Cisco Security Advisory 20040317 - A new vulnerability in the OpenSSL implementation for SSL has been announced. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack.
42b7301b69fb615efdd79960fe4a0a79c2e23d757d2404a1777bb41cce77e433OpenSSL Security Advisory - A Null-pointer assignment during an SSL handshake can result in a denial of service. Versions 0.9.6c to 0.9.6k and 0.9.7a to 0.9.7c are affected by this issue. Versions 0.9.7a, 0.9.7b, and 0.9.7c are affected by another vulnerability in the handling of Kerberos ciphersuites that can cause OpenSSL to crash. Patches are attached to the advisory.
74e5edb8b95d18badf28cf2d243789474aa52058185bcdddde38d9e1318f98b5PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.
fb0bbfeaadbd58d619c24ee87dd0140c31f995df5bbf874802ab65ece9d08f64S-Quadra Advisory #2004-03-15 - ModSecurity 1.7.4 for the Apache 2.x webserver series is vulnerable to a remote off-by-one overflow that allows for arbitrary code execution. Version 1.7.5 has been released to address this issue.
46914b1d1e2b2200f173555807ff77394e863e8d79257fe7862682dac2771be0The Mambo Open Source web content management system version 4.5 stable 1.0.3 and earlier suffers from multiple vulnerabilities including cross site scripting, SQL injection, and query tampering.
eb69cdd423873abc07892485078b6e9b2d11df2891ed76993754c49b73c5c23cJelsoft vBulletin 3.0.0 RC4 and other releases and susceptible to cross site scripting attacks.
9ba7da743e628349c8ee4a1a744b90aa09ff076bcd1c22b86689eb34a1126b4eLocal exploit for the Crafty game versions 19.3 and below that makes use of a buffer overflow vulnerability. Tested on Red Hat 9.0 and Slackware 8.0.
82dbacb90891acc5cb1caec18b225e003314199535445fa71cd2de41626faf7dA vulnerability exists in the Crafty game versions 19.3 and below that allows a local user to escalate privileges via a buffer overflow.
d713ebffde11218f34d8b01dc14e79a08b13899fd42c6dc9b3f2f306677c6691Cross site scripting vulnerabilities exists in Phorum versions 5.0.3 Beta and below.
5b4e2faeef8fc7c76847ad3ef1332b7b89e7e904e4fcb3dad65ce3a6d8adb457Both cross site scripting and SQL injection vulnerabilities exist in the 4nGuestbook version 0.92 module for PHP-Nuke versions 6.5 through 6.9.
f732ec2b913b6d095bd8180dac6ad638b87e3c15c8c333cfdacde98395e7fb6dThe 4nalbum module for PHP-Nuke versions 6.5 to 7.0 suffers from path disclosure, cross site scripting, remote file inclusion, and SQL injection vulnerabilities.
b72910a8ea7f3795a3370ca420ebdd0d9f784cdcd93d78ee2fde747165559de9PHP-Nuke 7.1.0 is susceptibel to multiple cross site scripting attacks.
bf21be75eb9e862841810c4026922d4b2d10f41775f4e6120c0f1755aee6e9a2Multiple vendors suffer from a denial of service vulnerability in their SOAP servers. Products affected: Macromedia ColdFusion/MX 6.0 and 6.1, ColdFusion/MX 6.0 and 6.1 J2EE, all editions of Macromedia JRun 4.0, and Sun Java System Application Server 7 Update 2 Upgrade and prior releases.
edfd88863f29ed6adcb5fa19d6baa42407918c5ba0a3e4f0296be2a21ea83fbd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed