A cross site scripting bug exists in phpBB 2.0.16.
df2d7e5c9a2e12f4c7d1163c9b83c906b93e8f7598c2b9a5923bbc30341a93d3QuickBlogger version 1.4 and below is susceptible to a cross site scripting attack.
ff3e82e8c502f427c05bcddb61b4a211c3bbd510fcae82f3c5f0ed4868c38b20Gentoo Linux Security Advisory GLSA 200507-05 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed deflate data stream to overrun a buffer. Versions less than 1.2.2-r1 are affected.
63f68356a58d88284addd99b7f7714f60f275a5674597e8a3ec1dd09f4e6c7deGentoo Linux Security Advisory GLSA 200507-04 - RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Versions less than 10.0.5 are affected.
7c674545a056f76a86c928708d7359a84077536fd75e8d56a65241ea7da03b36ekg versions 2005-06-05 and below suffer from a temporary file creation vulnerability that can lead to arbitrary code execution.
f3e3068a5e4291be5395ccfdd515de3b42a8eb9539016b6057bb6f8c1704c6caIMail appears to store the password for an account in clear text in cookies issued.
d8338cb4182c4ec4004a9f4df0e8293a7cf7f66851e05a3791e62ac6888ec34fDebian Security Advisory DSA 734-1 - Two denial of service problems have been discovered in Gaim, a multi-protocol instant messaging client.
f0912041f297f3512a414df1b46808b71bcea8fe37cefeebea9cf83b55fd3c80Exploit that makes use of a PHP injection vulnerability in Drupal.
2950393b3baea1845cb16347e03ac6cafb03d7e51cd06e0ae9094e105086337akpopper versions 1.0 and below suffer from an insecure temporary file creation vulnerability. Exploit included.
5e595cc68818ef185cddc15d72da4f21886c1d6c97c53cf9a675490f90ec37d9Geeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.
a7ca782761e0a409376d36cda0394ae4d439ee0ee330b8036371ab950806d143ASPJar is susceptible to a SQL injection attack via the password variable when logging in.
1744371333b6a39c3ec78bf9e9876bae660ef924c69ad6618eacd2abfd0e2f2cpam_ldap/nss_ldap fail to re-start TLS when following referred connections. This can result in credentials being sent in clear text when pam_ldap/nss_ldap attempt to rebind.
1db5cbc54ba4644e91c2b2907322e4a9a27bfa0dd7dfca936d22f23a82360a6fDebian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
49aa3aade8c068810ebb48865f06b64d93429832060adee89ddb3a60867fd38aPlanetFileServer version 2.0.1.3 is susceptible to a denial of service attack that causes the server to crash. Exploit provided.
068ea01417f9ad0e399b81ab3b7a9174755e126167c392076abf1ecdd89fe778Gentoo Linux Security Advisory GLSA 200507-03 - Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Versions less than 2.0.16 are affected.
b22899b77e65063d3709e981c44dc253e3c40e6b706c50b7a77d3c8af576a631Gentoo Linux Security Advisory GLSA 200507-02 - James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Versions less than 1.5.1.3 are affected.
8ef3cc7830aa91d24d15b2d98e64f7bac2893ffe531033defa532c1d06a66f2aThe Quick and Dirty PHPSource Printer version 1.0 is susceptible to a directory traversal attack. Exploitation provided.
061998888d86c014b05d9604aaf58f6d5469167eeef964535422a7b3559412acGentoo Linux Security Advisory GLSA 200507-01 - James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanitize input sent using the POST method. Versions less than 1.3.1 are affected.
1ccfd7f91652298e66cd06e890e188a97d9b460fd9f05dfd6e4e738dc832354cXMLRPC remote command execution exploit. Original flaw discovered by the people at gulftech.org.
39d8bc75dc5318a886472ee7b9bb3ea89521c077251144a4bbbe8d58658e66b7JBoss jBPM suffers from a remote command execution flaw that allows a remote attacker to execute commands with the rights of the JBoss process.
b6366cd9f0cc53fbd4d73248a7eb8dce5d3fc8b82e395db714cead860175645dCacti versions 0.8.6e and below suffer from a bypass vulnerability.
37222644fbba63cb60c1d66e20630458bb9114e3b3461b0895e9c3de90a9d540Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.
b0c145d8ac8ca565a651191f53e65514cc46cb9bc24d1a177b8add989ab8cac3Cacti versions 0.8.6e and below suffer from multiple SQL injection vulnerabilities.
e80c8ae4856a741ff26de5874481b3d65512de972f859e5a63a3007a466db410Internet Download Manager input URL stack overflow exploit that affects versions 4.05 and below.
69cedfa56b55c0d8992f4038aec6c79f950fdc527f2a789e566bc97ca8653b70Remote SQL injection exploit for xmlrpc.php that makes use of Xoops versions 2.0.11 and below.
c36f110025d00ce54d8e5068a0152dc03a6eeafd8ffc0733614c5f661c7ebd39
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed