aspWebLinks 2.0 Remote Admin Pass Change Exploit
448666752f4efb09310e53037604c704325e5182e968d400d394dbc1c5b3b122Versions of Redaxo CMS less than or equal to 3.2 suffer from a remote file inclusion vulnerability.
6e831b5811d3790ead422a4348fd8253eea5e827311a20d3cd6196e28813aad9Bytehoard 2.1 Epsilon/Delta suffers from a remote file inclusion vulnerability.
785ca1adc4cb287f5e4546e5c06bddc5de3f5ed137c5ff8deef53c884493a17aPHP ManualMaker v1.0 suffers from XSS.
6fdad6c757aaea25e684d9b2a700e0c7a44870f16ab564f703a6f64c63003df5Weblog Oggi v1.0 suffers from XSS.
a599fd6f47c01fe240ce74661b71b2e18005c694786730262816a7a8331cb171simplemachines SMF versions 1.0.7 and prior plus 1.1rc2 and prior suffer from a IP spoofing vulnerability.
5b442e579745aa435c282326af3b60033b0f834ca98e46ace0c736a9a56e47d6CAForum 1.0 suffers from a SQL injection vulnerability allowing anyone to log in as admin.
e299bd93dcd999f3b4614efb95c9da7092ad71335bf46dddb6f6c268d08ab47dTAL RateMyPic v1.0 suffers from XSS in index.php
6761887e06cb1514b94dc439c74482333493865be7b6d563f3e43d349e8e89d1Drupal security advisory DRUPAL-SA-2006-005: A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer.
19af6d2e9e201f9bae66069a24d63bb1936da2526fa2a043cf13cfa495353f27Drupal security advisory DRUPAL-SA-2006-008: Bart Jansens reported that it is possible for a malicious user to insert and execute XSS into free tagging terms, due to lack of validation on output of the page title. The fix wraps the display of terms in check_plain().
b0584638f5b9adbb1149a2a0377ce9f140df6fe298f84e5f8c229862801bc629Drupal security advisory DRUPAL-SA-2006-007: Recently, the Drupal security team was informed of a potential exploit that would allow untrusted code to be executed upon a successful request by a malicious user. If a dynamic script with multiple extensions such as file.php.pps or file.sh.txt is uploaded and then accessed from a web browser under certain common Apache configurations, it will cause the script inside to be executed. We deemed this exploit critical and released Drupal 4.6.7 and 4.7.1 six hours after the report was filed. The fix was to create a .htaccess file to remove all dynamic script handlers, such as PHP, from the "files" directory.
80255e976ff4dd047478820972ff5b573191bdf31f9141104f3845d0753acd3bDrupal security advisory DRUPAL-SA-2006-006: Certain -- alas, typical -- configurations of Apache allow execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you.
912163027c6bb36941cf7da0ba234a074978f1fa7d6a9468b1006f98299d31b5rPath Security Advisory: 2006-0091-1 Previous versions of the firefox browser and thunderbird mail user agent have multiple vulnerabilities, some of which allow remote servers to compromise user accounts. The firefox browser is the default browser on rPath Linux, and all users are strongly recommended to update firefox and thunderbird as soon as possible.
27bd7d8714b37e6a0e3d04f904095e130aa210389f06defad89fc008600a4f9bVMware Security Advisory VMSA-2006-0002 - VMware Server sensitive information lifetime issue.
9416d428754ffc0b448019d32ca7dc292291475a2ce00dba7c1f89d1be10eda9VMware Security Advisory VMSA-2006-0001: VMware ESX Server Cross Site Scripting issue
726f9d276952b2f62ad214bd01f6b5a9ad22236f887256e9dee21bdc2411de2eMandriva Linux Security Advisory MDKSA-2006-094: Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML.
26abadc4e025c77cdff5319db48bcbdb3d3a0b397b42d9545ed0637a47806512Mandriva Linux Security Advisory MDKSA-2006-094: Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML.
26abadc4e025c77cdff5319db48bcbdb3d3a0b397b42d9545ed0637a47806512Debian Security Advisory 1086-1: The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.
6c651630037fb5a3d3e0c09a5a7566cd2e210e7396cd7553174d3d3cea923642Debian Security Advisory 1085-1: Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser.
04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74Debian Security Advisory 1085-1: Several vulnerabilities have been discoverd in lynx, the popular text-mode WWW browser.
04757ea7b1bd42204648df0712cb6de2c2fe06c16478845a86ec741f644e3e74National Cyber Alert System Technical Cyber Security Alert TA06-153A: Mozilla Products Contain Multiple Vulnerabilities.
4b7a351b592f163172aae4ced003fc3ab814494e58efb8c56b84a230ab6a9252ishopcart.cgi suffers from a buffer overflow in the vGetPost() function. POC included.
f4b07660ad5a348c1dbafdfd6cc4b4787cab9c62bf3ca8f7b05872ffe58d50e8ovidentia v5.8.0 suffers from many remote file inclusion vulnerabilities.
c1952c1957950337388447ca299dcf74407f3e3a44f4c9dc8c76223d8c6a2fdfIf register_globals is on Squirrelmail 1.4.x suffers from a local file inclusion vulnerability.
4329b0cabb98685d5a81ebad25ec3592fbed415d18453ada886e7f5e24e43fcaUnix log cleaner that has all kinds of interesting features like a ptrace_attach of syslogd to stop the log writing when it happens in real time.
62caeb82dad755104b11703320f817e6f3d78c796dd786523517ac9bdf619580
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed