MyPHP Forum version 1.0 is susceptible to several SQL Injection vulnerabilities that may lead to viewing of sensitive information, including hashes of user's passwords.
02ffa72f4490fdd890dd2d57ef4a6d33632c102663382dac5725fbbc6bf21869The SafeNet SoftRemote VPN client has an issue where a password is stored as clear text in memory.
4ddf3ab879d0979c09c314bbcf63db87068c3b3d1bffa3e1403cc152a76748afphp-fusion 4.x has a bypass vulnerability where a remote attacker can view any thread.
c7ed125f9030d5ddd42cd6eefbd5b3f3c4ed2a1d8327228f82d6f55f50e50a2cA sign extending bug in AppleFileServer exists while parsing a FPLoginExt packet. Exploit included.
f172aaf165f55268a1cc2d2eb0e697bd235cf9e069b14565a19c5b48a3a6788fWhite paper discussing web application footprints and discovery methodology for web servers hosting multiple web applications.
51f2b357535a04ed528e35ff209d1544050e9ec8990d03bddf56be14b2c0d5c0A directory traversal vulnerability was found in 602LAN SUITE's Web Mail file attachment upload feature that may be exploited to upload files to arbitrary locations on the server.
d1e62e37804a53dc78c20de47ee46e113a4de98ba83f5baabc71e5e4e2eee35ckses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, no matter how malformed HTML input you give it. It also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks, among other things.
e9bee41940b31705d7a37e1abef91138bcd038e3f0b86ffc9b0e2ca4c0f451a3iDEFENSE Security Advisory 02.07.05 - Local exploitation of a format string vulnerability in the chdev command included by default in multiple versions of IBM Corp.'s AIX operating system could allow for arbitrary code execution as the root user.
d7c9bca37286ed5ad97f11f281e8f69e4f56ba0601fc282e185945e8f036b5a8An ident client that outputs the username to stdout. Optionally, it can detect botnet and fake ident servers based on RFC 1413 deviance.
46cc78f13373988a33451ab3dcdcd513ad968ddf32bb1c40d326def3e649dee0Google's custom-crafted MX software is susceptible to a trivial buffer overflow vulnerability.
396737d94e8af9b562e87e15793607ec6157f8a039b69c9e0857d9830f7708c5iDEFENSE Security Advisory 02.07.05 - Remote exploitation of a command injection vulnerability in the Squirrelmail S/MIME plugin allows web mail users to execute arbitrary commands with the privileges of the web server.
35671328df6ad7b30df6bdca6e66a1bb2b1ad41710b19633efa94975faefefa3Gentoo Linux Security Advisory GLSA 200502-08 - PostgreSQL's LOAD extension is vulnerable to a local privilege escalation discovered by John Heasman. A local user can load any shared library, but the initialization function will then be executed with the permissions of the PostgreSQL server. Versions below 7.4.7 are affected.
615533cf8617ef7e96f68bfb83a60648ec43b2505242c675705f212cf1e23d2cUsing plugins like Flash and the -moz-opacity filter, it is possible to display the about:config site in a hidden frame or a new window in Firefox 1.0 and Mozilla 1.7.5.
c7cedd28bcc9f676fdc00b491f4c17d87ecc083eb62153962929c8cfa0956d21The Javascript security manager can be bypassed when a link is dropped to a tab in Firefox 1.0 and Mozilla 1.7.5.
7cec86bc934ea6cea05a1709645f91946c041eac917919abc3f8c3a2521d4edcFirefox built-in protection against allowing dragged non-image files can be bypassed when an executable is passed with a content-type of image/gif. Tested with Firefox 1.0 and Mozilla 1.7.5.
89c610f95e5084fbbd9fffd302c959d26a3a3d494bde761f4320c56b831760b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed