Gforge versions 4.5.19 and below suffer from multiple remote SQL injection vulnerabilities.
5f39c45a4baa63a80d8e143281ef93aca4680340e668bcbf8374b59f64acb14aSecunia Security Advisory - Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system.
41edab51b9eabb74e24a3e06a6b96ee514252d33b3d249982fb9c3dc9cf62531Secunia Security Advisory - Gold_M has discovered a vulnerability in WebBiscuits FAQ Support, which can be exploited by malicious people to disclose sensitive information.
38a316c92fc735b9e204ba12961d13a2715f3f0367a1f1d3ea2624509f1fa6c3Secunia Security Advisory - Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious people and users to bypass certain security restrictions.
e1a797ca3817677c8885f5d3318ce72312939a4cf86006b73bac26e33e0e533bSecunia Security Advisory - A vulnerability has been reported in WOW Raid Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
954114ddef2e3fe435bcf752cdfe95f8949c51f219b8cee9920a5986023f9125Secunia Security Advisory - Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, or to potentially compromise a user's system.
6fad17d7c34f311043b21158772ea22affa890f5501c16634125d77831df05b2Secunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions.
da678e703a6fa2b5aeb3d81e7e0d1595e5993e61143e9812dd597bdc30715a97Secunia Security Advisory - A vulnerability has been reported in HP System Management
eafa59eab499255833d290bbef6b846701876c66f8194b3392b956254d3ea47cSecunia Security Advisory - Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people and users to bypass certain security restrictions.
42b19d6328d3f90bab34a3ce8cdd982a99c16590869800c12617482968059b5aA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x24 via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an under-allocated heap buffer. This fault can be leveraged to result in arbitrary code execution.
2e2f241dde28786d441fd226a1209ddc409de102aa7dfc08ee8090cd1f4feba3A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. This fault can be leveraged to result in arbitrary code execution.
44a615abf740f25d50244fd568194dcba7ed409571ff82290451df848136c1fdA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. The service copies the contents of the Accept-Language header within a SOAP request into a fixed-length buffer without any bounds checking. If an attacker sends a specially crafted request it will trigger an overflow during a memory copy operation leading to arbitrary code execution under the context of the SYSTEM user.
5840ddcb72ef4e12650df1c91d3757a8e4f619ad667323b5753125f0c7979511A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw resides in the web console running on TCP ports 8028 and 8030. The server exposes a web interface and accepts SOAP connections. While parsing the Content-Length header within a SOAP request an integer overflow can occur. This integer overflow triggers a subsequent overflow during a memory copy operation leading to arbitrary code execution under the context of the SYSTEM user.
38a79dcbde3c6013600496a7794fabf8f3a0febac8d2f97d06490235615cf4d7Debian Security Advisory 1649-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
2ee426fabf7376550434336783b657b3bfeef868a9e49cf45aae8c2a7e97c897Debian Security Advisory 1648-1 - Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks.
2bc95ddb924ed129059bdda507666b970012f243e9328b21b5580401a83095f9A vulnerability exists in Graphviz's parsing engine which makes it possible to overflow a globally allocated array and corrupt memory by doing so. Version 2.20.2 is affected.
74aec18b63e6c203563c8dffc4f13d382b97e59657719590779916c19ea1a725WebBiscuits Modules Controller versions 1.1 and below suffer from remote file inclusion and remote file disclosure vulnerabilities.
32cbcaaa4e1e1b36c5e88733632fd2442c73c0f2dbd0370f53561b987f5767fbHispaH textlinksads suffers from a remote SQL injection vulnerability in index.php.
56fc1399bb3de5e78692676479ed15b0ec3d224fc4a4e58fdd473db19bfe6f0aRFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r). This is the Windows version.
8823e322d5618f54002fd520ee198ee1caff9601abbea3fdbd0cc72243001e36RFIDIOt is a python library for exploring RFID devices. It currently drives a couple of RFID readers made by ACG, called the HF Dual ISO and the LFX. Includes sample programs to read/write tags and the beginnings of library routines to handle the data structures of specific tags like MIFARE(r).
efba533814093eb442f87b2d4ef1bf003d95cf112ffe87bb410d19f931dd318dThe Joomla Community Exchange component suffers from a remote SQL injection vulnerability.
2d71bd131c0b1d168db5df1fc42848e14eddee697acde552871b95f2b48ea032Cisco Security Advisory - A vulnerability exists in Cisco Unity that could allow an unauthenticated user to view or modify some of the configuration parameters of the Cisco Unity server. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
c4fc8f9c3f09807a1ff0b79fa0cdb5dd404c9a4c71d8d888471698e2777ec6fdCalendar Express version 2 suffers from a remote SQL injection vulnerability in week.php.
d0c8ae17a052b762f9f645b3cf0802fcf490da3598539cde1401e21c8a69f57eAdMan version 1.1.20070907 suffers from a remote SQL injection vulnerability.
d8247faf474b2c4a7371603581eae6dc43beb9d9b9d630ebab661c5b345dcd6dFucking the Web Apps - LFI #1. Written in Spanish.
356ae75f6959b920badc664072cbb6b3c7489c6b3f5a527af0aaa0bc5d6cc406
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed