Website Baker versions 2.6.0 and below suffer from SQL injection, login bypass, and remote code execution flaws. Exploit included.
b49d9398dea8569ec129afc9974e4c07277a1adf4ab648aa0b2b10e4c0cf1866Airscanner Mobile Security Advisory: Pocket Controller version 5.0 is susceptible to hard reset, data wipe, and denial of service conditions.
1a2768325a0f44d004051b7f5875697174f0732702bfa1d830781eb78b2d3352iDEFENSE Security Advisory 12.07.05 - Remote exploitation of a design error in Dell Inc.'s TrueMobile 2300 Wireless Router may allow an attacker to reset the authentication credentials.
b501752da707b2ea3ae608527f64eea1f96a76373f3e08b2b90cf33f1d8703d1KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.
0cee893dafaf137d0d32568c4d2e63ba6261d97c0a2ff9d758266004c900237bGentoo Linux Security Advisory GLSA 200512-02 - Jack Louis discovered that the Webmin and Usermin miniserv.pl web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is logged via the Perl syslog facility in an unsafe manner. Versions less than 1.250 are affected.
ed5d825e7e8d12391f3c6b46803fa0bcaa2bbda2a4b5ada49efebd88c0517c14Gentoo Linux Security Advisory GLSA 200512-01 - Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is performed by causing an integer wrap overflow in the efix variable inside the function Perl_sv_vcatpvfn. The proposed fix closes that specific exploitation vector to mitigate the risk of format string programming errors in Perl. This fix does not remove the need to fix such errors in Perl code. Versions less than 5.8.7-r3 are affected.
f1e9a9af29c00af8bdbbf1c700ed8a5008c8809ce4d5a3fd61ca3357ab331f11eNvolution, the fork of PostNuke, is susceptible to cross site scripting and SQL injection attacks.
865c68bd2e1d4c7b91f6db4fb634ae6b79e22185ec0f60cfad95bdde189f228fToendaCMS version 0.6.2.1 is susceptible to cross site scripting attacks.
8f07ad79529cd8415eb4969dee95f03753f42d5c0e8c648f163a57ae4668e4c8Nodez version 4.6.1.1 is susceptible to multiple cross site scripting flaws.
291282274ca509c8c0f638d02f1712db7f423e1ce1af2c974796bff6dc2c3ea4FlatCMS version 1.01 is susceptible to multiple cross site scripting flaws.
7b8f8bdcc7e2731c49b3096d3f99ac914f0836d360b46fccd53014f27c4c9975TML CMS version 0.5 is susceptible to cross site scripting and SQL injection attacks.
0bd8e18d3c0aa50a112ed3e2c08e9c7476f19e8955c80add7a02ff13937ff99eHP Security Bulletin - A potential security vulnerability has been discovered with HP-UX running IPSec. The vulnerability could be exploited to allow remote unauthorized access.
187d53d66f988887b54f5d8c850e765507d4ea790dc30fe221b718a101d883cbSimpleBBS versions 1.1 and below remote command execution exploit.
7803041c087492f87adf6167d27ddee161f5b1f9f28bff149d9e7396b9721a17ThWboard version 3 beta 2.8 is susceptible to HTML injection, cross site scripting, and SQL injection attacks. Details provided.
b6748f11eab63ffe76a6f2b734fd18a8b4a579dc4eeca78ae82b52b960a64150Appfluent Database IDS version 2.0 suffers from an environment variable overflow that can be manipulated using sudo as an attack vector. Exploit provided.
27bbf57c930750edaa25ffa94bf598ee98a2503f8cb18f967e8422de7d3533a2SugarSuite Open Source versions 4.0beta and below suffer from remote code execution and file inclusion flaws. Exploit provided.
ebc5a4123b1fbce281924c7e04a5037ab9070017bd8aceeb7663198ae7f16620Checkpoint SecureClient NGX Security Policy can be easily disabled.
35f23d488b30efd1dce89d0af4b51371e1f2752103ed34866c152ab9ec77b113Hardened-PHP Project Security Advisory - A quick audit of the variable overwrite protection that was redesigned for phpMyAdmin 2.7.0 revealed an easy to exploit flaw, that leads to total failure of the protection and therefore opens phpMyAdmin to a number of cross site scripting, local and remote file inclusion vulnerabilities.
ca28a2f1c10173da470818fb65d58d6fb8575353776199c4b7a672067438225bDebian Security Advisory DSA 916-1 - Several vulnerabilities have been discovered in Inkscape, a vector-based drawing program. Joxean Koret discovered a buffer overflow in the SVG parsing routines that can lead to the execution of arbitrary code. Javier Fernandez-Sanguino Pena noticed that the ps2epsi extension shell script uses a hardcoded temporary file making it vulnerable to symlink attacks.
38273c7b5d3c2d0deb14c0e5d98b4a70c307ff98657d2510c45f19fd1d6c8b6aHardened-PHP Project Security Advisory - During a quick scan of the URL parsing code within libcurl, it was discovered, that certain malformed URLs trigger an off-by-one(two) buffer overflow. This may lead to unintended arbitrary code execution. Versions 7.15.0 and below are affected.
f3403ec96218c1351bad8de9b0d4762183c5b2ed2469234ad0cca93122636401C89 implementation of the Vignere cipher compiled and tested on Windows XP, Windows 2000 and FreeBSD 4.11
dfc16eba9f66d1a3bb503120747fe225fc107f0b593f0856ba0845880c5c0eb9DRZES HMS is susceptible to cross site scripting and SQL injection vulnerabilities.
bcdb5ac100a453d27c725347e333b7fd8eaf2d7bd0d903786aba6e7c6d30306b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed