Gentoo Linux Security Advisory GLSA 200601-13 - Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Versions less than 1.5.2 are affected.
b2cc39f7a1e4e28dfa726bdd0de3a439478c672ccb34b34a8d3cd8bb8128d688Secunia Security Advisory - Peter Winter-Smith of NGSSoftware has reported a vulnerability in Red Hat Directory Server and Red Hat Certificate System, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system.
e4c267d9827346eb0eb1d8069957a67236e2e567907b457b0d5d28894a244661Secunia Security Advisory - kcope has discovered a vulnerability in Mercury Mail Transport System, which can be exploited by malicious people to compromise a vulnerable system.
796ab64e83399c45c245a0f6f024d312ca3b6879d4cb3a9c011258dbcdd14759Secunia Security Advisory - SUSE has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system.
df261c5b7f5bd19af65a7846e2260a5df198bf28bd9a234c08d1b704ad917479Secunia Security Advisory - A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash certain applications on a user's system.
5e57eafdb8c7c14ad5026ee616253a42c96b7917c551b6317ef7d4eaa2dfc2afSecunia Security Advisory - David Litchfield has reported a vulnerability in various Oracle products, which can be exploited by malicious people to bypass certain security restrictions.
a6a0d947804f8b6036d49cbd8591316f5773891e2894ebe9da49378e4d8f1c38Secunia Security Advisory - Debian has issued an update for lsh-utils. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or to cause a DoS (Denial of Service).
7c9e099f2e69de24dab48264e635114635d99acd903cc633751bb3214abbab01Secunia Security Advisory - SAUDI has reported some vulnerabilities in NewsPHP, which can be exploited by malicious people to conduct SQL injection attacks.
962103155459a79ce3f79c0851a9f804b79d3268bb638b7331e2d057155d6ea8Secunia Security Advisory - Gentoo has issued an update for trac. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
819e87b030b1dc6ad26a55f6108200fd450bd35bc4e0b4481827b06cbd1b2be5CheesyBlog v1.0 does not properly sanitize user input leading to script injection bugs in archive.php
27701de69f54beecdd05d2987d3c9db8fdcc102c1720906f4ca09f65979ee422ExpressionEngine 1.4.1 does not sanatize the HTTP_REFERER variable. This can be used to post HTTP query with fake Referrer value which may contain arbitrary html or script code. This code will be executed when administrator(or any user) will open Referrer Statistics.
269640d9a1082ed07f4dc3684cbd7cf0264bdf5992ad0cf57f58bf4c5ed91008HYSA-2006-002 h4cky0u.org Advisory 011 - Phpclanwebsite 1.23.1 Multiple Vulnerabilities
939c46940920ae4e59b49c8d850070fa0945fb8c9fd9f41fd69d8bb607cf30d5HYSA-2006-001 h4cky0u.org Advisory 010 - phpBB 2.0.19 search.php and profile.php DOS Vulnerability
3ff86ddc78738cb6203a1749d74844dc8cc8d4f63c681163705f301849960318Secunia Security Advisory - Avaya has acknowledged a vulnerability in Predictive Dialing System (PDS), which can be exploited by malicious, local users to gain escalated privileges.
ba80531e1baa2a3650339af864b27829a7a0f91a4670a870bae30109b641fcc6Secunia Security Advisory - matrix_killer has discovered two vulnerabilities in Phpclanwebsite, which can be exploited by malicious people to conduct SQL injection attacks.
dd1d200cd2ff4f130e3ace67044fdfd561780019ddb7b6fc7a30d3c3e4712fd9Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in ExpressionEngine, which can be exploited by malicious people to conduct script insertion attacks.
7eaa406d353432135d7f40a3cae7fbc0b616ea494498ff6e4bb8c1ad16b7706cSecunia Security Advisory - Debian has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
7e582180978d73ca93dac035839154664414b00ac8cca721ebc875fac1fd1240Secunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious, local users to bypass certain security restrictions.
4f3d2d892ab573f2b168fa844660c8c21fa8c432fa9b5bc698cda93d207f95c7Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun StorEdge Enterprise Backup and Solstice Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1b65c640b35486accb2600354377ce397ee0ef1618d857eb6e7ffc2ac4707ce0Secunia Security Advisory - Mandriva has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
ed116a6f6df49e3a0a632db4010f49ba64db295bdb92b49651088b0594e66309Using custom Microsoft Agent characters it is possible to cover any kind of windows, including security or download dialogs. This is an expected feature of the Microsoft Agent control. Because custom characters are fully scriptable, can have any kind of shape and are downloaded automatically, this can be used as a flexible tool to cover and/or spoof any kind of window and lure the user to execute arbitrary code by performing one or two clicks (depending on security zone configuration and Windows version).
039b06b0507512df1ffd004234a3787a21cf7ec3fdaad643a094cb8696e17771Note-A-Day v2.1 does not password protect a sensitive directory leading to information disclosure.
9d9d12c063b7d418eac5256e7618635a978326aa7490bf76910a6e74638b40e6e-moBLOG v1.3 suffers from SQL injection bugs leading to login bypass and information disclosure.
6155530b7e5ebcbae507cd31de1dd530d17ad0bd6dac37be8e345c4c579e3161Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in Red Hat Directory Server and Red Hat Certificate Server. It is possible that under certain circumstances these flaws could permit an unauthenticated attacker to remotely compromise the Directory or Certificate server, in other circumstances this flaw could facilitate local privilege escalation to root.
6e9342c78e61c28a0dbc7c60186a0b107227cc4b377e5f1073f17c7eda93c630Xmame 0.102 and below local root exploit for Linux.
2c6822915bdcdbefc6d4a8813d3e194cbb6038994934e02de11d2bd3f319d395
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed