Unintended Consequences: Seven Years under the DMCA - This document collects a number of reported cases where the anti-circumvention provisions of the DMCA have been invoked not against pirates, but against consumers, scientists, and legitimate competitors.
9b4867ac6e0d711e6186f442c0e61ee8a8772a69c991704e1f8c49ac85df8787Google reader is supposed to display only those contents which the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using google reader service) to view unwanted web contents carrying malicious payloads.
7b5cfc8166efe4aad445c202f3c534911b697134b00dbe62e5e065872e8c800aMicrosoft Internet Explorer DBCS Remote Memory Corruption Vulnerability: This vulnerability affects systems that use Double-Byte Character Sets. Systems that are affected are Windows language versions that use a Double Byte Character Set language. Examples of languages that use DBCS are Chinese, Japanese, and Korean languages. Customers using other language versions of Windows might also be affected if "Language for non-Unicode programs" has been set to a Double Byte Character Set language.
9928b78c2e165f8d0be66728788d0d369520d36f2e3f50b6f0342f762ba5d58cGMail and Google Groups are vulnerable to an cross site scripting (XSS) attack due to their reliance on Content-Disposition to provide separation between the HTML file download and application scopes.
36c3caf867d3ffaeb99e710551c40b989b1ec886d122466cd3668d577cdf5d67Microsoft Internet Explorer Content-Disposition HTML File Handling Flaw
574a829b559c4c5a3baadc376478a5b2bd98146b0176aa0b1c002faa78f2daceOracle versions 9.2.0.0-10.2.0.3 suffer from an unpatched vulnerability which allows users with SELECT only privileges on a base table to insert/update/ delete data via a specially crafted view.
52fce6051885e4c90f88131ef99b44526f5d4aaf91684d6e8bede57d2e41a144It is possible to bypass the open_basedir restriction in PHP 4.4.2 and 5.1.2 by using the tempnam() function.
f538262704c21a70a6e2d64df6548a15f178d6808a99ab84feba29ddc913d87fIt is possible to crash php and possibly apache by using a recursive function call. Tested on PHP 4.4.2 and 5.1.2.
629e887103a607ea88675761f74bad078c61e2d2c8db6ebab560d5d9890a5b87PHP 4.4.2 and 5.1 allows for a safe mode bypass via the copy() function.
e61c4b8601115e3b07ad0f6eb72b0832ffcff46804cbfef6a2c12db9fdcc6a03phpinfo() in PHP 5.1.2 and 4.4.2 suffers from a XSS vulnerability.
9955b8c58a297e95b17dd458fac33b5f9fdec78ea074960b389f9b29b3c05c08Overflow.pl Security Advisory #5 - Clam AntiVirus Win32-UPX Heap Overflow: Remote exploitation of an integer overflow vulnerability could allow execution of arbitrary code or cause denial of service.
a079b9e2c3c8cd3397a0b0dcf893077f32ec7c922641600173613bedb7dccf63PHP121 Instant Messenger versions less than or equal to 1.4 remote commands execution exploit.
4f500420ae021a12f0c97b72682ef7dc378e59151587d6457602e17d599689feSphider versions less than or equal to 1.3 remote file inclusion exploit.
1d87ea3e22a1f16c087df435b92e9cffdcd916d065e20b1073384c7074645933PHPList versions less than or equal to 2.10.2 remote command execution exploit. Requires register_globals to be on.
ed08f2e6861b32d6f2d0788d7ce4eaeacb13c209f65ee7b01c880b309f350f3aphpBB remote command execution exploit. Requires administrative access on the forum. Tested on 2.0.12, 2.0.13, 2.0.19.
f009df4e0f190e91ba722fdf1f0317ec936d8de0bc6de12914478646cc8e6945PhpOpenChat 3.0.x and ADODB versions less than 4.70 SQL injection exploit. Requires a blank mysql root password.
52e060638d3b695d7178ecc602a375536408442e2504a9b0d5ba9ff349dd7426Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in Adobe Document Server for Reader Extensions, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks, or by malicious people to gain knowledge of sensitive information or conduct cross-site scripting attacks.
9a62766fd2ab38c607cb1dcd701fdc5ce9bf0f41b32560a42c71e4887865b9f4Secunia Security Advisory - A security issue has been reported in NetBSD, which can weaken certain security features.
8d1fc904126dcb25d4249126aa9f7ec22c10e54b35da14058bd39af52843d816Secunia Security Advisory - A security issue has been reported in Sybase EAServer, which can be exploited by malicious, local users to disclose sensitive information.
2d80e1eb090995f82038f96243aa73e3b2a6c6fe52ee3edfad8c06bb9e0380f2Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
3f2b15645bc76ff146839678164992fe688df5de8cbba2fc2ae9bb483cba9729Secunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
cba055d5fef8b0cfbec74e801de9c3cfa2846305961e125afbf1a2c8a0f65a8bSecunia Security Advisory - Debian has issued an update for horde3. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to disclose sensitive information or compromise a vulnerable system.
20f798285d47c24aebc9b504e9a865e8c6010e9a702deda263a92515b8a3dc41Secunia Security Advisory - A vulnerability has been reported in Adobe LiveCycle Workflow and Adobe LiveCycle Form Manager, which can be exploited by malicious users to bypass certain security restrictions.
b4d0aa81af1bf252034a787ddba0097cb697f97d185fcdd920aafdb908afa9d4Secunia Security Advisory - benozor77 has discovered a vulnerability in Aweb's Banner Generator, which can be exploited by malicious people to conduct cross-site scripting attacks.
54e221af0519a3f82560aba2a2bd65ca18d314bd21bf517879da9251c7b5e031Secunia Security Advisory - mj has reported a vulnerability in Plone, which can be exploited by malicious people to manipulate certain information.
89cd4bb45f827229f9fc532b4fc63bd99184586f4a9cf554e5c8c11684185be9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed