SUSE Security Announcement - With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct.
dbcd94580d937c8fdef6ffd158eb912f1108bcb0aa65778e07df99b105d01d9bwaraxe-2006-SA#046 - Critical sql injection in phpNuke 7.5-7.8.
43f0203754f8d406a0dd9aedc02d23f9f6a6a4ab3cf5967be7327fc3758c30efwaraxe-2006-SA#045 - Bypassing CAPTCHA in phpNuke 6.x-7.9.
607f522e8c5193af13594323a0c45bce281f42ea9b760d1ae3cd0646ee366cb0Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
f61370fbbebc0b233634c48add43e1717d790ddf432d0c18c9d602041c886b71OpenPKG Security Advisory - An allocation off-by-one bug exists in the TIN [1] news reader version 1.8.0 and earlier which can lead to a buffer overflow.
64e27cc817d51c76569266a91682b2158159cd0d6564041947d43eeeac5e2676OpenPKG Security Advisory - According to vendor security information [0], privilege escalation vulnerabilities exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.
c40cab37f34f78513b56727208269fd48812b531d971509e3a808ace7e30a5b9Magic Calendar Lite suffers from an authentication bypass vulnerability.
6682f06fe6b89ff05adb4eea45cfea38d405f94dd88ecd9d3ecc03a73a4eb702TTS Software Time Tracking Software suffers from multiple vulnerabilities including XSS and SQL injection.
92b023be3b6678e1268a8ca48e3f664fac208f949fa14b224f3ed1e3c05f0ac8CALimba suffers from an authentication bypass vulnerability.
0495f9484c0b6d6baf8930666f3414bde78582337f38b55f25d0320a570add42PHP/MYSQL Timesheet suffers from multiple SQL injection vulnerabilities.
62a2a25c114d4ea7c4b1d95d6e4d484bfc89df8c72f9a056973523be384bac0eScriptme SmE GB Host suffers from an authentication bypass vulnerability.
f02c790b64c7675d20ff20e89902eec2bb8ca5ec5b8ce281d347eb210a5b96abScriptme products "SmE GB Host" and "SmE Blog Host" suffer from arbitrary script code insertion in the BBcode [url] tag.
19a3fa43bdd0dfcc8ede4249507fe15db1e263755f93bc20dab6246118b230f8Siteframe Beaumont 5.0.1a suffers from a flaw that allows a remote cross site scripting attack.
902ce8c37a6cd6f61a009656c9b99f43f27775b39c8b08fd6f93a2235da6445fPHPKit v.1.6.1 release 2 remote code execution exploit.
40dbfa7d4e7c88faa8ef13dedd9f663f5ef67c0a942f8de03bcbc553a30bc228Winamp versions up to and including 5.13 suffer from a .m3u buffer overflow vulnerability
e4574457d5bc6b9d0f12e56864b885fce741a0f53c0a098bee785a94b91de1dbIt is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.
b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19beRUNCMS version 1.3a is vulnerable to SQL injection due to improper user input sanitization. POC included.
14e347c720be0a14ec4ca360bd0bd757032c17d4c6cd0582b2fb62fc3c809842It is possible to gain administrative access on Kyocera 3830 printers by using telnet.
7aeebf751b381ae2252541ba8745ebca6d719e929fef24288eb300f0b88b85f5XOR Crew :: Security Advisory - Wimpy MP3 Player - Text file overwrite. (lame)
7bc198a85e597e1c0f111b55aa7529eb074c38e39cb28d54200295c1ae6ffcc2XOR Crew :: Security Advisory - HostAdmin - Remote Command Execution Vulnerability. POC Included.
6219a1cce7396fca0cafffc2189eae721c467e8a9b1cdbcee1b4eaa027860189XOR Crew :: Security Advisory - Web Calendar Pro - Denial of Service SQL injection (lame). POC included.
e2061819fde5f3990cc88175624322611b1af03da0aa806de4d7cf4c4d151ff8XOR Crew :: Security Advisory - iUser Ecommerce - Remote Command Execution Vulnerability. POC exploit included.
715dcda6cf0846eb7a63e03f09ac8eb64ace6ef2386ae5ba8cb0e518d176494bLKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.
35ea2786343f647b5d0d1506a2ce375502622f51df18479aad20afe05b4ce18eSecurity advisory for MS06-009 - Misuse of ShellAbout() API could allow elevation of privilege Affected system: Korean version of Windows XP, 2003 and Office 2003.
5040ef262c895b9b0fe3b2f1e23e354a9fc3d0a36e0d103507a8fd05a91fd8f5PLUS (PatchLink Update Server) version: 6.2.0.189 suffers from several bugs and security issues.
58baf2f29a5064e0b84a52fab2ed18a11b809e4bf44d324bf4320abd35865304
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed