Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations.
64c0d6bb5d20b7e80d61e3b01e950b386ab4f342fb3fd98a58f74c5a526861faphpPrintAnalyzer version 1.1 suffers from a remote file inclusion vulnerability.
d43cbe2771c421b971cd38e22a372d9d57492d47f451434feb09190d0fe092d1Visual Events Calendar version 1.1 suffers from a remote file inclusion vulnerability.
75020592805d639afcf8daabad884969a7d69dc0a7f4ff6d09b6d939de288fbfsupport.microsoft.com suffers from a cross site scripting vulnerability.
dd667967abd9313f5e3ed103fbf17192ad8233dd97ee552d4f3dfb4ad5b94d0bGentoo Linux Security Advisory GLSA 200608-12 - x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as Type 1 - None (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server. Versions less than 0.8.1 are affected.
bd8ba8a189b20cd9adb8ba1bebf430d0937e96dd6c6c3ed235a4ddef5186e0d8A vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Computer Associates eTrust AntiVirus WebScan ActiveX component that suffers from an automatic update code execution flaw.
f059d93f3e5fdefd00dc26cc0db8c68bc420bd854835abe3cfc406b1c793be6dA vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Computer Associates eTrust AntiVirus WebScan ActiveX component that suffers from a buffer overflow.
07917638c533a36330de4bce9a9ce32bb7fe9f296e1363730c32cbfc1dd88239Debian Security Advisory 1144-1 - It was discovered that one of the utilities shipped with chmlib, a library for dealing with Microsoft CHM files, performs insufficient sanitizing of filenames, which might lead to directory traversal.
969507f75e16d0da21789dfbed22209563931bf4f4b5e5390322bd35654969e1Virtual War version 1.5.0 suffers from a remote file inclusion vulnerability.
16ac36c876bb77f7e36d94be5d825adbe8a9b77aeabb7d2db84cdfed3ae489aeSAPID CMS version 123 RC3 suffers from remote file inclusion vulnerabilities. Full exploit provided.
a1d65b8c50c6523f4fa371f407a7d84f02f90653bfa135df4cecfbe994f8d604DeluxeBB version 1.08 suffers from cross site scripting, cookie manipulation, and login bypass flaws.
a90b0f09b50e6261b3f81346a06391f4cf2cdae02c2728dbedce86c8e640613fMultiple security vendors suffers from cross site scripting flaws.
96d0c64dfd30a00e049471937e63b6119124db5ddbe2e457afcc2490e8d8cb7ePHP Simple Shop versions 2.0 and below suffer from a remote file inclusion vulnerability.
eada1e3cd13b3b7d455c2f79ef604cf54cf267a1166b8527072560bd17ef0723Simplog versions less than or equal to 0.9.3 suffer from a cross site scripting flaw.
eb59ea468bd182569b858e442883b4232152491074a825e3802783973dfd12c5Gentoo Linux Security Advisory GLSA 200608-11 - A vulnerability in both Webmin and Usermin has been discovered by Kenny Chen, wherein simplify_path is called before the HTML is decoded. Versions less than 1.290 are affected.
be68c05e8366abbcff2de4a9138e4bbb917e867697384003edd894134766b7f5Gentoo Linux Security Advisory GLSA 200608-10 - Some input is not properly sanitized before being used in a SQL statement in the underlying PostgreSQL database. Versions less than 7.6.86 are affected.
501cd5ab722f988bd1d47c5ceea6361b6ad0fb7149a0b32cb3b46c0b7992e834Exploit that demonstrates a buffer overflow, null pointer, and various format string bugs in DConnect Daemon versions 0.7.0 and below and CVS versions 30 and below.
8807c8d003b4964eba00b9529d772a87aebf2d8b4bca9e47c984ee1ec93e4d25DConnect Daemon versions 0.7.0 and below and CVS versions 30 and below suffer from buffer overflow, null pointer, and various format string bugs.
bc1a9d4bd9c0889527376f1fa4d9277d7ede8899b4991e7509e1ea91740c54afGentoo Linux Security Advisory GLSA 200608-09 - Jean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the date_format function. Versions less than 4.1.21 are affected.
6344f2da964060a6e18fa95d6b8e182a416b4bc8bd795360b5923dac85fc2ff8NEWSolved Lite version 1.9.2 suffers from a remote file inclusion vulnerability.
b94a714b01a7cac1aed3f4ba2fbf9267c804bdbcd12f5d54a261aa7e0f9fa7d4blur6ex version 0.3 suffers from a HTML injection flaw.
2e07514470e415c80b672d7cf47d1242dddc90108bd5bae4e4ab3b6e55836ec5phpCC Beta 4.2 suffers from a remote file inclusion vulnerability.
04358395d6d195b7f65dd10195a39266a05467cf4c2f9987d605c495c1179095Microsoft Internet Explorer crashes when refreshing an iframe containing an XML file with an XSL stylesheet. Examples included.
c0242fec458aaa2953e6e16ba6372c74d06d4d072a0658dd873e8f6d90a2a1f1XennoBB versions 2.1.0 and below suffer from a SQL injection vulnerability.
78cf7e1f6805b827d327c4cb9c119d296866947d5f4537d04f32eea461442b65
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed