Aura CMS version 1.5 is susceptible to full path disclosure and cross site scripting flaws.
22e6513e068d86c89136d785bf64b15bc83811190025db52b304037ba642137aSecunia Security Advisory - Filip Groszynski has reported a vulnerability in PHPNews, allowing malicious people to compromise a vulnerable system.
50809f6a72f63d1c28f64be60e277cec3946bcbabaa9f5b87e948a477b227e7aSecunia Security Advisory - Three vulnerabilities have been reported in CA Unicenter Asset Management, which can be exploited to gain knowledge of sensitive information or conduct script insertion and SQL injection attacks.
500b37d26900a858db46fce3d49e80ce8df4ef086f179e73e2773e1a6f0250a0Secunia Security Advisory - Kozan has discovered a security issue in Einstein, which can be exploited by malicious, local users to gain knowledge of sensitive information.
4e6078ba54cc2c3d58a7ff432fa9dffc3ca03b2781f6895c1586bc789b1750b8Various versions of Realplayer are susceptible to a heap overflow vulnerability in the .WAV file format when being opened. Under Windows, the following versions are affected: RealPlayer 10.5 (6.0.12.1056 and below), RealPlayer 10, RealOne Player V2, RealOne Player V1, RealPlayer 8, RealPlayer Enterprise. Under Linux, the following versions are affected: RealPlayer 10 (10.0.0.2 and below), Helix Player.
359c580e54c96a6991290df4135edc4fda022168df80da8721508a4c75bfe410Foxmail server version 2.0 is susceptible to a boundary error condition in the handling of the USER command. Sample denial of service exploit provided.
9c68bae6af3a4d5f3cef5524179a812796007785a8030de3e0267b20cad992fcGentoo Linux Security Advisory GLSA 200503-04 - NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Versions less than 0.10.0-r2 are affected.
df226c3a49d66b05d66cd77cfcaeaa0c611a664db9b99058b57ebae61bd6595diDEFENSE Security Advisory 03.01.05 - Remote exploitation of a stack-based buffer overflow vulnerability in the The Synchronized Multimedia Integration Language (smil) file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code.
2632879bb5375cffc7b6de250f1ab88228e76ba9eb83439be161087ec3c781cdPHP News version 1.2.4 is susceptible to a remote file inclusion vulnerability.
1c306241a4253d288b7a6ffb7325eb604683c91d5bb1d2758c5e2b424b827321Gentoo Linux Security Advisory GLSA 200503-03 - Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly (CVE-2005-0472). Malformed HTML code could lead to invalid memory accesses (CVE-2005-0208 and CVE-2005-0473). Versions less than 1.1.4 are affected.
a9b09c5829b2777d1130c2249d11cad703352dfadec48b89a16cc99c6e9f3683Gentoo Linux Security Advisory GLSA 200503-02 - It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the Enable remote avatars and Enable avatar uploading options are set (CVE-2005-0259). He also found out that incorrect input validation in usercp_avatar.php and usercp_register.php makes phpBB vulnerable to directory traversal attacks, if the Gallery avatars setting is enabled (CVE-2005-0258). Versions less than 2.0.13 are affected.
b4cb2c0bc5261f26b321b308ca3bb029882790cb78626aa79aa2b52c25a7c28aA flaw in PBLang 4.63 allows logged in users to delete another user's PM.
5e3cc7c61d07865ddffc43e6b349a3f23d299a4419ae5e573404fb52b77c58d5sendpm.php in PBLang 4.63 allows logged in users to view password hashes of other users.
ebc77ac7b1bdabadb4c6d15fc2692a10091e6e66b2dc34a73e59a490349604ccThe profile.php script in 427BB is susceptible to cross site scripting and remote command execution flaws.
609a0dcb3fac72bf68ee3de64dc308e763c54ad82f66729d53d627c903561439The profile.php script in 427BB is susceptible to cross site scripting attacks.
4e9b2a108ce0209eee52a787a7d44753ccb13dd0893f2c24c26f69b5cac98cceThe search.php script in Forumwa is susceptible to cross site scripting attacks.
6911e2b42224dba3a55f9e2c2d8696ec1a86792045002b7986a1b2a090c0c163Gentoo Linux Security Advisory GLSA 200502-33 - A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code does not sufficiently sanitize input parameters. Versions less than 1.3.11 are affected.
e2bb16e8ac7ba8087dd169d4a4560ccd2c7f8a3bdfe6571d31faf58c377796d1Kiosk is a Palm hack/DA combination that can be used to lock a Palm handheld to a single application. When activated, only the current application can run, and a password is needed to launch other applications. This is useful when loaning a PDA to a child or to a co-worker to use for a specific purpose.
9edb5cc3c78b10a6d42f3d617273e8eb8e967de77a1498147470f8d351171a6aTraceproto is a traceroute replacement that allows the user to specify the protocol and port to trace to. It currently supports TCP, UDP, and ICMP traces.
5310f40c3769577e9604b07ccf1039536eaa4e24486f24a971cb9647278ae69eVuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
dea3e44a5931800f0fdd62a326a185fbe338387b2ff711c18d89e2fef050df68
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed