TinyDir versions 1.2.5 and below suffer from a buffer overflow vulnerability with long path names.
cdcc3ee8902aca56a1a663bef58fe0cd58c43fd5918cc6c25bfa566f389d2573Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.
7488c1f8cb39c45a8e6fb8d221877649d21afc6a14f9c3eceb2b735b03ccc617PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability.
91df452bdb8414c73939d446206345890d6047ab573faf07167ba3465035c78fNikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
fb0dc4b2bc92cb31f8069f64ea4d47295bcd11067a7184da955743de7d97709dPHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
c4139915e46fef357730abad6be1bb960a85b529ac04b96475adeb2dae8eea93PHPJabbers Appointment Scheduler version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.
bfc938e6e7895ad38fb6bab62ee404ab6d5c6f4f9a1fc5f93e362333dc7bc331PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities.
4e08e35e0e0eda4f6efe64d3e3a3248c3265ce78404eb2cf8969e8ea0bb8ae23October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.
d580a80cc73913f04ace7c62f85113ce9e77937e62898798e82b472da77074cfOctober CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.
36668205e95cab2b322636af7be77779877c012806877e9084103fc48afda16bOctober CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.
96b738ec0ed1ddb9e322f25138fff8f77ecb84dbd07ba3530ee0039680c3f1c1October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.
fa27de65868b7a449ef6325d904dca7874168f0b58c222353c466ee363abde93October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.
ca674a079c1f7de869829d79e2a37dbd839d64c194a488dc6d93277574fbe1fePHPJabbers Car Rental version 3.0 suffers from an html injection vulnerability.
b615ce21c59a8802d26a9e4c2d6d5d4123022b8add6057aafeee363a9a711421Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.
ad83f1762f0c9b91d83173c5919f250795adb5f0c74dd9b083106a33e56ea5bfPHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.
88613e2e49fa83781333027bf741fc0382e56bffb3e5b621cf78a84757587689PHPJabbers Car Rental version 3.0 suffers from a CSV injection vulnerability.
76d5aaed8fb6f55066b5e1736817c5e918c51cfd401081fba181ad61f4ba7327R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.
957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54dPHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
1e25466f2392b79cadc7889f8e530e0d2c5c8b2ee6f9c3217853e9ae88e4758bPHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
f1dfb0019c57abd3c9019650a3666922144cd5fc0bd2146660251fb2bbdc05e1Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.
2165f4c4088cccb2ffaafd3edfa36139e6ace90f396a6bfcbb446462f67e2115Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.
7957822e1b93b14f04419323dbc94e28eb76fa05e363e9d72f263770555fc295PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.
6cecb49be3b4173f435cb87183129cce9d33ac6ef6f5040530cfde4c84ed1ffbPHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability.
c937c34f8c7bdd3e156a5b73f2fa9b7e49ce5e0b41400346a7073e8ca4695178PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.
e6b45e3f61a13423e59c968e1a0aa93d94b7096aa974eb58f208e7e877969979PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.
ab9a0351616ce7e96456782c9f900796587b91b053d7a4d36f897369ad715f8d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed