Gentoo Linux Security Advisory GLSA 200603-26 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores() function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to buffer overflows and incompatible with the system used for managing games on Gentoo Linux. As a result, it cannot be played securely on systems with multiple users. Please note that this is probably a Gentoo-specific issue. Versions less than 2.17-r1 are affected.
d0f87aeaafa934094329ce0f12fd9f65d7fb52924fc7b923e2382ff49dd95ad0The XFOCUS team has discovered multiple integer overflows in MPlayer version 1.0.20060329 and below.
63e762c39c00d599fa0d7e78eb9ca9d54e84981185e128bb6f6230abf893bf4dSkull-Splitter's PHP Downloadcounter for Wallpapers version 1.0 suffers from SQL injection flaws.
c35f236b1b08f9577dd04d07c8d25b34c2acae462f7e9b485009a9a829eab0f4Skull-Splitter's PHP Guestbook versions 2.6 and 2.7 suffer from cross site scripting flaws.
d50f7b3a5666f18c71dccd563d2beaed5988c448a8e490ff37a25710dd4d185cRealPlayer versions 10.5 and below SWF buffer overflow proof of concept exploit.
414e3afcf58e08b1af847b2e480cc14176277187f373317744e60300a876dc45PhxContacts is susceptible to cross site scripting and SQL injection attacks.
4774b065c8209bc86f66015b175739273d84ea4fff686de76672c30d782b43dcPHPKIT version 1.6.03 suffers from a cross site scripting flaw.
64fcca7d2034961cc6f6fb5137f9987a08a9c989ffa6035b89bd71fc65b493e2ArabPortal version 2.0 is susceptible to cross site scripting attacks.
b271bbc43e51cd6545bac7a72d48af082a936be43e8e1143e2e61884bffe6fc9Debian Security Advisory DSA 1021-1 - Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files.
c805afd688bd7387640c3694a50b68d7630757d17cd7512253e04e23bcfd57c8Secunia Research has discovered a vulnerability in Blazix, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of JSP files from the server via specially crafted requests containing dot, space, and slash characters. Version 1.2.5 is affected.
3604e084018ebac5c828858ccaf9a13fdb6c16dd20d3d34b1392abab5ccb8b31Microsoft Internet Explorer createTextRang download shellcoded exploit. Second version.
192bb54b48a9f20380a7abdef8d6b39eb738a80b5f5682ee428fe37fe2a51af4This Metasploit module exploits a stack overflow in PeerCast version 0.1216 and below. The vulnerability is caused due to a boundary error within the handling of URL parameters.
5df98c072ead0db9bfc32de3fd48f0ed1721865288b1926f120f6f47bf449043This Metasploit module exploits a vulnerability in Internet Explorer's setTextRange on a checkbox.
d88d10eefc1151c15d86169bcb06ae44b634aacc19080eb4cd937c787a9843d3Microsoft Internet Explorer createTextRang remote command execution exploit. Tested against WinXP SP2 RUS IE 6.0.
a2766d515bd66ef3fd37e9617c76b3ab7d6de03231a59be4454f195a4b5f3907Microsoft Internet Explorer createTextRang download shellcoded exploit.
9adfd05f0d777459838812e04ced967b108595b6b9d3acd4e3a6ce8307b51816GreyMatter WebLog versions 1.21d and below remote command execution exploit.
ad617062aff17f427e3bbad02653ce94694faa679458a3e75bfb3f7e8092f652GreyMatter WebLog versions 1.21d and below remote command execution exploit.
b607b78672cfa0b6607c9223bb9272c64d54b00df086a8e659cdaf0c1d9efa34rdist NLSPATH buffer overflow exploit for Tru64 UNIX 5.0 (Rev. 910).
4c4a19453affa5482e5bbca99f5e8e7e6d25e7f2f3f895644df68abc77e86074edauth NLSPATH buffer overflow exploit for Tru64 UNIX 5.0 (Rev. 910).
f73421b49ce9bd7859f4e56e743fa6c9d04c1db4b6d1f331a4c65e5863484bf0Maian Support version 1.0 suffers from a SQL injection flaw allowing for authentication bypass.
283ea12b9fb8215868c76df046f3dd365903dba00cc56ed89772730e5dea9413Maian Events version 1.0 suffers from a SQL injection flaw.
5fe7cbd8f8a97ff006e00911b015e012293a2d4ce39f04e1c0d24cb7e4537bdbGenius VideoCAM BN is susceptible to a local privilege escalation flaw.
c6a5fb176d590a289db5941aa235aa32e3610ef9d31ae14c0f34c7b8c0a3d29dVWar version 1.5.0 R11 and below remote command execution exploit.
b4bf7d3fa3219423536b9e28e36b61aaf94d831b2b7a74812717fc00a9893f44All versions of ExplorerXP suffer cross site scripting and directory traversal flaws. Written in French.
13ea3c716c7168598c296075e5b0c01df9475c8fb2d5e2692c305bd486810b68AL-Caricatier version 2.5 is susceptible to cross site scripting attacks.
81a3e146413c3532574a6bb29c11fffc524f76d947a6399666918d72a881e61b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed