Gentoo Linux Security Advisory GLSA 200706-07 - Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code using an unrestricted file upload (CVE-2007-1639), cross-site request forgeries using different modules (CVE-2007-1638), and a cross-site scripting attack using unknown vectors (CVE-2007-1576). Versions less than 5.2.1 are affected.
32e1a1bd5e7b7ce827d5f2dee5bdea8dd5fa451b945e4c3a0c11088f11815542Gentoo Linux Security Advisory GLSA 200706-06 - Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Versions less than 2.0.0.4 are affected.
a7d915b8dee1a1dbf0130d00d257b5daf6d8bdba894d7bee66a3e62a661019beDebian Security Advisory 1315-1 - Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validation if configured to use Sendmail. This allows the execution of arbitrary shell commands.
f255210e60be7f0487fa144f186a573db8354ad9901767162942729c5c012e8aW1L3D4 WEBmarket version 0.1 suffers from a SQL injection vulnerability.
433606e9bfbc7fcdd3b374f544107fce3348a6ab959812ba710b2d401261ceefHP Security Bulletin - A potential security vulnerability has been identified with HP System Management
6d87d50fb9824e334817a07fa88b27c6537eab444d9cab61219d0000901cc177Debian Security Advisory 1314-1 - Several local and remote vulnerabilities have been discovered in open-iscsi, a transport-independent iSCSI implementation. Olaf Kirch discovered that due to a programming error access to the management interface socket was insufficiently protected, which allows denial of service. He also discovered that access to a semaphore used in the logging code was insufficiently protected, allowing denial of service.
2e3112d455b4181c431639e215f8985ead559c096d2fbaab69a734e13de5e615Various commercial IPS products fail to decode HTTP requests that contain 0x0c, 0x0b, and 0x0d instead of normal 0x20/0x09 separators.
8bd2fb21a6f9fe779b10b9809f5d7d778051d40abcfa264fa44340d85608f90aDebian Security Advisory 1313-1 - Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.
249deea05498f73ad4a3f06eaa45d4b64df7f87b34781ca7512de62b516383b5A persistent cross site scripting vulnerability exists in the Wordpress.com dashboard.
dfaba2f61102da0059c193b2576ec0cfd98b29788b91f7a724667e8fc3e02e19The 5th ACM Workshop On Recurring Malcode (WORM) 2007 Call For Papers has been announced. It will be held on November 2, 2007 in Alexandria, VA, USA.
7ab6cf12db2ea05d1265b04647eb4163b4b0157453df2402b32375452ad9bdcdYaBB versions 2.1 and below suffer from a local file inclusion vulnerability that allows for remote code execution.
af958fb5a94edadc7e8f93f91b70ddb2da76329318f1774e91870c90573fdf8eMaraDNS versions 1.2.12.05-stable and below and 1.3.04-testing and below suffer from a denial of service condition.
cca3d3cbe71291d82a55ef07a0fd35c34a7406574ef85478cf3e3bce4d8b2042FuseTalk version 2.0 suffers from a SQL injection vulnerability in autherror.cfm.
5ebbcffcaeb54aea7359861858adc1e00f52b63b66cc98e800d62c35c2366cd1iG Shop version 1.4 suffers from an eval inclusion vulnerability.
503e256e013dda3871574a243225434a0123140b50e47040b3018897fbd6b358Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.34, 5.0.0 to 5.0.30, 5.5.0 to 5.5.20, and 6.0.0 to 6.0.5 suffer from a cross site scripting flaw in Accept-Language header processing.
d999b15d8c14e8f9941eb0de2b9fcc406bb711763d4e143d20615de1a557bab6iDefense Security Advisory 06.18.07 - Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable.
eaec603cc0f1fc35245ab560fc482e2cf32d55c0def227512013cdcf240eb5f1NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
b681fdbe64e05e8b559c50487a0c4848bd09463d30edb907db2df1c0d2d0001bVinetto is a tool intended for forensics examinations. It is a console program to extract thumbnail images and their metadata from those thumbs.db files generated under Microsoft Windows. Vinetto works under Linux, Cygwin(win32) and Mac OS X.
1dccf3385e5654d4cb3bbf6a757e3639b142249f8e4badbdc7f8f2388a1f6367Nmap Parser is a Perl module that simplifies the process of developing scripts and collecting information from the XML nmap scan data, which can be obtained by using nmap's -oX switch or from the file handle of a pipe to an nmap process. It uses the XML twig library for parsing, and supports filters.
dac4ca1a6fea3548a0920a2be3347bbd7d46166ad9080a8403533fbca96928dcPHP version 5.2.3 Tidy extension local buffer overflow exploit for win32.
77ab4ff0f5a046cb4cf44bd4a513d14d0712af937e419f340866aac22359816dFuseTalk version 2.0 suffers from a SQL injection vulnerability.
79e424a6046bfd9991c3bc4708f02f767edba1870e8667c40d360d161345227ffuzzylime forum versions 1.01b and below suffer from a cross site scripting vulnerability.
9ad9b369d80b57ebf091d1522196700efe20e03fd1e34f801017dcbdfef0aadcWebif.cgi suffers from a local file inclusion vulnerability.
d547b0f34f12329ecdd8498cec0bf1512aebabcd06b980ebfceddc93406b6a97PHP Hosting Biller version 1.0 suffers from a cross site scripting vulnerability.
7e237f155c2757d24d19d980e4a283173fa888e2c6f77f59c9789af664d74eb8Debian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
d6e583ec69a0e856aaa4acac15a004b79f0f9e922d60c725400771ac6e3f4fd8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed