Layered Defense Advisory: TrendMicro OfficesScan Corporate is vulnerable to execution of arbitrary code, potential remote exploit, and denial of service.
d46d632af7507a699b201db1a7e5a3a5c7485df1d3c8ec670aa194187ccb1299Hardened-PHP Project Security Advisory: phpMyAdmin Multiple CSRF Vulnerabilities.
e40ffbe0958042b15dbcb1564ad43ffee9340ea266a5fee5027f3c94193e276eVarious vulnerabilities exist in the FON free wifi service.
8ea74b8fe945edae4bd53ec05f5f387e6de5f100ff4df43b976dda7467357b51digishop v 4.0.0 suffers from a cross site scripting vulnerability
cdb09557011c05630463a0d3455e4e19eded103ea6e2ef97f1e859bbe651687bDayfox Blog v2.0 suffers from multiple instances of remote file inclusion.
2867e5bf5b3ec6d902f925b4a4e9408670f672427228ce6f5cbc7d4634c53f72Sunbelt Kerio Personal Firewall hooks many functions in SSDT and in at least six cases it fails to validate arguments that come from user mode. User calls to NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, NtSetInformationFile with invalid argument values can cause system crashes because of errors in Kerio drivers fwdrv.sys and khips.sys. Further impacts of this bug (like arbitrary code execution in the kernel mode) were not examined.
48b36a564e08298f7399b3ffc2aea164592dc780e90f026e72acc165c229fee6Microsoft Internet Information Services UTF-7 XSS Vulnerability
c8cfae828c5294e0255283416a6c2435779a4afd547fd8a52ac92dbe0906dedbDetails on exploiting the cPanel mysqladmin vulnerability which was used to circulate an IE exploit.
c936a8416885868de496e4242b7ed10a9d7f6e0be834330ccf44c86eff3e1eb7phpMyWebmin 1.0 suffers from a remote file inclusion vulnerability.
675b1497b4ee8135ba73e9649cedb24dbac14222544d84c2cb02d24a7874f42aYouTube.com suffers from a cross site scripting flaw in the hidden form field "field_sendmessage_subject".
1fe92e0e7d355275ef0b2103ee8b3133cb508661ea26a7d4c7f338966026333cYblog suffers from a flaw that allows cross site scripting attacks.
69fed74c73e91009865a0a7d5d139e00ab58094177b4ecfc20ccdaf5d94d0a9cOlateDownload 3.4.0 suffers from SQL injection and cross site scripting vulnerabilities.
d904f2cba172d62aa09051d46ea310ad95bcffdcd1e4a17729913a15f56e85fdOwl 0.82 suffers from a remote file inclusion vulnerability.
f9abbf8e402b2c4bf9b444f5d4adbd1d9f8845012f3e2a44a0870512fecbe1fePtl 0.2.2 suffers from a flaw that allows for local file inclusion.
006e8b1660545bb5990971e26796441553e6102691cde3cee204cfa4fede2e61phpBB XS versions 0.58 and prior suffer from a remote file inclusion vulnerability.
cb6536e203f267f9d431732e0e902a8fb8e5df190b646e0ca52384ae52ae053dMacOS X uses Mach exception ports to support the CrashReporter "Application Quit Unexpectedly" dialog, Problem Report dialog, process debugging, and crash dumps logs. On vulnerable operating systems, attackers can exploit the inheritance of Mach exception ports to inject code into SUID processes, allowing nonprivileged users to assume root privileges.
dc66c3b51c7c773705b18a72b7dc45d7174745dd453351257fb8bce4ed678bf6Mu Security Advisory: Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP [MU-200609-01]
f16c24e6e5e0894662a9bc5a294d4f5854f06b80208788c3261aef62da2517b7rPath Security Advisory: 2006-0176-1: Previous versions of the openldap package contain a slapd daemon which allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN), a privilege escalation vulnerability.
722923d68306f381aa03c7d0853269d27354c3cde93946aef564de4f116a3cc7rPath Security Advisory: 2006-0175-2 Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.
7402f00d579205e017edf9cc897a11b998a2fe9bea70b4c083cf64130422668aSiteScope 8.2 (8.1.2.0) suffers from a flaw that can allow an attacker to conduct cross site scripting attacks.
f29198f8303614abb10ec7a678bbdf818c2de6c4f125f466b953609741eabe51SPI Labs has discovered a practical method of using JavaScript to detect the search queries a user has entered into arbitrary search engines. All the code needed to steal a user's search queries is written in JavaScript and uses Cascading Style Sheets (CSS). This code could be embedded into any website either by the website owner or by a malicious third party through a Cross-site Scripting (XSS) attack. There it would harvest information about every visitor to that site.
ab08229f9a6ea3fe80e91cf97309e02f0a0606aa8ea3b1985c6e81d4195f426eTrustix Secure Linux Security Advisory #2006-0054: Multiple vulnerabilities in openssh and openssl.
7d7fccf68d4f98ce4b1d6f727cef7189498e02814248bb5a5085d6f58e0dc3bdSecunia Research 29/09/2006: Joomla BSQ Sitestats Component Multiple Vulnerabilities
4a10945e4b4e9c7ffb405280f105d7ebec08db3cf1d6ddfb45bebb717ef31faaFreeBSD Security Advisory: Multiple problems in crypto(3) [revised]
cf24f2e129bca457df67226f2da481a6cd4cd412bc1dd50076f6b090a5725090ConPresso CMS versions 4.0.4a and prior suffer from multiple cross site scripting and SQL injection flaws.
c41d3db8636e9f32928cd4ab0d505bdb2230d139acb0a530b82ed3b855c026b1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed