Pardus Linux Security Advisory - Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges.
09ba3aabe11ce628dd002e7e470cfaad9ac27bf2961b1c53674a2baa0abb20d2Mandriva Linux Security Advisory - A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name. The updated packages have been patched to correct this issue.
0d264688899d2167dbf887dabf91ffafa4e1aa4caa375f120055a0a33aaacc86Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to. The updated packages have been patched to correct this issue.
0dc99c6c3ab906e3b0709a979337a18647bdbcec87cc66e91e250ed08b60ca71Quick Poll suffers from a remote SQL injection vulnerability in code.php.
5686bff39f61a500a3204eb66356fee3d9fb1f3156d41f24fcdf5cba3a10eb49PromoProducts suffers from a remote SQL injection vulnerability.
c3b9b233e3fe27351ad61ec0c34ba42881996f5881aa468eec2a6b2e60749e31PHPizabi version 0.848b suffers from directory traversal and cross site scripting vulnerabilities.
892b7aea775321174eb57821836fb8b3f0ba6c5e7507a247bdda03f69f1e2332ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
a579badec7e234710ee75cc8b2bf53bde89b620fea98e4179a88079f9f52bfd2FlashGet version 1.9.0.1012 FTP PWD Response SEH stack overflow exploit.
0999f84090712d0d9b6a50064b2335063f19efb2bba617ce908e6a3735abfd8bdotCMS version 1.6 suffers from local file inclusion vulnerabilities.
238cf060ce4e3175071ef6fb197d302bfd77b0beea9121b7c4c66dc8a7966ca0DeeEmm CMS version 0.7.4 suffers from remote file inclusion and SQL injection vulnerabilities.
d787870efeedc19a5dd2795d0b9e3476b92b63f7364d06fb37040036db053b81ZEELYRICS version 2.0 suffers from a remote SQL injection vulnerability in bannerclick.php.
e3d816079b8fecd18c1f8c057b3a53fdc2307774140c4fa258d6203a03f57c9aZEEJOBSITE version 2.0 suffers from a remote SQL injection vulnerability in bannerclick.php.
31625ddb184d54f18fa612a331415c2a32eeb02c999bdc786ff4d6f448450236ShaadiClone version 2.0 suffers from a remote SQL injection vulnerability in bannerclick.php.
00906d58bd32d12429817c4d1cc27ff3db60c9214c18108b33b1fd7ca6165d33PTCinvestment version 1.2 suffers from a remote SQL injection vulnerability.
5318f9c45d0b112eb698059860ac045aa90090242bd7e6b3093d0c8ab8c9164cACG-Surf version 1.0 suffers from a remote SQL injection vulnerability.
3aeb4ed950a34aef11bd8f0993cad36146acb0723e3a6a40701d351fec700e0fACG-PTP version 1.0.6 suffers from a remote SQL injection vulnerability.
47815fecb7ed5efa6bf4a2debb0682c229668f3f8adf341f2d2a5380b98572fcACG-ScriptShop suffers from a remote SQL injection vulnerability.
bcbb5dc68b545703117bf15b3d8946dbfa64af6fdb4900c35d65f7bdcd9b1745FlexCMS versions 2.5 and below suffer from a cross site scripting vulnerability.
c746b1b2dda11944f09900c41590192734b06a754c330cc44d0f6b8e096590e3MailScan for Mail Servers version 5.6.a suffers from directory traversal, authentication bypass, cross site scripting, and log file access vulnerabilities.
c252c1c307e05192c2fa09056a415178873dda926f748575fc4b8f2e466329e4munky-bliki suffers from a local file inclusion vulnerability.
0e8e019b4d3d68279c17cf46850f2ace75905d52adaa16468372bf70d0f6ce30Mambo versions 4.6.2 and below appear susceptible to more cross site scripting vulnerabilities.
f7e6879744083fa2020edf3ac311b6c0cc6a327d4062bb79b377d2ecb04dde87
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed