FreeBSD Security Advisory - The ftpd server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. This could, with a specifically crafted command, be used in a cross-site request forgery attack.
2e6c5b82c449c824228fcb5c04163a13250ea1166e252761a367a4dc98ca8ae5FreeBSD Security Advisory - Some function pointers for netgraph and bluetooth sockets are not properly initialized. A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.
68d6c56fdb87d6522cd80e38e97f33feb669cc5e02d6b6c06001e4a3bc436269phpLD version 3.3 suffers from a remote blind SQL injection vulnerability.
b8d5ad2be0ad3b0eafd2ce9db7db38581bb0e2a0a0f276e817665641d09f14efHP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
6bad1825bd45ef8bf1e89e87f023e29b3ea29e67cfd0f9625ddb382f30bb8dc8YourPlace versions 1.0.2 and below suffer from database disclosure and remote command execution vulnerabilities.Full exploit included.
bf6bd47311181eb315c8d4128b3b41645bc0bbaf15264b218123b220c36b26a9Debian Security Advisory 1688-2 - The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression.
f1c674abc89edfd6995906bf6df08c575d2f8acbbe6f8d1eb03b079f71356346Mandriva Linux Security Advisory 2008-241 - Multiple symlink attacks affect MailScanner Corporate 4.0.
0cca270a4a200073bacc1d788acece81468fc917a891f61fdbd3fc62d768f537The COMTREND CT-536/HG-536+ wireless router suffers from cross site scripting and denial of service vulnerabilities.
e8ded362a9983498004f611e7c08bf91296aaa17ce46c202c71ca17637298313Wordpress suffers from an unauthenticated forced upgrade vulnerability.
049f31a474dbed4dfbfa791b5e68172ea3a6c3e9b523e251a85274eba9a59934Core Security Technologies Advisory - The VNC server of Qemu and KVM virtualization solutions are vulnerable to a remote denial of service condition, when specially crafted packets are received by the host VNC server causing an infinite loop. kvm-79 and below and Qemu versions 0.9.1 and below are vulnerable.Proof of concept denial of service exploit included.
01bd71a91a20f1a4de30de7941ac9062a84bce1186954b18716f1e73c0183e1dSecunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an implementation error within the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to e.g. download and load an arbitrary library file by specifying a custom update server. Successful exploitation allows execution of arbitrary code. Trend Micro HouseCall ActiveX Control versions 6.51.0.1028 and 6.6.0.1278 are affected.
9e66c81942f275bd4c568096bc7e97c86af7fb3bae3a6bbeb0c68e9f7a7968a2RoundCube Webmail versions 0.2b and below remote code execution exploit.
f510b021ba4086a9fe8abba8d5295afa395890c7b73d7ad0f34567a43f3aa689RoundCube Webmail versions 0.2-3 Beta and below suffer from a remote code execution vulnerability.
6f1e717d91ae7845d24e204d2ad541c1ad9795b646ca4e880f3445f8d655db66Ubuntu Security Notice USN-698-2 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
4e244374ea539938e1f6f7982c0d57401709ea018fc2a14023fe9f1283920975Ubuntu Security Notice USN-698-1 - It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
d9dfe7061cd9c715a0607cd9560ce84412a88d2dbe4f4a431ec91723cd520c8cUbuntu Security Notice USN-697-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
d653df98d6170f274789b6210547268ba1a992b3243a8145e834c36ac982ae95Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.
5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2Calendar Script version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6fd54988a50b59ee196e214d2b0252177cc809aea052d0837a4b268586ab144dRSS Simple News remote SQL injection exploit that leverages news.php.
bb756d3e04a9000709bf12c1b00932f18cf7b6763796d665342dbfc1782cf102CUPS versions below 1.3.8-4 privilege escalation exploit.
fcaa2f0c97580164e7c63808d96436a666a8c9465fb6a71edc363e7961c2dc20CoolPlayer version 2.19 skin file local buffer overflow exploit written in Python.
a1338c28f1cc7234a7ce053f6b8e41eb7baf28d0b63bd79c306bc9720db1e6a7RedPeach CMS suffers from a remote SQL injection vulnerability.
4b0fef939f97b5f1b20e989bacee56cea4076e2dece817bbec620cc1a5f12c9fSolarCMS version 0.53.8 remote cookie disclosure exploit.
4ce54630bc31a4088939b8873f37d694991328643e2bd8c2372d26d2d7011501The Joomla Volunteer component version 2.0 suffers from a remote SQL injection vulnerability.
3615c71eb0caa276850e993f425808d02e80f161ae7670a965806a037b33fec2Pligg version 9.9.5b upload shell and SQL injection exploit that leverages check_url.php.
c63cc0e77524a408b8b6a10e33d4da38d7d8d100056530404ad1218aa091bbd8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed