Bluedot CMS suffers from an unauthenticated remote file upload vulnerability.
e52fe98f33d42a0e32c447b813d37a97aff489f49053507cbb934871f70d3533Kasseler CMS version 1.3.0 suffers from local file inclusion and cross site scripting vulnerabilities.
960e320a162aa963101f64d3bb25212aa97aefd716af1b465c966bfa0e7a52f4Thelia version 1.3.5 remote code execution, remote file upload, and validation vulnerabilities exploit.
b395f719dff7637357db79b49ffc855c914e54212781f978584a7be59c707179Safari using Quicktime versions 7.3 and below RTSP Content-Type remote buffer overflow exploit. Binds a shell to port 4444.
3ae2df615d9e4a9958237076c63fea6b950f858678fd4999524ca7ecf87996c4CMailServer version 5.4.6 remote SEH overwrite exploit that makes use of CMailCOM.dll.
ea0b0242a0fc727b78e7e6fb28226cc14dcc1fd48573abb0cd3ab7f3773e2bf7Mandriva Linux Security Advisory - A vulnerability was found in gnome-screensaver 2.20.0 that could possibly allow a local user to read the clipboard contents and X selection data for a locked session by using CTRL-V. The updated packages have been patched to correct this issue.
856f8db83fd3e04b5b28f303f9008ca2e2b8e46a184fa73cfe420863014ed630Mandriva Linux Security Advisory - An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service. The updated packages have been patched to correct this issue.
d0d3c8b5ed8a1da403fb42d6a0ee7b6726a9aaa5ff7a50b893de74b1a75cc8eeMandriva Linux Security Advisory - A denial of service condition was discovered in Sympa versions prior to 5.4 that allowed remote attackers to crash the Sympa daemon via a malformed email message. The updated packages have been patched to correct this issue.
ec39b639b918df016c71edcd834969c4fb8b52e6740bbc04df433e55dfa91233Mandriva Linux Security Advisory - A vulnerability was found in gnome-screensaver prior to 2.22.1 when a remote authentication server was enabled. During a network outage, gnome-screensaver would crash upon an unlock attempt, allowing physically local users to gain access to locked sessions. The updated packages have been patched to correct this issue.
db1fd54bfb61c2ea50edcb42a6982539a04cc059a046ec15aa3893a6d4f9df0aMandriva Linux Security Advisory - A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.2.2 release. This update provides version 2.11.7 which is the latest stable release of phpMyAdmin and fixes CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, and CVE-2008-2960. No configuration changes should be required since the previous update (version 2.11.2.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary.
111ac8a31b58f8fecdc3b03bf5f9410ebb9e17423d9935e13fa0a53a6e8c3e8dMandriva Linux Security Advisory - An integer overflow in the zip_read_entry() function in PHP prior to 4.4.5 allowed remote attackers to execute arbitrary code via a ZIP archive containing a certain type of entry that triggered a heap overflow. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The updated packages have been patched to correct these issues.
0edaea08014bc6c30ae3a3b2bcb1063f187d429361d166a693111557ccf96ac7Mandriva Linux Security Advisory - Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The updated packages have been patched to correct these issues.
36c685354707ed85c37d537fa3d18fa1b4cdf1dc975794ed6df7b5c8b8e59c42Mandriva Linux Security Advisory - php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request. In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues.
a957e83af46278fc9927d4b20a07a5126ff6e3efeacf1d3c314a8c6362e8f534Mandriva Linux Security Advisory - The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request. In addition, this update also corrects an issue with some float to string conversions.
983189b46f7172be5f967d2c4586512e100842f9151f6b89c51f240979f59cbaMandriva Linux Security Advisory - PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed. A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request.
ce9b044b78980ef6d383b1f63b8399d81b2ddddbe899ab732db688d002d50709Mandriva Linux Security Advisory - A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems.
462dab3e1f36a6a4ce46057d21433dea88b99d76289a74f98523fde4a31b12baSite@School versions 2.4.10 and below session hijacking and file upload exploit.
6d51de712c6cd5d2def192149da1adf51eacce0cd0ecbac1cc50f0808efd93e1The Joomla DBQuery component versions 1.4.1.1 and below suffers from a remote file inclusion vulnerability.
2b23ed557f790207a63755c717fd6827b024ed61634b6c2f28f4b2a7b487ba19Joomla is component version 1.0.1 multiple remote SQL injection vulnerabilities exploit.
20998a2bf2ac4d1edd7f6947dedc2dad496801fc6304ef54cb100d7707e2b6a1Joomla altas component version 1.0 multiple remote SQL injection vulnerabilities exploit.
3f5da0defafb7a9afe521eb5fad2602434f5e1e4a4a1090734b9149003bacd36phpWebNews version 0.2 MySQL Edition suffers from a SQL injection vulnerability.
a4a5231424e378960ec0b55cd1427ac869eec5f0573097b5500e9a2d58fe11ccphpWebNews version 0.2 MySQL Edition suffers from a SQL injection vulnerability.
01f0791f72ea18e3a37ea5cebf341ec4442b39edb2b3a970a4b3026eeef15dacDebian Security Advisory 1601-1 - Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users.
8822869f8cd95f90c21a34e417807e9f29bb5fe083285efafc6419d01e43f4f0CMS WebBlizzard blind SQL injection exploit that takes advantage of index.php.
fe40f3991bebe0ac24f272a6bf0d3ca48f3ad1c5b41e0e275984def748c0b425phPortal version 1.2 multiple remote file inclusion vulnerabilities exploit.
023914ad82267ee83dda061bf5bd114995345fa96d7a842e7d111ec018758819
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed