The WordPress Photo Gallery module suffers from a remote SQL injection vulnerability.
719359aa85b21086d1095eded92268c25a77428acde35791f74e34179c01fad3Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected.
5e507ee83dd4d3b8389548ad707c7aac948470813ce176533bdce320200609a2Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected.
74f7cf9f0ddd4ec6a0c5a4f28fc08f79c1d73098e569fc0abbf4cb2a3be65592Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected.
8bf45df376202d6711eed20603390cb4b0b0c422e4421f246c238374d723008fThe Oracle Application Server Portal 10G suffers from an authentication bypass vulnerability. Details are provided.
0c2ed4b2c1e511b8299cfe9fcacff6058ce880614d068dd399bb8d9b4104f115browserrecon is a framework that performs client-side HTTP fingerprinting. Be sure to hit their site to download the latest fingerprints database.
d37d7efea8951475554a42f5248c7e1de2b4115e3f323ebdd096383e01fbbb38Cyberfolio version 7.2 suffers from a remote file inclusion vulnerability.
4a36f9dc637fd62dcb97b4f1cca94f8279aa7891d6b8960e9a74c5fd0c54d2aeSazCart version 1.5.1 suffers from multiple remote file inclusion vulnerabilities.
39b655fac0fbfd552e663af393414770e97f1c391baf3fcaece23917a1ecf3edMandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick.
4714c0d9f8e5dfaf1b5ce24fdf58eea6f2209d9897c0195f9f9bf6a91cdf86e7cPanel versions below 11.18.4 and 11.22.3 suffer from cross site scripting and cross site request forgery vulnerabilities.
1dd189e68d90bffd276d1e91cd22ddf00a141d88a385a1ee2bb8568ce473d976Apache versions 2.2.x and 1.3.x suffer from a cross site scripting vulnerability leveraging UTF-7 encoding on 403 forbidden pages.
8fffd3a81ffabcbd3507f0163054297820bd7db26ac5b1589bffae4cacbe171dminiBloggie version 1.0 suffers from an arbitrary post deletion vulnerability in del.php.
8fe10757424a3d3524f530f11dca4370dff80fab079992bb16d49a3802d63e95vShare Youtube Clone version 2.6 suffers from a remote SQL injection vulnerability in group_posts.php.
cb3b0812c571c358a2d81dabcd88591f70e8fc32f927cc2fe30d43b4f079f9a1Shader TV Beta suffers from multiple SQL injection vulnerabilities allowing for login bypass and more.
c43b2c1b733de28e96f42f0c4b99fa9a6a818f1beb6381495fe83a7b603b102fRunCMS versions 1.6.1 and below remote SQL injection exploit.
24bea4343f175f034cfb33962271d7f6f0a4a13ca3bae96cf92d51f9e2099d51Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
4cbec392d9a6486af7b1b38947ab436be9dbfde7a3c25c85d952ad43583db738Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
cb9affb10e35e3e0cbe5ad83fb78323765de48ee9f6fa04423c630dfb3db55a8Ubuntu Security Notice 611-1 - It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
632eb63a27faa7f638c2e4c17fd874db900b4d4b30dfa91ddd206d98a106c675Musicbox versions 2.3.7 and below suffer from a remote SQL injection vulnerability.
bbac1ad70b18bca772744d4d9ec5c68067ed78e3871e7f78077ed602bd646f08CMS Faethon version 2.2 Ultimate suffers from remote file inclusion and cross site scripting vulnerabilities.
8fb4c0f344fc81a0f694bacc305e9c4a4de5c1ce989a73d6138ab30f5df22e4ardesktop version 1.5.0 integer underflow proof of concept exploit that takes advantage of iso_recv_msg().
76fb7c0182f22162b10ef53dc34f0663fab8c3ad651d898e08ac4c9bfc0f266aTFTP Server for Windows version 1.4 ST remote .bss overflow exploit that binds a shell to port 4444.
bf929207dc1e5ff6dd571d1a7e1dfdf799f9d9335376aeabc741e66fa685c92dThe Zyxel ZYWall 100 suffers from a cross site scripting vulnerability via the Referer: header.
cc7041be52252b1ce26e0f38eb43a0dd6aeeb46b920bb6dfa9085716ca030fd5SonicWall E-mail Security version 6.1.1 suffers from a cross site scripting vulnerability via the Host: header.
f7fcac283c39a39b7ba7514782f15b4fc283957bfc523140dbe2cbdef590cfd5Novell Client versions 4.91 SP4 and below suffer from a local stack overflow vulnerability.
0b94490a39176cad3cbe223bd377faf018f0fa52d93312a7bb2ef9b00caa4e9f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed