Woltlab Burning Board info_db.php is susceptible to multiple sql injection flaws. Versions 2.7 and below are affected.
56555ebbf2731c32a918087c5f649bb3bf7d5b0cf6337ae6f829abf8cf554618MyBB Preview Release 2 sql injection proof of concept exploit.
803c051a1a45e4ab44b58c7c24729ab0b562c9cc412b25125e210bed72c2dc19PHP-Nuke is susceptible to cross site scripting attacks.
7d26a61ef6f2ad7823422e467d0666ed5a5618f7a4980bb9f719510f18948a95A vulnerability in CHM Lib (chmlib) can be exploited to compromise a user's system. Versions 0.36 and below are affected.
49d8a7ab0c84e8e1cde8454aee0dfc62cce1221e25adec5296d00e2a3dfcce84Flyspray versions 0.9.7, 0.9.8, and 0.9.8-devel are susceptible to cross site scripting. Exploitation details included.
0bab5f01b7c758426334bbe468c48da3450971005b0015fe8140d3acfbc45c89StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
fbc421f4251b05aecaeb01f939302594c2a7090f9d731b7f6872c015173cd659rum version 0.9 - A one process tcp redirector with sockfile support, the ability to listen on multiple ports, and to offer statistics. Written for 2.6 kernels because it uses the epoll syscall.
32c3edde06a293057867fdded3e39d730690c46d67a13e13574511b156a6f776SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.
2d40e47e26366a81608e58eb701e131d921abb75ec18f1bc0763fd4b69a57ad9SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.
3d4b8192b526f1b4f047163bef662b30bca31b99670048e5fedfcec7d1e728d6The EADS/CRC security team discovered a flaw in Skype client. An attacker can send a specially crafted packet that will trigger a heap overflow condition and execute arbitrary code on the target. Hence, an attacker can gain full control of the target. Conversely to what is written in Skype's advisory, remote code execution IS possible. Affected Versions: Skype for Windows - All releases prior to and including 1.4.*.83, Skype for Mac OS X - All releases prior to and including 1.3.*.16, Skype for Linux - All releases prior to and including 1.2.*.17, Skype for Pocket PC - All releases prior to and including 1.1.*.6.
e93d8fd75218f31f2483406d0a40ae79acef27d04dad057c3765abe31596a130SparkleBlog is susceptible to HTML injection flaws that allow for cross site scripting attacks.
e14a0296a68e3f24127264f8acf3106e7ac65ab6441d61321f68ebed0a7a2e86PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.
9f0ca61b9a7c8067bc32bf77050ea673995d4a2229d755fff83257c3138fc38eMozilla Thunderbird SMTP down-negotiation behavior allows a man-in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper. Affected versions: Mozilla Thunderbird 1.0.7 (20050923), Mozilla Thunderbird 1.5 Beta 2 (20051006), possibly other programs using the Mozilla mail component.
d7c2c62f53981de1b1e61fbb11de9278cff73769ab86c648b175814f320ba698Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating the iSCSI Login Negotiation protocol. The impact of this vulnerability is the negation of iSCSI security on affected NetApp filers.
cbda7558ac20a9e5ae1ab0fe5849ed2b682c6fc6ec99c1de2f5873cfdcc2906aTHCsnortbo 0.3 - Remote Snort ping exploit that makes use of a stack-based overflow vulnerability in Snort's Back Orifice preprocessor.
96da659e32e952a39dbc28838a12b7285552be9c4258061478af4f0511d2ed06Multiple AV software vendors suffer from an evasion vulnerability through a forged magic byte.
043d1ff1ac8a90befbe8019f0bc662a8c6d287ffa2eb638ff22fd4a8aac63a74Debian Security Advisory DSA 870-1 - Tavis Ormandy noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. The SHELLOPTS and PS4 variables are dangerous and are still passed through to the program running as privileged user. This can result in the execution of arbitrary commands as privileged user when a bash script is executed. These vulnerabilities can only be exploited by users who have been granted limited super user privileges.
e9a14ef8dab682c64f1e7c280fd05a2d96066dbd60448e56eb034134f23a273cDebian Security Advisory DSA 872-1 - Chris Evans discovered a buffer overflow in the RTF importer of kword, a word processor for the KDE Office Suite that can lead to the execution of arbitrary code.
1af7cb2662f1e3cc383053176a4abb10b2caf852ef9f933d0b0819ba7f6ae2b3Debian Security Advisory DSA 548-2 - Marcus Meissner discovered a heap overflow error in imlib, an imaging library for X and X11, that could be abused by an attacker to execute arbitrary code on the victims machine. The updated packages we have provided in DSA 548-1 did not seem to be sufficient, which should be fixed by this update.
5bbd77af07750bc343460f505cfd72f0a186295dc61228c318d070c0ad1c8ac7Debian Security Advisory DSA 871-2 - Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.
260044421007518131cf8aad8aeed7558fe1d742909906a07f98c1ba0129c8b8Debian Security Advisory DSA 871-1 - Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.
c3646aefdb730012dabc0eeb4d157694b945b8e6159c6c2d97950d3a813e5bfdiDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in the ppp binary, as included in multiple versions of The SCO Group Inc.'s Unixware, allows attackers to gain root privileges.
9b7b97200e4750b2274b1b81babc045334523a9e5e30d75d95f0457665a531e2iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in The SCO Group Inc.'s Openserver operating system could allow an attacker to gain root privileges.
3ae152c1a2dd00e7fcae7088b157ba81d2ff09974b77c02bc9e97c2d122f8127iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in The SCO Group Inc.'s Openserver operating system could allow an attacker to gain access to the backup group.
74a54f24ca55eca0f7d2feffa42849b689e2691f620f49d30c5d5e7247306c73HP SECURITY BULLETIN HPSBMA01235 - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
20bcdf915643f036edf047e801c71b782b796bd0b6e809bd9f6c81a33ede5b76
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed