TotalCalendar 2.30 suffers from a remote file inclusion vulnerability if register_globals = On.
1b720877142bcc02d5c11e21e8d3e6d589dcd24a3d0aac57eaf94436de1b1030FileLodge Bolt suffers from XSS in showonlineusers.php.
53e0689da7ea262cfba9282b818852e6227d5d5d8e3e6766ba4056dbb29e78beFenice - Open Media Streaming Server suffers from a buffer-overflow in parse_url and a crash in RTSP_msg_len.
97fd1021667245b031e7494691930e013c6617a325f7eb3099dd728b0863d800The recent exploit provided by aliHackers for VWar (VWar ver 1.21 Remote Code Execution Exploit ) has also another affect on the higher unptached versions of vWAR such as v1.5 and also on versions less than 1.2 . Apart from the successful code execution exploit even if the exploit fails still running the following code on the web browser shows the full path of the installed modules even if the remote php shell is not achieved.
d98282e373a41ebc4911fdf1334453f7ce03792cd17661405fcdf8ac04983e8aNSFOCUS Security Advisory (SA2006-02): IBM AIX mklvcopy Local Privilege Escalation Vulnerability
62545be78e2bdd657ef035511e3d0d122ea36c621b5faa8bea8ca547dd698287NSFOCUS Security Advisory (SA2006-03): IBM AIX rm_mlcache_file Local Race Condition Vulnerability
b78993d91feb9e19859cc9ecd3706f50c6b1b0f2cba30dad4fbd09d467c5de4cQuick 'n Easy FTP Server pro/lite suffers from a stack overflow when logging unicode.
5d0f58169dc6c03be6787b48959c3c6fb409f2d8fffc8273a09e5e26e90c04c9Multiple browsers Windows mailto protocol Office 2003 file attachment exploit: Application protocols handling in Microsoft Windows is badly designed, i.e. when someone types mailto:someone@somewhere.com into a browser the protocol is first looked up under HKEY_CLASSES_ROOT\%protocol%\shell\open\command, if it is a protocol that is allowed under the current user context then the value is simply replaced by the contents in the address bar at %1.
e9d335bf8d915cd060f8c111a59da1d0d42a6dbbbd5cadd09f58e5c92e11646fApple Mac OS X Safari 2.0.3 Vulnerability: A vulnerability exists in Safari 2.0.3 (417.9.2) and perhaps in prior versions which causes the operating system to slow down SRCOD (Spinning Rainbow Cursor Of Death), and therefore, it's not possible to launch any applications like Terminal to kill the process. After several minutes Safari crashes.
1b1b00d7a05322c9df74a0bf3744fc5fa2b4665c1d920ba9ac0ca53cb19b8700A buffer overflow vulnerability exists in the implementation of split() function in NASL. This causes nasl to consume a large amount of CPU and memory resources and stop responding. Execution of arbitrary commands on the vulnerable host may be possible. This affects Nessus 3.0.2, 2.2.7 and prior releases.
68a5c54fa28164efc323ca5826b72c0f02880ab4074690d5a28896ac257ac42bDCForumLite v3.0 suffers from XSS and SQL injection.
cc138d465fdf4a8e66d3961835ac5dd07e981b0f08d86bf4f50d45f9d68f0e1bInvision Power Board 2.1.5 and possibly earlier versions suffer from a flaw that could allow for remote code execution.
faceaa034a8ec3401f7b815e0ab17e115e8eea2f2bde4b80846bc9695d108006NextAge Shopping Cart suffers from XSS.
6ed1ea598389e542615d527b1e1f906d2c62c4f76c2340a4b854259f8e67d2a2photokorn 1.53 and 1.542 suffer from SQL injection.
b6f9cba84ee82a8e0b0806540daf45e32b4d31b9dfffdfd4a37ef8b014a84e95PhpWebFtp v2.3 suffers from multiple XSS vulnerabilities.
52c3c9539f9c8c690302211547cb89b2e70d232bf6cb56b17ed896729148ab00Instant Photo Gallery suffers from XSS.
cd0f466de4a727ce28cf3b5a9a1ff5c30c20f902e1c76b31d810d24cc4bd0ff3su trojan written in perl. It reads the password, logging it to a file and then executes the real su.
89ca7aa3ed98d8e1b3d8f8f03e98c74f1253d4a84b02f221c6ed2a6e3c24623cInvision Power Board 2.1.5 remote code execution exploit.
3314ab197b38625e7111961ab93bcd29a93a4a8eb7dc59b92e70f0d782127031POC for the Internet Explorer Modal Dialog Issue: A malicious user could create content that would request the user to click an object or press a sequence of keys. By delivering a security prompt during this process, the site could subvert the prompting and obtain permission for actions that were not necessarily authorized.
37b851304649abe9415c7b7d8d0de6665b6c40ea7e57d02ef76eb6162b600e0aSecunia Security Advisory - Secunia Research has discovered a vulnerability in Servant Salamander, which can be exploited by malicious people to compromise a user's system.
1b9c7df01458b4031763c51fd075eaf5fafbe5918bdd13ad88a526e76329df7cSecunia Security Advisory - r0t has reported some vulnerabilities in Kamgaing Email System, which can be exploited by malicious people to conduct cross-site scripting attacks.
5dd59f3263c8e4da4bbbe6fb2f4dc9888aa2ddcd6218affbd87f8a00422bb034Secunia Security Advisory - Lipako GmbH has reported a vulnerability in PHP-G
71c11d02dbe8e5e4c566f6c00854536aca742aebded1b0f02b4524913f4a2968Secunia Security Advisory - Ubuntu has issued an update for MySQL. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
f818e5b1263f4a879ecb336ce33f52ed8c44081559b29ac5ed4c459389a520f7Secunia Security Advisory - Sowhat has discovered a vulnerability in WinISO, which potentially can be exploited by malicious people to compromise a user's system.
48020cb85c2adeb7a4c378be39af0d071af0630830193204a43e1a79161963c9Secunia Security Advisory - Tavis Ormandy has reported some vulnerabilities in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
1f04fac8587c458536774072380e08d47934bda6b14f56b57d21d98effbfba8e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed