Invision Power Board versions 1.x and 2.x are susceptible to multiple SQL injection attacks.
0adb0a93675250b5f22e4b43d882576c97f3e287b95367bf75738e26a56441d2Randshop version 1.2 is susceptible to a remote file inclusion vulnerability.
a7ad4664dd8ccd2d322777e01c3ba1d6c0883716374b1006388fd9f23d64cc1fF5 FirePass 4100 versions below 6.x suffer from multiple cross site scripting flaws.
b8e1671c06bb63a5f4b8b4faefaa9d278f2bb592810478e991cc62b98f564d9fKyberna AG ky2help is susceptible to SQL injection attacks.
a4ae8484dfc9590a59f7f8d66850d6562b5266ce06ff4f3e8fe4ee48d57d4415Galleria versions 1.0 and below suffer from a remote file inclusion vulnerability.
c593e925b0d36b0dc2b3c56a5456f5578e3460a61de86ea9863d243070ef8431PhpWebGallery versions 1.5.2 and below suffer from a cross site scripting flaw.
d52f4fc578e134dc6b7435377da1ad1bf1a973e97fb6534da00f1c14d184babendisc consists or two small command line tools (ndisc and rdisc) that perform ICMPv6 Neighbor Discovery and ICMPv6 Router Discovery respectively. It is primarily meant for IPv6 networking diagnostics or to detect rogue IPv6 nodes or routers on an Ethernet segment.
2d9c149496e43ef27865e2c0f29546aeb6ab0e08aeb4ef762273da4380a5be0bNuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
600b0fcf4ab1d68f3fefa52106db489ceaa356d47d937d4e553cb82e955a9c9fThe Banner Engine version 4.0 suffers from cross site scripting flaws.
6652daa86077761efea2f9a46a0f1310dad0c6703e13f70527063dab9c3eb7a6Gentoo Linux Security Advisory GLSA 200607-01 - In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy() will overwrite the data assigned next in memory. Versions less than 0.59s-r11 are affected.
149248769b0347831e4d606e74d059ed70d2b58baa92968eba565cb2f26f1eabSimple denial of service exploit for ImgSvr that crashes the server with a lot POST request.
aacd75835a45c6e99f68a23a593712a7f7b84daf54d56a402f0c9301a33e017fSUSE Security Announcement SUSE-SA:2006:040 - Multiple vulnerabilities have been discovered in OpenOffice. A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. A buffer overflow in the XML UTF8 converter allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.
8a8e3987a76df5a732e8cbca045edc16f6f66c6df5a7fa7b42994363e9012e4dSUSE Security Announcement SUSE-SA:2006:039 - The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.
18340043ef80bb5762d216e41cd983547e930f12912ca8437322bda37790bb3eSUSE Security Announcement SUSE-SA:2006:038 - Multiple flaws have been addressed in Opera. An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. Also, Opera did not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
9dedf025d55febd4e6fd91baed7f81ac2a06b38d3e979c0c18e3d95fcfc2711dUnix log cleaner that has all kinds of interesting features like a ptrace_attach of syslogd to stop the log writing when it happens in real time.
6003c7e470dbfc2acad37d653c4f3c1f733704ef6c59e15a9db32332245c274bCall For Papers for the No cON Name 2006 Congress. This conference will be held in Palma de Mallorca, Spain, from September 28th through the 30th.
cf85228c61b6d9c06e348789168f422bea4160b56d3ad2411c4c21424f4425c7Proof of concept denial of service exploit for ZoneAlarm that checks for the insufficient protection of a registry key. Known vulnerable versions include ZoneAlarm Internet Security Suite 6.5.722.000 and ZoneAlarm Internet Security Suite 6.1.737.000.
c358c91f053fba6e7deb8fca8ea74e8792e8f373df6c4d4cd7f35dcc0b0b47bcMP3netbox Beta 1, efone versions 20000723 and below, Kamikaze-QSCM versions 0.1 and below, Blueboy versions 1.0.3 and below, and Foros version 1.0 all suffer from a remote database password disclosure flaw.
dc8c9d2705236f6224e0b21c925925c51b2bab989064fb50dcf9016603f57796Excel 2000/XP/2003 suffers from a vulnerability in repair mode.
cd59caca350390059cebc85f53cc911f37183dc30a7fcad05e9b5ef91c9b59e0Proof of concept Excel 2000/XP/2003 exploit.
b4994db39df4f6c26fbf9f58890ffcbc1fffdb06e037a36c4f5ac527f24b8885Invision Power Board version 1.3 Final is susceptible to SQL injection attacks.
10af0f9af4c31a244cb5432d6beaf9de9b46848120c9b757196f6adaa8f5583bQTOFileManager version 1.0 suffers from cross site scripting and directory traversal flaws.
71ef56616720c9562616c2572c8a92512445506974488b1c80ee2b7cfd503051popup Vacation Rentals suffers from a SQL injection flaw in calendar_year.php.
90a7215a2994c8d41dbd3e91bf7ff86b143faae11127d3e69bfa9fa6eaadfbfcTK8 Safe version 3.0.5 suffers from password management and denial of service issues.
2066ed6fb0266e093a12a32e15493170fd9a2feff247d591e08703a04ea8b25afree QBoard version 1.1 suffers from multiple remote file inclusion flaws.
403ee0419bbc3bc1c3c988de3a81331b45c82e48550bc1f65ee95a0a66164231
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed