Vt-Forum Lite System version 1.3 suffers from a cross site scripting flaw.
f9797bbb1dab51394ce6eb582895096e5a7f79d880d5a1f713ec91def5a9b103Debian Security Advisory 1225-2 - This update covers packages for the little endian MIPS architecture missing in the original advisory. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
9b5a61be1209a33b69d9033e026c5875223cfe93f68004bfb082f55278507952ac4p suffers from cross site scripting vulnerabilities.
9742cc8cffca81247322418075956e8d5d5a22a01dc917c118a77dff7e288e60FISH is a free file integrity tool that creates a file signature database (default db.xml) for the file types (ie. exe, dll, sys) specified in the configuration file (config.xml). This signature database is then fed to the FISH (sigdb in the config) at a later date to check for the presence of new, deleted and altered files. A brief summary is written to the console and a report (default report.xml) is created, highlighting changes.
67fabcb396b4141f8b2802bce355899c0dd23bd152dfabdb94073250099f2f4cSMFversions 1.1 Final and below suffer from a cross site scripting vulnerability.
c935e7021fc8cd55dad3b25ac642e258e71a8b21e3a7f1b96d775c147bb55f1aDebian Security Advisory 1225-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
b8802fbabc5d6b2f0f5b3911a56141d4315129662cbe5c6e2bb0d79426dfbab9Debian Security Advisory 1224-1 - Several security related problems have been discovered in Mozilla and derived products. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
ef157e1f0a10253e32a973c33caeb0b4bfdf188051acc761ef2b4b8cb9266c5aOnLine Bookmarks version 0.6.12 suffers from cross site scripting and SQL injection vulnerabilities.
ab552bbf4e4b4fab09a753ba4520b0c589e03113f7391334703db2562255b5adfl0p is a passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.
a6ccc98cfad2330b7baf0827c44657e35cb6c387ab1e55e4b3f8bb762b4161bcImproper command and information validation transmitted by Hastymail to the mail servers during the normal use of this application facilitates that an authenticated malicious user could inject arbitrary IMAP/SMTP commands into the mail servers used by Hastymail across parameters used by the webmail front-end in its communication with these mail servers. This vulnerability has been found in development version 1.5 and stable version 1.0.2.
a3e1f1a44710237610d3100801340ec499b4ad76630080fc5ed1b6ef649d4782ISMail version 2.0 is vulnerable to a cross site scripting attack.
c0a92aa12c829c1e72c2441655b5e46a090475e777aaa52e446e0739ca20c876Listpics version 5 suffers from a direct database download vulnerability.
c61c8acd1531fc32b4717c227bc07cc8db9a1d16f85af612cf1ebf341e3ebd1dMetyus Okul Ynetim Sistemi version 1.0 suffers from a SQL injection vulnerability.
460fc554c8f75f3d78505a041907e2628ff2735ca06f3f93531ac3272c7a5068The BlueSocket web administration interface is vulnerable to a cross site scripting attack. Versions below 5.2 are susceptible.
c6811675ab88b514fd32f50e74e601ef360a5b8bee5f7c36be46f781d442d4d0DuWare DuPaypal suffers from a SQL injection vulnerability.
9b4bd7d5ebfc31a53beb69d6e77955d38813f82e50163fdac194aa7d2273dcdeDuWare DuForum version 3.0 suffers from a SQL injection vulnerability.
8dcb61ca2e31d4ec20d015d8f6f6abd4c395cbaf80218dbce213be500c9ab04fDuWare DuPortal pro version 3.4 suffers from a SQL injection vulnerability.
163c03bf7d30480dc3dc13e5b65785f4ebeeda6ac5f6967bc6ace288ce88e98fDuWare DuClassMate suffers from a SQL injection vulnerability.
5a3614ecb663287960802cedff8e00fd96e1f40574d1755d728ffb4870c9ecc3DuWare DuDownloads suffers from a SQL injection vulnerability.
07ba511d6d0291f78ba3e3768e1247747f11f2a346d2ead2fe8e58ed19ad4b45DuNews suffers from a SQL injection vulnerability.
9a8e8aafdd6fde0ecc324911018ca2acef930be371902492d1862165f246b185Mandriva Linux Security Advisory - Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
105c2e68437eaadc52aaecc2706328d8c6621e2064ab473b94e18ab28b1e594bMandriva Linux Security Advisory - An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges.
8fff966183bc1fab582bbf39741a5eb8380a55dd138a2a7ca53a41a324d52e40iDefense Security Advisory 12.01.06 - Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with the privileges of the administrator. A heap overflow may occur when processing specially crafted packets sent to the Task Server or Collection Server daemons. This problem specifically exists due to an integer overflow when allocating memory for remotely supplied data. iDefense has confirmed the existence of this vulnerability in version 7.0.0.36 of the CClient.exe and Msg.dll files included with Novell Inc's ZENworks Asset Management 7.0 SP1. Older versions are suspected to be vulnerable as well.
e9a40c3458b59e53ba5d15197a2a5455f8843d85ded949fbb675a67d1cd6d2baiDefense Security Advisory 12.01.06 - Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with SYSTEM privileges on Windows or root on the various supported UNIX based operating systems. A heap overflow may occur when processing specially crafted packets sent to the Collection Client daemon. The root cause of this vulnerability is identical to that of the vulnerability in Msg.dll. For more information please consult the Msg.dll advisory. iDefense has confirmed the existence of this vulnerability in version 7.0.0.36 of the CClient.exe and Msg.dll files included with Novell Inc's ZENworks Asset Management 7.0 SP1. Older versions are suspected to be vulnerable as well.
28d4a5efc7015bd15fb43b1b53ad714be2b1de7923464ddd5634921634236645PHPNews version 1.3.0 suffers from cross site scripting vulnerabilities.
b5bb4cfb074891e879d885494e7dc1832241a2d66bb3259c18361f0cf5f66d14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed