper also provides solutions and recommendations for end-users that can enhances the current protection of NoScript Security Suite.
5f37e8e3412f1440fa6c6a360ed379f128cc4ea278c023e5f3855760b77ba3a5The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package
c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.
e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73Ubuntu Security Notice 2935-3 - USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging change that prevented upgrades in certain multiarch environments. USN-2935-2 intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This update fixes the problem in Ubuntu 12.04 LTS. Various other issues were also addressed.
3e9933c3392df31758f731285c88184afdd9639579d77bb96ea3bdb624d50473Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
485b9171a90d97d3535702a0ede0b959ebbd40967e2461c3bd36d33eeda6ebd6Debian Linux Security Advisory 3519-1 - Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.
83c773cd1a9d89c83c1cadc236dc7ddc69687ff0afc1fa763fc23b17d53cd00cBigTree version 4.2.8 suffers from object injection and improper filename sanitization.
bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3PivotX version 2.3.11 suffers from a remote shell upload vulnerability.
1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109PivotX version 2.3.11 suffers from a directory traversal vulnerability.
3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5ePivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.
31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.
64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337aOWASP is currently soliciting papers for the OWASP AppSec USA 2016 conference that will take place at the Renaissance in Washington, D.C. October 11th through the 14th, 2016.
ca028335421923ddd06f460662acd29726fc4ad07b6195f52fa8ee3b60b5cbcc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed