Kmita FAQ v1.0 suffers from XSS and SQL injection.
2ed382af22747187e2bc4a01d9a4d50ab541a5e7df12508a0290e7836a5974b6List of XSS vulnerabilities received between 06/02/06 and 06/11/06. Affected software includes: LabWiki 1.0, LarkinWEB Database Development, Web Site Design Marketing and Advertising System, ASPScriptz Guest Book 2.0 , ParticleSoft Whois v1.0.3, ParticleSoft Wiki v1.0.2, GANTTy v1.0.3, MyBB 1.1.2 New XSS, PBLGuestbook v1.31, ViArt Shop v2.5.5 Free (and possibly Light, Standard, and Enterprise), E-Dating System, vSCAL and vREAL v1.0, Easy Ad-Manager, Ez Ringtone Manager, tikiwiki 1.9.x, Skoom i.List 1.5, OkMall v1.0, QuickLinks v1.1, OKArticles v1.0, iFoto v0.20-06/06/06, phazizGuestbook v2.0, Ticket Booking Script, MobeSpace v2.0, TinyMuw v1.0, Contensis CMS, Daum Search, DaNaWa Search, DreamWiz Search.
cd45e886db0ce8f2d8f10b943fbd01fb80010605ee0312433c715b6e559b2fb5CyBoards PHP Lite v1.25 suffer from a remote file inclusion vulnerability in common.php.
0fe09917a9c45cf4609535bbf8ae8a3585db5aa41507fa136fef6cd1d0b72632Rumble versions less than or equal to 1.02 suffer from remote file inclusion vulnerabilities.
adc09835166b2790a33e543d3428464afa6bca1d808689f4560650fd33d2b39cBookmark4U versions less than or equal to 2.0.0 suffer from remote file inclusion vulnerabilities.
43d1a34453da76d6ff601b4bf382feccd0e9bb9cf73117f5180ab829e99c836bShoutcast servers may be susceptible to XSS in the DJ columns.
0a05b14edacdee274332cf8a1a3f528643b9343a07daad70e1a3b258691baa7fPHP-Nuke versions less than or equal to 7.9 suffer from XSS in the Search parameter.
2c42dbc929e90f1c4de919b2eb6ff7030e3ba73407eb06c3deb08e9e14905edeNPDS versions less than or equal to 5.10 suffer from local file inclusion, XSS, and full path disclosure.
f5c2f13f51312cd6f689ff2eca9c2db69dd0eb161a876c590e0dc7e67657d814gallery 2.4.0 suffers from a remote file disclosure vulnerability.
c657bd9378dc6bd3199c13287d6a1dc9cde66ac1668c32892977cef0d954162acms-bandits 2.5 is vulnerable to remote command execution in td.php and img.php is register_globals is on.
f504f3d9d1e87ecfafdd00eedb1543f9fb6f153a8277d1e7d73b395d99a21c00exploit for D-Link DWL-2100ap which discloses the configuration file to remote users.
9964f14447ea2955f5b7016a84c062307bcc7b43558f3ff7cb4b7aeea4f671f5Ubuntu Security Notice 296-1: firefox vulnerabilities
7c85824bfc927a854f0679f53bdc745957a2505744cb3b59284a1b459fb83e63Ubuntu Security Notice 295-1: xine-lib vulnerability
7c1684cb185bbadbd6b2359e88def99133e57e6943ae650d1443890c2ab81a1cUbuntu Security Notice 294-1: A Denial of Service vulnerability has been found in the function for encoding email addresses. Addresses containing a '=' before the '@' character caused the Courier to hang in an endless loop, rendering the service unusable.
b163d6f1e7bfc9bba0b1f9d39587dc15ae5725d70e52a24a80f1298772e4cb10Ubuntu Security Notice 288-3: dovecot, exim4, postfix vulnerabilities
c0933d1e6fb5bfec7a05e74c0f122f2bf0f4832d39a9df462fd91f59a7572d8bUbuntu Security Notice 292-1: binutils vulnerability
995de38713f125ea5ef7a7e6a3e064ee1807fdc2e41f09e717c945bdf66e3234Ubuntu Security Notice 293-1: gdm vulnerability
cad320542e07fa47de5068042e315c66d4119dcd99460af9b9f04efa07f95ca4Ubuntu Security Notice 288-2: postgresql-8.1 vulnerabilities
d80fb77fd1e6683bb3672c990269996083cab515ae26015b31dbfbf62c1d2d79Ubuntu Security Notice 290-1: awstats vulnerability
0b16ec7a321d92c7122f186fb9af92b41fc1084eabb08f33784a0140f5581687Ubuntu Security Notice 289-1: Vixie Cron allows local users to execute programs as root.
2e3840733d761cf9c13b2870c13725ed512e23de38227de1b1205f06594b3943Gentoo Linux Security Advisory GLSA 200606-06 - Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the migrate parameter. Additionally, r0t has discovered that AWStats fails to properly sanitize user-supplied input in awstats.pl. Versions less than 6.5-r1 are affected.
35264d7d738b7da61068c44d722acd57c7d2aad51654b7ca925e209325e3f430Gentoo Linux Security Advisory GLSA 200606-05 - Pound fails to handle HTTP requests with conflicting Content-Length and Transfer-Encoding headers correctly. Versions less than 2.0.5 are affected.
5dbd63349a8ca96cd41a909f3118084600194afd8b22971833302744e35f43beGentoo Linux Security Advisory GLSA 200606-04 - Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before being logged. There are additional unspecified bugs in the directory server and in the internal circuits. Versions less than 0.1.1.20 are affected.
4e211d366e681804f9b347e7ea28d1cb0de143d267771abce2116ed4aad624c1Gentoo Linux Security Advisory GLSA 200606-03 - KaDaL-X discovered a format string error within the handling of filenames. Hans de Goede also discovered several other format string errors in the processing of dia files. Versions less than 0.95.1 are affected.
821f09e16f2dc122d7af34a5ab23d481e5a1b865b46b6a111955a5b3419f6d59Gentoo Linux Security Advisory GLSA 200606-02 - When the mailbox is created in useradd, the open() function does not receive the three arguments it expects while O_CREAT is present, which leads to random permissions on the created file, before fchmod() is executed. Versions less than 4.0.15-r2 are affected.
84b65865c520e4c5777aa32bba2167b8d7bb31330c75f8f4c4221a641ef54b81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed