Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice. The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.
092e93a632b4f71f1943c00dcb9e6057e53974a29bc4c51666ffe12ca8e5216bZPanel suffers from a remote file inclusion vulnerability.
4a39bf3c9c6b6df1e3441f7a0ffee9ceaada3bbdfb746c94cc410f462ed867b6Mandriva Security Advisory - Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user. A one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script. The wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets. The odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability. Several flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors. The zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script.
18391d23f8ac63acf2dc26095670e78b9ee5c2e7df2047dc6d9537a7f19b12e7iDefense Security Advisory 02.22.07 - Local exploitation of a multiple vulnerabilities in IBM Corp.'s DB2 Universal Database allow attackers to cause a denial of service condition or elevate privileges to root. Several vulnerabilities exist due to unsafe file access from within several setuid-root binaries. Specifically, when supplying certain environment variables, the DB2 administration binaries will use the specified filename for saving data. This allows an attacker to create or append to arbitrary files as root. A heap-based buffer overflow vulnerability can occur when copying data from an environment variable. The variable contents are copied to a static BSS segment buffer without ensuring proper NUL termination. Consequently, this allows an attacker to cause a heap overflow in a later function call. A stack-based buffer overflow can occur when an environment variable contains a long string. By specifying a specially crafted value, it is possible to overwrite the return address of a function and execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions, including those installed on other architectures, are suspected to be vulnerable as well. These vulnerabilities do not appear to affect DB2 Universal Database running on the windows platform.
09df12ba44beb0cc8e4477c6f4fb75f9a7c970e77bb169d5f4a4df77e6f107d6iDefense Security Advisory 02.22.07 - Local exploitation of a file creation vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability exists due to unsafe file access from within several setuid-root binaries. Specifically, when supplying the DB2INSTANCE environment variable, the setuid-root DB2 administration binaries will use the home directory of the specified user for loading configuration data. This allows attackers create or append to arbitrary files by creating a specific executing environment. Additionally, the user's umask settings will be honored allowing the creation of root-owned world-writable files. iDefense has confirmed the existence of this vulnerability within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions are suspected to be vulnerable as well. This vulnerability does not affect DB2 Universal Database running on the windows platform.
1989b85cc13f94e99dddc67be7f28d0a74be65db652bdfab5ead4c5f02235ed9iDefense Security Advisory 02.22.07 - Remote exploitation of a buffer overflow vulnerability in VeriSign Inc.'s ConfigChk ActiveX Control could allow an attacker to execute arbitrary code within the security context of the victim. iDefense has confirmed the existence of this vulnerability within version 2.0.0.2 of VeriSign Inc's VSCnfChk.dll. All versions are suspected to be vulnerable.
8e11b5a86287947d6e98a1ee645cd769de9dabe7cefca09ff17e2c0516f99dc3Exploit that demonstrates the vulnerability in ReadDirectoryChangesW() for Microsoft Windows 2000/XP/2003/Vista.
4478745e135e06387cd47d9eeaa660d45d71036448847dcdbc5d5e4abacc8449ReadDirectoryChangesW() in Microsoft Windows 2000/XP/2003/Vista does not check a user's permissions for child objects, making it possible to retrieve information about objects that a user has no LIST permissions for.
28c243a93150e7391b8dd5ee991fbdddfc48cde9df598f7cf90b32d70425b91aWebSpell versions greater than 4.0 suffer from authentication bypass and arbitrary code execution flaws.
8467b9c101022d381e98b3f6b888b3fa5bea9ca1d685b2b19003a3b4eb7b32eeSaphpLesson version 3.0 suffers from a remote SQL injection vulnerability.
4191c77b83545b3a5230769cdf352867d4e1d60895f0e0a3ec3622ef2c788439Ubuntu Security Notice 426-1 - Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
a2bd833851d5b49599235e19bbdcfe3342dbf5172b8b1585051a91ff93865253Pheap CMS suffers from a local file inclusion vulnerability that allows for the editing of the file.
842a4df23f9fcebd6f8dbbf0b19d3f06ea6eca1f4fb7445f7998f76cb1e57915LoveCMS version 1.4 suffers from remote file inclusion, local file inclusion, upload, and cross site scripting vulnerabilities.
b4c06f402594787fbc8b67891cda22645a46914265b6ada776a3002230fd2924Plantilla PHP suffers from local file inclusion and arbitrary file upload vulnerabilities.
d53e7f84c572bf34aa070959ae84e569085bd859b897f5c9f4d3e2a490b8d59eUbuntu Security Notice 425-1 - A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users.
41c46478402143500bbce4296f3dce61208093c8929a01e4320377193fad7b16It appears that JBrowser may allow arbitrary access to admin/config files.
163a53866c4d1a2a6661658c02b315252b9f2ed5699f413d10c1fb1b0fb29dbbOracle 10g KUPW$WORKER.MAIN Grant/Revoke dba permission exploit.
2b2a2c1994b6e9c6d95cb67871f10ed05558ba23f150d2c9d6502ec1ac587ef1Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba permission exploit.
be5a7a117a5a7138a5af86ccc0c243dccb203c6067e135b0be15cdfa6f512e7fOracle 10g DBMS_METADAT.GET_DDL SQL injection exploit.
22c37030fed27531bd03cd47fbf64604291cb410a853d7c205fbe3c52718599fOracle 10g ACTIVATE_SUBSCRIPTION SQL injection exploit.
63a34d4339cc73a678fd778fd38273ebf49cc26f0f23ea869cf27b25d83b7500News Bin Pro version 5.33 local buffer overflow exploit for .NBI files.
8aba7334b89fe40eeb725e4af83382b7b7a283b8cf978741119330a896e0bb9fNortel SSL VPN Linux Client versions 6.0.3 and below local privilege escalation exploit.
9c95beab9a1a6800137bcdbd9e39045411aaf4de0ddea50b74e4cab410e371e1FCRing versions 1.3 and below suffer from a remote file inclusion vulnerability in fcring.php.
2ca777c25926fd1a771c059cdfbeedcd92a3197f42bfddd250467349a24cd37eSinapis 2.2 Gastebuch suffers from a remote file inclusion vulnerability in sinagb.php.
6e6e28f6a33f4d1b2e6762923990c9a2fe6c1264c02a3695a54f0bea04850836Sinapis Forum version 2.2 suffers from a remote file inclusion vulnerability in sinapis.php.
d4f73e1e7ef3e9c85f034078ce4c2a0767cb0cf4b037222e444097258dd8c1fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed