Debian Security Advisory 1064-1 - Jason Duell discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
a8f89bb398482ee717fa362c1ff589782d14c3ee78fc72897267ebcae14a238cDebian Security Advisory 1063-1 - It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
f7dac0190d87de2d92872a8ed14a750a541584f1a2bf3647c72cb9bd5a4dd07eDebian Security Advisory 1062-1 - Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords.
e43eb68f8838660ad158fd5e58baf434c116bd1ae06411fbb74caf6694f547afDebian Security Advisory 1061-1 - It has been discovered that popfile, a bayesian mail classifier, can be forced into a crash through malformed character sets within email messages, which allows denial of service.
794c9be43b21a0e1c3a7e613d8510132482984ce6f881246103a76d22c8b6fa1Debian Security Advisory 1060-1 - Jan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations.
3aed17cd99ab1e88ef9b9ecf145d04d6aab679c71dbb3ee300592441a9776506Debian Security Advisory 1059-1 - Konstantin Gavrilenko discovered several vulnerabilities in quagga, the BGP/OSPF/RIP routing daemon.
05a4815402c308b3630832927737df765e27fab26aad5aa38609893c47f07684Secunia Research has discovered a vulnerability in CAM UnZip versions 4.0 and 4.3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened.
15e13f5a99e65b3adbc306a4ea2fa32d802e0121972b3078e9f2fecd56fb97b1Zeppoo is a tool that attempts to detect if a rootkit is installed on your system. It also makes it possible to detect hidden tasks, modules, syscalls, some corrupted symbols and also hidden connections.
1439e67ba34b17d65f91964b263fe41d50d6bfb583255b37e624438d716f2378Debian Security Advisory 1058-1 - Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
bf251c2b8efacad2aecb9fedc70d83cd7632034bd70224a9c351cddfaf835dcfCYBSEC Security Advisory - The SAP sapdba command for Informix versions prior to 700 and version 700 up to patch number 100 is susceptible to a local privilege escalation flaw.
d0bb0296b74b8630d49c49d2a5a2b787bb7acd1aa5e70e8c1d5bfd9da9d8fd23AspBB version 0.5.2 is susceptible to cross site scripting attacks.
81092cd7b89b337d129aedbb50429aae3ae520a3542cb4e14884f6a58b0553c9When an unsuspecting user installs Diesel PHP Job Site on their webserver, all information is emailed back to the original programmers of this software. This information is sent from install.php, which includes the database host, database name, username, and password used to connect.
5d5b0dd0d3e52882f08f1ee23035cf6d6d17e1037ea7dd9e74b2ca1c2e0a0c95Cosmoshop versions 8.11.106 and below suffer from SQL injection and directory traversal flaws.
8b27208612e77657b4af85607e71e76051898f89a6acde4b8fb317e982698949Bitrix CMS version 4.1.x suffers from cross site scripting flaws.
0a9cf4670ec929144c3b5ac12abe825fb3c9fc9d4113ac66499d5bad270cf005The Avatar MOD gives portal administrators the ability to upload avatar images to be used within the forum. CodeScan located a file upload vulnerability in the avatar_upload.asp which can be exploited by a remote user to upload any arbitrary file. Affected is Avatar MOD versions 1.3 for Snitz Forums version 3.4.
2eb62ab93715f9d4ee641a79883e816bcfc429ad114f94872a12317cca26fde8Proof of concept exploit for heap overflow vulnerabilities in libextractor versions 0.5.13 and below.
82207e575d47751f0ae1e30db5cf23f98ea05d95b35f094cfcb0cd9d730403e5libextractor versions 0.5.13 and below suffer from multiple heap overflows.
67e762bfcd88ce4d4a552497a2bbc957de99d2ca971120e729381cad99d4e5f1Mobotix IP Network Cameras suffer from multiple cross site scripting flaws. M10 version 2.0.5.2 and M1 version 1.9.4.7 are affected.
4cb8a42bae57c9821b121d9e4fffd82812f0a361d2b80bfac2bf0cc4ff91b998Single CPU Sun systems running Solaris 7, 8, and 9 are all susceptible to a simple denial of service attack using ping.
d315910b29d305a1f62fa06a1d5db2fe016935aa6e141bdc1fdb2d57ba66a3a9Spymac WOS V is susceptible to multiple cross site scripting flaws.
1d37ec6d926fe9255f317bcdeffa9eb829783c5b33b7aeacd0774e7b8a4ce248Firefox version 1.5.0.3 with IE Tab version 1.0.9 on Windows XP/2k suffers from a null pointer dereference bug.
cc0015c8a3dbf991cbe4abdd828b84520776ba42c305e028b8812cb6094baab5This paper discusses a simple technique for injecting code by manipulating hidden form fields.
0b4cb3450ed6fb3cf6fe7f9d2db8b581e808fc233c702aef0904dc6adfa52162Newsportal versions 0.36 and below are susceptible to a remote file inclusion vulnerability.
32c4e976a967338de5ae840b79ab388e3060aed45b545db64ded9e4d59ab81cdmyBloggie version 2.1.3 is susceptible to CRLF and SQL injection attacks.
450a90581b32d4d771b1b5c3e091773978e9e5146b232cb85a5acaf3d71f4d15Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.
c45af487c7e701523e3170d31c0f127bc7bab3856ae1e9d76f301b7c98ab5dcd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed