ExoPHPdesk may be susceptible to cross site scripting and SQL injection vulnerabilities via the profile functionality.
c0556a8f46d27fc7724407ccbdeed757b5df0d02c379466e538a4e4ac7d38ef3iDefense Security Advisory 11.12.07 - Local exploitation of an input validation error vulnerability within Novell NetWare Client could allow an unprivileged attacker to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nwfilter.sys, file version 4.91.1.1, as included with Novell's NetWare Client 4.91 SP4. Other versions are suspected vulnerable as well.
39e537fefe55f9545bc7e0198660352f71e947724af29fd65f1b295a346eda32Ubuntu Security Notice 542-1 - Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
de02dcf4b1c56547ae229931ba3e629be0c36f1b5a080791408fb775db6cacc1Ubuntu Security Notice 541-1 - Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.
a27abc831119f3d1e5386ebe434c4a48c4e70b30efd0b059d269d68288fa5e63Ubuntu Security Notice 540-1 - Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac.
2704d7bff4993957b515ca03f5464f9be0727db457bfab4d84209626c73724aeTechnical Cyber Security Alert TA07-317A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.
ddb0309eda7034dc861a00dd7441209c08711c387a874a6fa4439b83c6bf5195Oracle 11g and 10g have a default password vulnerability during the install process.
9f5760b9411b159e7a5575efdffb65924eed9b9c2af42fc47a84c44578aa8694It appears that wp-slimstat version 0.92 for Wordpress 2.3 suffers from a cross site scripting vulnerability.
24465067d1965a38eb4deeb1a88bf8d31a76385acf53cd680e0524d68a388db1PHP versions 5.2.5 and below suffer from a denial of service vulnerability in stream_wrapper_register().
55afefa849f9b24c52ac2f9d033521975627a87a809b033cf22c8ae93dd5cef3PHP versions 5.2.5 and below suffer from denial of service vulnerabilities in the Gettext Lib.
02032c6549919b0100a46517749f3f2966f480b47656419d14d9176ca1bc11c3The paper shows that Microsoft Windows DNS Server outgoing queries are predictable, allowing for cache poisoning attacks.
e6bf106c2809b9fc55bd7e40137aa82ae7c1d6097a707860f8585ff0ea7fd84dphcct (protocol hopping covert channel tool) is a tiny and basic proof of concept implementation of a protocol hopping covert channel.
fa2070ea1a9984526ed0db20a7b0bcaa4c0c972d18a7c5e8f3f227e8d2ac4866Whitepaper titled Protocol Hopping Covert Channels - Protocol Hopping Covert Channels (PHCC) are a way to realize covert channels that switch between different protocols while a covert channel is established. PHCCs even can use a randomized protocol order and a mixed packet order to transfer packets what makes them hard to detect.
5e860930cb5e0a371339c0311a86cb658c505870ba95e5089106907f07b049f8Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in libpng including an off-by-one error and out of bounds read errors.
c37104d040ce7628fd58f11b0d8b28b5e2b0b47e751c023aecfe5cc2bd45047aMandriva Linux Security Advisory - About a half dozen vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from buffer overflows to denial of service flaws.
7d892c5c690906c9b13cf117500d7b5bf675ad403373a51160861752f86b5ac0MySpace Clone Script suffers from a remote SQL injection vulnerability.
59a0383d94e46266d3b88e0b56b42306114a294bbcc374f158df746ad5d475ce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed