Secunia Security Advisory - A weakness has been reported in Dropbear SSH Server, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
e4aa1525c65da37d5e8e7f591329764f8a3cb268f37b23e366566257a2ac4b98Secunia Security Advisory - pcps has discovered some vulnerabilities in Barracuda Directory, which can be exploited by malicious people to conduct script insertion attacks.
6038d0c874fa97150e36f0f48a8abd775474978548877ce1147925fdf2f88adfSecunia Security Advisory - SUSE has issued an update for gpg / liby2util. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
afdbbfe561a4939c2e617c70e7e5b50f98583a1626568252742ffd5e406bccb3Secunia Security Advisory - Gentoo has issued an update for openssh / dropbear. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
a865d132fb5cedf9d64c9264d1de7c30c0bf0543b5a28636aeaf4e4d3b27d607SUSE Security Announcement - With certain handcraftable signatures GPG was returning a 0 (valid signature) when used on command-line with option --verify. This only affects GPG version 1.4.x, so it only affects SUSE Linux 9.3 and 10.0. Other SUSE Linux versions are not affected. This could make automated checkers, like for instance the patch file verification checker of the YaST Online Update, pass malicious patch files as correct.
dbcd94580d937c8fdef6ffd158eb912f1108bcb0aa65778e07df99b105d01d9bwaraxe-2006-SA#046 - Critical sql injection in phpNuke 7.5-7.8.
43f0203754f8d406a0dd9aedc02d23f9f6a6a4ab3cf5967be7327fc3758c30efwaraxe-2006-SA#045 - Bypassing CAPTCHA in phpNuke 6.x-7.9.
607f522e8c5193af13594323a0c45bce281f42ea9b760d1ae3cd0646ee366cb0Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
f61370fbbebc0b233634c48add43e1717d790ddf432d0c18c9d602041c886b71OpenPKG Security Advisory - An allocation off-by-one bug exists in the TIN [1] news reader version 1.8.0 and earlier which can lead to a buffer overflow.
64e27cc817d51c76569266a91682b2158159cd0d6564041947d43eeeac5e2676OpenPKG Security Advisory - According to vendor security information [0], privilege escalation vulnerabilities exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.
c40cab37f34f78513b56727208269fd48812b531d971509e3a808ace7e30a5b9Magic Calendar Lite suffers from an authentication bypass vulnerability.
6682f06fe6b89ff05adb4eea45cfea38d405f94dd88ecd9d3ecc03a73a4eb702TTS Software Time Tracking Software suffers from multiple vulnerabilities including XSS and SQL injection.
92b023be3b6678e1268a8ca48e3f664fac208f949fa14b224f3ed1e3c05f0ac8CALimba suffers from an authentication bypass vulnerability.
0495f9484c0b6d6baf8930666f3414bde78582337f38b55f25d0320a570add42PHP/MYSQL Timesheet suffers from multiple SQL injection vulnerabilities.
62a2a25c114d4ea7c4b1d95d6e4d484bfc89df8c72f9a056973523be384bac0eScriptme SmE GB Host suffers from an authentication bypass vulnerability.
f02c790b64c7675d20ff20e89902eec2bb8ca5ec5b8ce281d347eb210a5b96abScriptme products "SmE GB Host" and "SmE Blog Host" suffer from arbitrary script code insertion in the BBcode [url] tag.
19a3fa43bdd0dfcc8ede4249507fe15db1e263755f93bc20dab6246118b230f8Siteframe Beaumont 5.0.1a suffers from a flaw that allows a remote cross site scripting attack.
902ce8c37a6cd6f61a009656c9b99f43f27775b39c8b08fd6f93a2235da6445fPHPKit v.1.6.1 release 2 remote code execution exploit.
40dbfa7d4e7c88faa8ef13dedd9f663f5ef67c0a942f8de03bcbc553a30bc228Winamp versions up to and including 5.13 suffer from a .m3u buffer overflow vulnerability
e4574457d5bc6b9d0f12e56864b885fce741a0f53c0a098bee785a94b91de1dbIt is possible to crash the web interface on a D-Link DWL-G700AP by sending it a simple GET request. POC included.
b871451dc09aa313045fd79f0f175a1b7c4a71df8e6f5fc1ed298a782aff19beRUNCMS version 1.3a is vulnerable to SQL injection due to improper user input sanitization. POC included.
14e347c720be0a14ec4ca360bd0bd757032c17d4c6cd0582b2fb62fc3c809842It is possible to gain administrative access on Kyocera 3830 printers by using telnet.
7aeebf751b381ae2252541ba8745ebca6d719e929fef24288eb300f0b88b85f5XOR Crew :: Security Advisory - Wimpy MP3 Player - Text file overwrite. (lame)
7bc198a85e597e1c0f111b55aa7529eb074c38e39cb28d54200295c1ae6ffcc2XOR Crew :: Security Advisory - HostAdmin - Remote Command Execution Vulnerability. POC Included.
6219a1cce7396fca0cafffc2189eae721c467e8a9b1cdbcee1b4eaa027860189XOR Crew :: Security Advisory - Web Calendar Pro - Denial of Service SQL injection (lame). POC included.
e2061819fde5f3990cc88175624322611b1af03da0aa806de4d7cf4c4d151ff8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed