Secunia Research has discovered a vulnerability in IZArc versions 3.5 beta 3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
4d335da133db14bfdc46d66904276a34bbd6e869dd49fd3500636e0bfc58cce1Secunia Research has discovered a vulnerability in Eazel version 1.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in ztvunacev2.dll (UNACEV2.DLL) when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
6e456760da60d76c4f1ce8d66aef6fa2a1e5bf87c7d8f535aa769d262c1a5584ow.asp in OpenWiki version 0.78 is susceptible to cross site scripting.
b162a9916f44ca291b9578d8fbd14a2d8df097fd956581be4f020ddff8d03321Quezza BB versions 1.0 and below suffer from a file inclusion vulnerability.
5e95cc622ccd82fa42ce27440624ba99379e09cb0184b3fbf5d001c3fe5930c8Boastmachine version 3.1 is susceptible to cross site scripting attacks.
246d5ae2429ee19ff2ff6b0019e1863cda7e63cd927aaa193249a8a5e99da715DeluxeBB versions 1.06 and below attachment momd_mime exploit.
3f6d4e625dbc29d6156fea701b7208e0f13fd96d3e0bf7aeea56f486323eb740PHP-Fusion versions 6.00.306 and below "srch_where" SQL injection and administrative credential disclosure exploit.
0297d54fa03c13c829d97e23b9597e0a37532a05248e616af080ce1513ebd33fRapid7 Security Advisory - The Caucho Resin web application server for Windows contains a directory traversal vulnerability that allows remote unauthenticated users to download any file from the system. It is possible to download files from any drive on the system. Versions 3.0.18 and 3.0.17 for Windows are vulnerable.
036753be0009b340c6c34e30fe2e5d09b38d1425a2b47a6dd6cf1d7cfbc3352dScanAlert Security Advisory - Caucho Resin versions 3.0.17 and 3.0.18 suffer from arbitrary file access and information disclosure vulnerabilities.
50f7b2639fa218567771d09c602263b7347f86854398843e9e649c2a91b6e27bSAP Web Application Server versions 7.00 and below suffer from a URL manipulation flaw that can allow for cross site scripting.
57b712925cbe4ffea02d0e4e6ff792dbdfd2303a794f6be17bbc80eb6b9fca5fA code injection vulnerability exists in NewsPortal. Upgrading to 0.37 fixes this flaw.
51dc033133e461b6d8fa03e2fd0cd31c8649f9e626213d40d6cfb5ce3311b46bIceWarp is susceptible to cross site scripting attacks via the PHPSESSID variable.
1bb341fa52e57e2264f9b7ac098e7c7859cf19f059b9ded04d722cbe4b17385dSphider is susceptible to multiple cross site scripting vulnerabilities.
a020c7da8614ed349f91e4c9ea735b80d96f46ce0c5d9de4a0eb2a3344248f9ePhpRemoteView is susceptible to multiple cross site scripting vulnerabilities.
d2676bdee55836a099078a42099d77db442df5682e9eb7fb691e2de18e8771a9The tinyurlfucker utility encodes data in base64 chunks and lets it get moved using tinyurl.com as a transit.
417c1144e33a7bc2fd8d53e3fc3c3cc384535f3bf52b3cc8d1da70c772a4cc44A vulnerability has been found in FrontRange's iHeat product that allows users to gain access to the host machine through a logged on session or execute arbitrary code while using the active-x version of the product.
f49d0f1f9f5f56aa0a0ccd7fe56a2b3ef033e198e7b26a0dc427f85b4afc3bbfSmall tutorial on PHP injection and utilizing it to compromise systems.
d4797768252bf12c3d2ffb8b444f6dafec0dbf84436a35a8f727c946f7555bc3ezUserManager versions 1.6 and below suffer from a remote file inclusion vulnerability.
283204428b9d04c844c621690daa6e8664c7c75f0254da343e23d718c9bdd343YapBB versions 1.2 Beta2 and below suffer from a SQL injection vulnerability in find.php.
5eeae5ea0080765acf856d6b9d5cbad74da3bd9026ee1a9ce5d89c96e6592489DeluxeBB version 1.06 remote SQL injection exploit.
3f6d4e625dbc29d6156fea701b7208e0f13fd96d3e0bf7aeea56f486323eb740orkut.com is susceptible to a cross site scripting attack via search.aspx.
b63922dbfc99e2b670d977f83e607820c1dedc38be8a4ed673fa8e9b8936fccfConfixx versions 3.1.2 and below suffer from a cross site scripting flaw.
d63a099eef6b40b50881322547c4e55e3bd65b0c483ae03a46c805cbedd4d8e3Secunia Research has discovered a vulnerability in Abakt, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened. Versions 0.9.2 and 0.9.3-beta1 are affected.
67471673445159616ecc2805692c08221a6e6eceb4b399e199f2b6db8e227996arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.
ef0613fbb276eac0c84ac0ecb3c7b84612cf2f327cac76f2ec7e37d85cee5e1eLibnids is a library that provides a functionality of one of NIDS (Network Intrusion Detection System) components, namely E-component. It means that libnids code watches all local network traffic, cooks received datagrams a bit, and provides convenient information on them to analyzing modules of NIDS. So, if you intend to develop a custom NIDS, you do not have to build low-level network code. If you decide to use libnids, and you have got E-component ready - you can focus on implementing other parts of NIDS.
91ec08b9aeb2f869009b5b099f318c476f75942db64804eb50acde94696f4bf5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed