Secunia Security Advisory - A vulnerability has been reported in Xerox WorkCentre, which can be exploited by malicious people to bypass certain security restrictions.
c3ddd6fa70932ad427b2150320b3404d43377de80b273fb54bd3615946b05874Mambo Galleries component version 1.0 remote SQL injection exploit.
020e18dc740741d5c6b935537a2bf786bf45789380be59ed34b809980be05739XChat versions 2.8.7b and below remote code execution exploit that leverages Internet Explorer versions 6 and 7.
b534b4fb9340dee50038954694252a34de3c6dc46ab05b7930efdc7a99e10264Butterfly Organizer versions 2.0.0 and below arbitrary delete category/account exploit.
4df461100faf76f44f0d88d0c81f4a9521f3a336e6e2cd75e1019d58f68a7a06GLLCTS2 versions 4.2.4 and below SQL injection exploit that leverages login.php.
1d0a1e44041a171de16fef1758ec4e3b9ecedd0b727dff3fd6f2c0f468e8a72bWebChamado version 1.1 arbitrary add administrator exploit.
5693b07d8c0650b25de4a139a7d312fbb125a34eaeebab97ed255a0fb4712198Butterfly Organizer version 2.0.0 suffers from SQL injection and cross site scripting vulnerabilities.
27e7a9b50ea406b286312c1baae9e6b17a1bfbf84cc2e13f16919539e21872a2Secunia Security Advisory - Mr.SQL has discovered a vulnerability in eFiction, which can be exploited by malicious people to conduct SQL injection attacks.
92aa17d5a277a5eb71412689cfd441a9156f27f2589793f6b9b00fbc5cbd935dSecunia Security Advisory - Red Hat has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
a99284d6236a2e6370593a2e808196c28c7aca61274673bbaebdd49e9d3a1de5Ubuntu Security Notice 612-10 - USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS with password protected certificates which caused OpenVPN to not start when used with applications such as NetworkManager.
c3b72d16aa6118fc55173675b125dd7cd1a8cb994d62aaa5135fe8223eb9d24eUbuntu Security Notice 612-9 - USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without a certificate. It was also discovered that additional moduli are vulnerable if generated with OpenSSL 0.9.8g or higher. While it is believed that there are few of these vulnerable moduli in use, this update includes updated RSA-1024 and RSA-2048 blacklists. RSA-512 blacklists are also included in the new openssl-blacklist-extra package.
6b39152d15d2e393478edc16a6f8b6180c8b6392791e69834fbc294e999cb484Mandriva Linux Security Advisory - An extremely long list of vulnerabilities in the Linux 2.6 kernel have been addressed. These range from various arbitrary code execution to denial of service vulnerabilities.
a1baaacae04cac19e83f286735a63be2d2be6d237b5590e6deca46530587d54bX-Poll version 2.0 allows for arbitrary file uploads without being authenticated.
14c885a35de75c0f8f8ed436999b3f366f2460105cdfc69a6ad9848e2f7dca1fSecunia Security Advisory - Some vulnerabilities have been reported in the Aggregation module for Drupal, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, SQL injection attacks, and potentially compromise a vulnerable system.
3ecdfd10c13ba8b4eea16e097b3bf90df8958582e42f61d8fc241ae47ee15218Secunia Security Advisory - A security issue has been reported in the Node Hierarchy module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
3cbaabd974673c742a48f5847e6e2655b5d8f5bc57f4c0b4dd2a5e84ee0d2791Clever Copy version 3.0 suffers from a SQL injection vulnerability in results.php.
8b16afb3026d153447b1405fbde962a13c506784d6c0d3040ee4c432506d8271Debian Security Advisory 1597-1 - Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code. Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code. An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.
598c2c3624c2168c61fa8dc631687dc79f5ab814823990471e931f59116fa2f1Debian Security Advisory 1596-1 - Several remote vulnerabilities have been discovered in the TYPO3 content management framework. Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserver user. User input processed by fe_adminlib.inc is not being properly filtered to prevent Cross Site Scripting (XSS) attacks, which is exposed when specific plugins are in use.
471a2d04c31c8ee0931d55f6bd61871f259c5b31380aecdf7ce89cdd04d48c6eDebian Security Advisory 1595-1 - Lack of validation of the parameters of the SProcSecurityGenerateAuthorization SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.
8bb80d9e191b414bb1fc52ae160f8716e0f93880b309bf094fa85c41663b059fFacil-CMS version 0.1RC suffers from multiple local file inclusion vulnerabilities.
cc8940857db2937d06b3b65cb495193c085a051b85e1a13d4d414bdbaa928332Gravity Board X version 2.0 Beta suffers from cross site scripting and SQL injection vulnerabilities.
957769915e8b386d76955b143c8f7ff571f1482d82cf97b705f9b8f41abdf2a4muvee autoProducer versions 6.1 and below Active-X remote buffer overflow exploit that makes use of TextOut.dll.
9deac2a2775b556312a4091242dce49642c82114a8a547e4335adff21c541a90Secunia Security Advisory - Jonathan Parish has reported a vulnerability in dotProject, which can be exploited by malicious users to gain escalated privileges.
b0eba8b59a32543fb2f38b70ee7a719a9f553399b15411d8c570fb7c10aa4562Secunia Security Advisory - EgiX has discovered a vulnerability in Achievo, which can be exploited by malicious people to compromise a vulnerable system.
c7d44fd1a1ec298ed61b8cda4a0d1a0f1e77c3bf97c74f5c72e14b842663dfb8Secunia Security Advisory - unohope has discovered some vulnerabilities in yblog, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1e07eb615f70abb15e1508f0ecbff7c17b37352c4cc8cb41bd8a67d607dc6e14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed