NetClassifieds Premium Edition suffers from SQL injection and cross site scripting vulnerabilities.
b43100677b926fd9903b46e2e018b8d07d1e0852e00ca8bd3e5568e825432892Mandriva Linux Security Advisory - The 802.11 network stack in MadWifi prior to 0.9.3.1 would allow remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. The ath_beacon_config function in MadWifi prior to 0.9.3.1 would allow a remote attacker to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggered a divide-by-zero error. An array index error in MadWifi prior to 0.9.3.1 would allow a local user to cause a denial of service (system crash) and possibly obtain kerenl memory contents, as well as possibly allowing for the execution of arbitrary code via a large negative array index value.
e3151b1a8b7c3b4faba9dcc5cca7cea93eb4811e33e429f43521e7260dd6f38cVLC 0.8.6.b is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized variable, and one integer overflow in sampling frequency calculations.
9d50d0d593eec1f8c572771506616244c776d2031e6bf643f1e971280a0aa262Debian Security Advisory 1316-1 - It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images.
4ad6325e42b3ee76a6ef9587dfc8fd9fd9aac9aceb61f36ca2364f3dea711bf6MyServer version 0.8.9 suffers from a cross site scripting vulnerability in post.mscgi.
6935e24d4052fa148c1f5bc5c2e00468fb5f4b877628d08dd4dd131e4c794c4cMyServer version 0.8.9 suffers from a source code disclosure when a file's extension is capitalized.
208915fd4367e7c32cb5098d03ad184ddf1665f2886fe2d784c705f76d90c4dbMandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4.
2ae6428185a83a199fc21f5a307823d348f3b7c79bcacfa5610dac600f89cfcfMandriva Linux Security Advisory - The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. The updated packages have been patched to prevent this issue. As well, this update provides proper PAM configuration files for ProFTPD on Corporate Server 4 that had prevented any mod_auth_pam-based connections from succeeding authentication.
ad147280c64e52fd7ef4848541a3149f3cee31c56e0ab7c29920dbc42e6e83be51 byte Linux/x86 execve shellcode.
7148261b65d2c2d2dc75054e64cd5b5ab73e3dacbed95ec8d4ca1e2f765a06c9Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
2d0bfd6b12713502b9793d4c806fc5fe7acbe51d1b0c2df739190196f6509c16BitchX version 1.1-final remote command execution exploit.
39236b6f34aa43098be96a197d2a1fd67f7dbe49a90ce86bfe5f6d6b4bd2d92bSerWeb version 0.9.4 remote file inclusion exploit that takes advantage of load_lang.php.
df1e5f62e3ca9f4ed6f6538244f593f78f88d1582d5f3abdbc6b71ae3e9f54b7HP Security Bulletin - A potential security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to the system.
001e54c3893cfcbb0cfa635bfa9495de4a83561d0fc79701389790541b29437bHTTP SERVER (httpsv) version 1.6.2 remote denial of service exploit that makes use of a 404 error.
3d9cd2b6641a08df05e9e48119a0785c46ea878a27644269770669010d904411sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
d018a3c450f2814616d6e10df371981fd19d86b0ea6ec4a05bb5734096679281The CISSP web site is susceptible to a SQL injection vulnerability.
c0ba7d4f6b0c35ccde41a80a894e52f88473c0f530a29d4f1446f7c27eec8fc1vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability related to new topics.
e3fe34aa550e0f2f7d8c107bcf0b54ab463ac041adcd27f50911f56cd41efbd1vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability.
124cb4ff6f114f48f07ed87a69cd0995d57142a60c8e9fdc60831d2609800e0dFusetalk suffers from cross site scripting vulnerabilities in comfinish.cfm.
7cb8de6071c6b054856a55e4c81df2dfec3872f414bf4833c0610fe5074f3ff3Pixy is an open source vulnerability scanner that audits PHP applications for SQL injection and cross site scripting vulnerabilities. It is written in Java and also performs automatic resolution of file inclusions.
50824432cbbb0d2d08b83b3f850b36829dbcd2cb0e67f5b30bea566423e3c709Comersus Shop Cart version 7.07 suffers from SQL injection and cross site scripting vulnerabilities.
58ba2fa8052fb0819670006c7bdfa1d55906e1a7c84ecc9a82070d3947e29cc5Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.
49e35eea195f9ef8ba10b6f706e71bf6d035c1334146bf2abb1b501007b5e26fMandriva Linux Security Advisory - Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code.
1356f53c0be093f1e0bd3b4ef2b058cda07f258e1718e73fc47d12c584b5cfacApache suffers from some prefork MPM vulnerabilities.
4d61c28e91dc8056ee3f72cb7c70d86c713c92a2e12bcc5cb0afada3a83c3933Mandriva Linux Security Advisory - The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users.
2c58e81c7fdbf47fc1aff0fb58209c44403b34e89fa427097bb7f681267e7a30
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed