WordPress version 2.2 arbitrary file upload exploit that makes use of wp-app.php.
e3615ba509c5134cf8c8ab046f0939498ecebfe904efdf37d2c908beacd8ee87EVA-Web versions 1.1 through 2.2 suffer from a remote file inclusion vulnerability in index.php3.
15b51c2ca20967dfed1be0d23d5e9378dde61d5d32bfe061a3caa442b6c2038aphpSiteBackup version 0.1 suffers from a remote file inclusion vulnerability in pcltar.lib.php.
c15f8ed1a607da3a1ac5c714f34eec526bd4bc367a375d3cf0beaedc231ea9d6eDocStore suffers from a remote SQL injection vulnerability in doc.php.
e3be96d036a42982f6fb79111cf74e992a897d3c5b2112c827677d91a90d247ePagetool version 1.07 suffers from a remote SQL injection vulnerability.
bbb74469dd2079489b3d3d016b1faca6605a3d83a5383f894f11e57a120f6391Mambo and Joomla appear to suffer from multiple remote file inclusion vulnerabilities. Versions unavailable.
1f7e53adfcfbceb41bf299873bfc1fb6da23836fc81df035b7f99be016a520e3In Internet Explorer, using the mhtml: protocol handler and using Outlook Express's feature, arbitrary resources (such as HTML, image, application file and so on) can opened as MHTML formatted file and Content-Type: is disregarded.
379ef6bb17aaa05e0d8acff0481a2b322c0bc4e0908f5922391b81fb379775d0Mandriva Linux Security Advisory - xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
92555421d2dc923d15c2bfb45f542e1a5fd7a2573294255b84ddd68b9c72ac36Ubuntu Security Notice 475-1 - Philip Van Hoof discovered that the IMAP client in Evolution did not correctly verify the SEQUENCE value. A malicious or spoofed server could exploit this to execute arbitrary code with user privileges.
ff622ba311e9c8544b1c98b631427e0bd81209035858f95156eb83039afc0983NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
493166dd08a51d3f9649ed02ad91d119b7c4e9944155acc66331ce161a4bb5daaircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
dd76f20083aca758c71ce8b7d9f0a4c0042b9720d508e48339bf0949fad5300cDreamLog version 0.5 suffers from an arbitrary file upload vulnerability in upload.php.
59f5b3042a39dbe1f084314049b2796d10598b7bdc8adeb05628e3abef7e9d9bSiteDepth CMS version 3.44 suffers from a classic local file inclusion vulnerability in ShowImage.php.
e935915db163e0614b51e2261d97467ae97d3dfb9dd295401fec57822ed52acf6ALBlog suffers from a remote SQL injection vulnerability.
2750d55d835b076c3b979b3ec2c742a997dc51c949292c8e0d90e0bd356ab8e4BugMall Shopping Cart version 2.5 suffers from SQL injection and cross site scripting vulnerabilities.
46720fdcc675f6e7a4bc33504ba326fa6c45ade1f50aedacb27ec5225130d046b1gbb version 2.24.0 suffers from a remote file inclusion vulnerability in footer.inc.php.
e2a5e4bddbf4ba8b7fb8fb88a180dd73265cc81a590f679384809d32e04a0f66phpTrafficA versions 1.4.2 and below suffer from a remote SQL injection vulnerability.
2666f54dcc788fc35d7123ef1bca7eeb611ff9987b9a09b4be0a09d8fe8a9eeee107 versions 0.7.8 and below suffer from an arbitrary file upload vulnerability where it lacks validation of a files contents when uploaded, allowing for php code to be uploaded as an image, etc.
aa50d2197930982bc4bc6a785f17fb6c9451ead90d85aa3a6e6c19c2d2944af6Simple Invoices 2007 05 25 remote SQL injection exploit that makes use of index.php.
789cdabb10ed368c6e0c0898ce6c41d7c02e5b41e543d26be07ed34759552d40DAGGER Web Engine versions 23Jan2007 and below suffer from a remote file inclusion vulnerability.
91201b7980a985b3e40666b929305296f37dd0b22c62fb5036860ce9d5caac77Pluxml version 0.3.1 remote code execution exploit.
314a2e05ffd4f6f727a1201243521b1913ade489d0e3a04ab29ba9b2d6be0f20Pharmacy System versions 2 and below suffer from SQL injection vulnerabilities.
3da0c7f24a703b1dd8d929b44cdc2f46e4aa8400891cba6b01bcb105ed4d397fMandriva Linux Security Advisory - A vulnerability in emacs was discovered where it would crash when processing certain types of images.
56ffd3a8cab07cec48cfa5ba3327016834016fdfe902668450969fd28fd8978fiDefense Security Advisory 06.21.07 - Remote exploitation of multiple heap overflow vulnerabilities in Ingres Database Server as distributed with Computer Associates International Inc.'s (CA) products may allow attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Ingres Database 3.0.3 as included with CA eTrust Secure Content Manager r8 on Windows. Previous versions may also be affected. In addition, any application that uses the Ingres Database may be vulnerable.
c10bd4cb55b515efc4bd6e42189843ba075f17c16299ac85c8c83f750e412b3bHP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
e5a43e5efcf385223415c39c4906d17907472c19caa56ce18bd8cf25081ce70b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed