Debian Security Advisory 1057-1: Several cross-site scripting vulnerabilities have been discovered in phpLDAPadmin, a web based interface for administering LDAP servers, that allows remote attackers to inject arbitrary web script or HTML.
5ebf4ae94229fc502479e8b6f93c26e2fef08e23ec97a2bc6e1f4d5cb6ea9cf4Debian Security Advisory 1056-1: David Maciejak noticed that webcalendar, a PHP-Based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames.
a42ae8d11913a2acdc28bd429ea173f70198a0fb6d4f663f12d8d90ca53ab619Debian Security Advisory 1055-1: Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code. Since Mozilla and Firefox share the same codebase, Firefox may be vulnerable as well.
f007aeca4b5a5b5850e29140578fc989041c5620d3044897142404169f71dd22Debian Security Advisory 1054-1: Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code.
d3adbf86905c6be205f2afc384b802961530f384943c2a841b57788aa734ebfcDebian Security Advisory 1053-1: Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code.
d83617040a4f7f86452ebc2e06107b8361e4c0f6c6c03b9e253538575a0f753atseekdir.cgi suffers from a local file inclusion vulnerability.
5618b8399e367626eda35829af4f5a279efdc633554693009c62504265d20333Secunia Security Advisory - Nomenumbra has discovered a vulnerability in Website Baker, which can be exploited by malicious users to conduct script insertion attacks.
37316449ff2e7ecb78c99fe98b83ee62ed968477a6bb778fe5f01f0083460109Secunia Security Advisory - A vulnerability has been reported in EUR, which can be exploited by malicious people to conduct SQL injection attacks.
d911e28240bfdd70c118fe9fcf0b6eae5fdb2ba31dd37d2eb4bb3260761843aeMultiple vulnerabilities exist in Linux SCTP 2.6.16 (lksctp) all resulting in kernel panics. The crafted packets must be sent to a listening endpoint in order to exploit these vulnerabilities.
5e0aff6ee62b8c5cbca65ce839330a6b9fde0b8a7294f3986963b2e02876e08ePhpListPro version 2.01 is susceptible to a remote file inclusion vulnerability that allows for remote code execution.
9ccd03ffef783bbbffcededd06910e5e62a26a53399355f089eb41fba6e4873dPHPFusion versions 6.00.306 and below avatar mod_mime arbitrary file upload and local inclusion exploit.
5e61c05f77a12f36d67b4c5a761b9f9ce21eb52a10a73d49a779f85c63d866fcSymantec Vulnerability Research SYMSA-2006-003 - Cisco Secure ACS 3.x for Windows stores passwords for administrative users in the registry. The passwords are encrypted using the Crypto API Microsoft Base Cryptographic Provider version 1.0. Along with the passwords, ACS also stores the key used to encrypt the information.
b304fda49e4522962451e9d0ea78704e0db872b7bbf32470161e1c81ea12df57ZDI-06-012 - A vulnerability in Sophos AntiVirus, PureMessage, and MailMonitor allows remote attackers to execute arbitrary code. Authentication is not required to exploit this vulnerability.
f0ec6c8fbf9357c0bc7208746864a6ff52cbf17a69db58d303ca339b49658747For each HTTP request the Cisco PIX or other Cisco device forwards individual packets to Websense to determine whether or not the request should be permitted. However, when splitting the HTTP request into two or more packets on the HTTP method it is possible to circumvent the filtering mechanism. Affected versions are Websense 5.5.2, Cisco PIX OS / ASA versions below 7.0.4.12, Cisco PIX OS versions below 6.3.6(112), FWSM 2.3.x, and FWSM 3.x.
8aeae261f2d8b33cb7f16363b89f38beceb4080fce9a0d8b8fc55851a9705816ActualAnalyzer version 6.88 suffers from a remote code execution vulnerability.
dc38fc75a68d3e82d49d5485728cedb9905ffa1b7988096b195e17587fb92c55phpListPro versions less than or equal to 2.01 suffer from a remote file inclusion vulnerability.
70993d106d9d79ebc1754c443c9987bc236d6dbe9eab962a7fa8a0759a752325Easyscan scans addresses for open tcp ports and displays the results in a list. The list of ports to scan comes from portlist.conf which contains around 707 well-know tcp ports and 462 well-know tcp ports used by trojans.
7b020607525cddd9dbb3842fedfb49281310b67e76e66a97a0f151bcbe9d2514Secunia Security Advisory - Secunia Research has discovered a vulnerability in UltimateZip, which can be exploited by malicious people to compromise a user's system.
15292795bced192f2130878a144ea3b7ed558b690a4ba79999e289eb51fb2fd5Secunia Security Advisory - Secunia Research has discovered a vulnerability in FilZip, which can be exploited by malicious people to compromise a user's system.
e51adcfc3f9868bce3e2b470a2844bc00afa7b69e3bba5958393c59fce6231bfSecunia Security Advisory - Gerry Eisenhaur has discovered a vulnerability in WeOnlyDo wodSSHServer, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1decb6c4b78b9ef08354841d41efb2ed870c75889e553c4d81280ab4ebe520d5Secunia Security Advisory - Gerry Eisenhaur has discovered a vulnerability in FreeSSHd, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
6d1af2d0b0ee62f85418efed55896c6b9abd08269b44656b20cd567d37336f21Secunia Security Advisory - QQlan has reported a vulnerability in ICQ, which can be exploited by malicious people to bypass certain security restrictions.
0344009f3d53089c6398463d779306efe74f9b1ec0c4b291456e5447d6e23c22Secunia Security Advisory - Dj ReMix has discovered some vulnerabilities in OzzyWork Galeri, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.
9a824952f97d28f5b49874d91ae70684e8d188153704a4c61b1f28dd9ca8aaa3Secunia Security Advisory - jedi58 has reported a vulnerability in Web-Labs CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
7aa333f641888b32ba5f39de814d938aabaca68c4e660eb6da5872019a355f9dSecunia Security Advisory - Darkfire and IR4DEX GROUP have reported a vulnerability in the pafileDB module for MxBB, which can be exploited by malicious people to compromise a vulnerable system.
e45b047b0912427eede282e7f5ff65ceaa4964e42b6a2d5962a36516df677015
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed