International Chamber of E-Commerce is vulnerable to authentication bypass due to a lack of input sanitization.
ec9b43ba2369c360d9e93dc43b8cd021e4e01227b1d086b1b82f6c7b18156e81Microsoft Internet Explorer is susceptible to a web filter bypass flaw using ASCII.
084a63fe5f7ec9bd2436d05c970849c7ef27605a739ded68624291a5adc7aaf0Mandriva Linux Security Advisory MDKSA-2006-110 - A vulnerability was discovered in GnuPG 1.4.3 and 1.9.20 (and earlier) that could allow a remote attacker to cause gpg to crash and possibly overwrite memory via a message packet with a large length.
6d39442026efb5d025e888531595a681f8d6514b42c1143ec60f123907217b70Mandriva Linux Security Advisory MDKSA-2006-109 - A boundary checking error was discovered in the wv2 library, used for accessing Microsoft Word documents. This error can lead to an integer overflow induced by processing certain Word files.
185fead06dfb685e212aac08c6bb86e0fe07aaa84620ec63c3adf162305a8c39Mandriva Linux Security Advisory MDKSA-2006-108 - A buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
26f83b6f3acdc436f4a21431704a5a8d4c2705dd2387862f5d75e63d6ae1178bMandriva Linux Security Advisory MDKSA-2006-107 - A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk.
b3f323edbd50720927d1f54f1a36d93220ada4ce218425b6630ad80e743ac9afSomechess version 1.5 rc1 is susceptible to a cross site scripting flaw.
81b5740f376e0ba1286872a4cb47120fc21133ff0fbf72c105a787389736d9d0Ultimate PHP Board version 1.9.6 GOLD remote code execution exploit.
a5a5d69e54030296a2939b7f1f7b5c54de8e186672492a1358fc351fb61a917fUltimate PHP Board version 1.9.6 GOLD suffers from multiple vulnerabilities including remote code execution, insecure session management, and directory traversal flaws.
7822b5f42aecfe2c6653b40a598852bcd56d3bba1763fcf3a0c1dfd5a9554106cjGuestbook version 1.3 is susceptible to cross site scripting attacks.
0988776430b081b02154c9d51546aa183e97b2aab52f40ef34eccb7699cc8a2dMalicious Flash files with explicit java scripts can be embedded within Excel spreadsheets using a "Shockwave Flash Object" which can be made to run once the file is opened by the user.
5a7270e94904c8f983d1492db68f75bb9c93b353ea280930959f3a68958cfd1fRalf Image Gallery versions 0.7.4 and below suffer from multiple cross site scripting, remote file inclusion, and directory traversal vulnerabilities.
26d5ce271adca3f6c672860606d547a848e19372961aa4d2fc9bfc97927cc702vBulletin version 3.5.x is susceptible to cross site scripting attacks in member.php.
f70de665a749c4d2cd87ba787f3df73d5b6ff716f3364db4dfc2f66aea2c9562SpySweeper versions 4.5.9 build 709 and below suffer from multiple bypass and integrity flaws.
e1e702ee00e2d135f31565f2b0df406b143ec6b861853080f514128f9d68fe09The display.cgi in Abrior's Encore WebForum suffers from a remote code execution flaw.
5f27d31b5f2a346511be1fbb23304da32660587afa7174ad796ed39713090069This advisory describes a vulnerability that affects Toshiba Bluetooth Host Stack implementations up to version 4.0.23. A vulnerability has been discovered that enables the attacker to remotely perform a denial of service (DoS) against the host.
afac835d95351affa9150b1c3de9d4648a67d9b51242cbbca4586e35acbec055The web interface used to administer Cisco CallManager software suffers from a lack of input validation and output encoding. As a result, an attacker could craft a request that causes the CallManager web interface to include malicious JavaScript in its response. Versions 3.1 and above were tested and found vulnerable.
a3e2245ce1c606ad2f2b81f2bb5acfe79254b1df8be15ec4f6defeb2a36d98b0Gentoo Linux Security Advisory GLSA 200606-21 - Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Versions less than 1.5.0.4 are affected.
b06247292ad758ed41f970992ce105b3e7a7733110ccdeeefef1c23d2b81cd97Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
0e6f89b84502a73f16d77fc0c4b09d2e8e9ecef8b20022a765731499fd7d9457Whitepaper describing how ptrace() might be used to build a Control Flow Integrity system.
c116bf363fbe80ec31ebfc362d155528cd6c82b900bf111d6312056eee6b8fa1Whitepaper discussing how to generate runtime call graphs using certain GCC features.
4d10085768771f85a4a59ba1019a21073548bb46219ab3fc29520dcb7a124397SaphpLesson version 1.1 suffers from a SQL injection flaws in misc.php.
d65d988f7d9022a76f859623c66e9aa117ba298f7cab1318259dad9bd67f6fdbVBZooM versions 1.00 and below suffer from SQL injection flaws in lng.php.
82b03d06fe5a1173439574dd102187a30807565c2e2a3bde1221d28f5d4a0c72VBZooM versions 1.11 and below suffer from SQL injection flaws in message.php.
ed1524e75908805599fc32cb6758fde9d18aed3ef453895274bfea73b38ba1faVBZooM versions 1.00 and below suffer from SQL injection flaws in rank.php.
f352aa0064e9f99610e79aec3ec337aef3d23113251d983fad787c4259144581
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed