Gallery version 1.3 suffers from a cross site scripting vulnerability.
229c231ed66b5072f0c7252f95e68d812e05b303a3c4d0c7da35829d556a4e5cTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
bc9e8bf841ef64f8b06eef91eeab430f91147a3c4d7a6919826fa33b20453387The remote manager in Novell Netware version 6.5 suffers from an HTML injection vulnerability.
d55104ed15bb268ae818564d5a27a9f645fab016c404a789b83dd37ee602b8f7Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.
6c9094554c9bda05ea0527025db2031ca7ecdcbbd3fbd883d35e2efbd4657bd8The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination. xine-lib versions 1.1.14 and below are affected.
6ca037f9e8d51e3f07cc53661d3f13706366e6df2b215a8e1e7ad67c75a07c41Secunia Security Advisory - Some vulnerabilities have been reported in La!cooda WIZ, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, and malicious users to compromise a vulnerable system.
dddce2566ca62ebf43305489e657b15b449fc0e6bd919b159536de6783de3ab9NoName Script version 1.0 suffers from a local file inclusion vulnerability in index.php.
b5059165ce522db5dd2e0b5206223b1d4b94a64fe55acb6439d7c5039ff49ecbVim version 3 suffers from multiple arbitrary code execution vulnerabilities.
0df0a0a662b76dfb71b8da8346939e317d1a638e718c3ebbea161707aec73cf4The OpenVAS Team (Open Vulnerability Assessment System) has started a contest and calls for submission of patches, scripts, converters or anything else that significantly improves the OpenVAS framework and extends Open Source Network Vulnerability Testing.
1c902166709d7c8418dfe56f54563cd1fe810521ea6823311102d7a389bdd9f5The call for papers is open for the Hackers to Hackers Conference being held in November, 2008. It will take place in Sao Paulo, Brazil.
ca3ffb6085d139655ca4126b5ac7c5b71af894cfc51d4d84edd39f71d5f94d05Microsoft ASP.NET ValidateRequest filters can be bypassed allowing for cross site scripting and HTML injection attacks.
991d123ab5c384f1961576752ae8de0178e17504175d1d5b7d6c72a0c878c48bSecunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication. The vulnerability is caused by insufficient entropy being used to create a random session token for identifying an authenticated manager using the web management console. The entropy in the session token comes solely from the system time when the real manager logs in with a granularity of one second. This can be exploited to impersonate a currently logged on manager by brute forcing the authentication token. Successful exploitation further allows execution of arbitrary code via manipulation of the configuration.
ca4e60fcbf1cd56bcfc9d59316819297548491779e2e6b28a1bfa5e6428c35cdWindows Media Services (nskey.dll) on Windows 2000 Server, Advanced Server, and Datacenter Edition all suffer from a stack overflow vulnerability. Using an Active-X control that is safe for scripting/initialize, passing at least 9752 bytes to CallHTMLHelp will overwrite the EIP and remote code execution may be possible.
7dd68791afc2235b0b12444e2fd32dbc8395c768e03a777ceda41ac3bed58fe0Secunia Security Advisory - Some vulnerabilities have been reported in Uniwin eCart Professional, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
64d1ea95b532d350e1f3917c6cb8b48c8e7ec8ca44fcdfef869dc476e99f712fSecunia Security Advisory - e.wiZz! has discovered a vulnerability in phpBazar, which can be exploited by malicious people to conduct SQL injection attacks.
761fa4d60c1d2b1ec30d44bec7b23b2468f1fa3af0697914fa0492a9082dde8dSecunia Security Advisory - Doz has discovered two vulnerabilities in TimeTrex, which can be exploited by malicious people to conduct cross-site scripting attacks.
30fd1519a195ddc0ca12be11a80e14a8df9442a91d4e788676341841fe6931e4Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially bypass certain security restrictions.
c4b8d901e7dc1770dd557f04bb11f4d032e42a8739d26e8e8bfd954a6cd9631dSecunia Security Advisory - SirGod has discovered two vulnerabilities in Easy Site, which can be exploited by malicious people to disclose sensitive information.
cba64fa0703e020df75bf072ad8c7d5cdc71c21dcf9494b7145a7da9477628a4Secunia Security Advisory - Red Hat has issued an update for openssh, which corrects a small number of OpenSSH packages that have been tampered with.
cd7d275235c1f477c544de546d82937b5e30ea3baf51fed2c84c991eb3bfbbeeSecunia Security Advisory - A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
c1448671788db90cc9e0be174b3cc2bbbb7d0498828078c7c7e9b862a77280e2Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue.
0ebde274e431550f35a889527dc2b914d5dea262f2c261477dd76032479d4aaaMandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them.
21ab26995f3e8ac3cf68bea088a9613c7a17cdd32ee933bb7754a04a8a14dea0Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
cc1af7aa9af190d5e08578ee557ea3356fcedf52d35bb1e99c652fdbdc04649dDebian Security Advisory 1630-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution.
a2c27af084e632dacda1f2b548a743f20c48db967b5e065f17020aa096f656a0tinyCMS version 1.1.2 suffers from a local file inclusion vulnerability in templater.php.
1582e2ca40a2b46e1501addfce561fc531390d74107c85fe4c7b39dd88104320
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed