The Wordpress Page Flip Image Gallery plugin versions 0.2.2 and below suffer from a remote file disclosure vulnerability.
283261ff7da9ea8859483cb7af3007b56b40dadff53197dce81539c8d4a75463Mozilla Firefox version 3.0.5 location.hash remote crash exploit.
eebb83ab5074c9afe2b57616ec84944c9695df373c957e4d44dbbfc493853029FreeSSHd version 1.2.1 suffers from multiple remote stack overflow vulnerabilities. Proof of concept denial of service code included.
e1b2ce0109abe0bae36698e0f978538eaa5a35f9027ffd213a79b0eb0fe9f0efCoolPlayer version 2.19 local buffer overflow exploit that spawns calc.exe.
6a326e08914670dd6afbe441fc15378710139422b2dd25185d144997be8f65b0Debian Security Advisory 1691-1 - Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.
157ae4c1f93c80363f5da2039e5008842435f365223797ef677fa7894c54dcf7Debian Security Advisory 1690-1 - Two denial of service conditions were discovered in avahi, a Multicast DNS implementation.
ef1a5df07104978bb17173fe99f506005c7a6bbe6cf093b6fdec41e6a73983b8Text Lines Rearrange Script suffers from a remote file disclosure vulnerability in download.php.
c59e98d22160dd351c9c1933f211f6afc7e57ca40eddfd103573f93141b93dcfPHP Autorooter that encodes exploits in Base64 and then decodes them and compiles them with gcc.
dad858b67667d67dc91c0c6bb8aa6779134347d2029f21d5bec096a6b7bcf35dThe Joomla Top Hotel Module version 1.0 suffers from a blind SQL injection vulnerability.
6f22ebc140137da819b0f286f48bf924d93ac16b393af93f8b83ab53fb137ef4The Joomla HBS Search component version 1.0 suffers from a blind SQL injection vulnerability.
1cae474c508258abb31cb78738cba027c919fc77e9e9f1fba431d2eeb086d03fGentoo Linux Security Advisory GLSA 200812-20 - Multiple vulnerabilities have been discovered in phpCollab allowing for remote injection of shell commands, PHP code and SQL statements. Versions less than or equal to 2.5_rc3 are affected.
b64c3015b2c58dad5271775cfc8ac2573f3bd171282bd8f6f9014bacea41ac41Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted "notifyOnLoadNative()" callback function. Successful exploitation allows execution of arbitrary code. Trend Micro HouseCall ActiveX Control versions 6.51.0.1028 and 6.6.0.1278 are affected.
f7d4170d51380b50b3229bbdfbfd97b6500d5154c69263a2bc8fd599516ec324PHP versions 5.2.7 and below suffer from a mbstring buffer overflow vulnerability.
37409b5b7371a744b1320cc0009af571db7064e7ad18669697f3b62fd7f1c554IP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.
f1e7a41179e6ca09832589705d422c58693e434faa931221bf9f2ea7591f2e6dReVou Twitter Clone suffers from a remote file upload vulnerability.
5152b6d6335829c4eb7ba31b927b895cc19e93ebaca56d742e33a6c630d157e2BLOG version 1.55B suffers from an arbitrary file upload vulnerability in image_upload.php.
5166ee1e4ac3e08f3590cd372cfd2494601485705b85e26ea50cac54d8acf269Emefa Guestbook version 3.0 suffers from a remote database disclosure vulnerability.
dcb6f7303bb98a8da64202ec2bc3c5f103bef1bba28dded2b9f006bc537c6f8cPHPg version 1.6 suffers from cross site scripting, path disclosure, and denial of service vulnerabilities.
2266199981966fdd6ce2f1888616d9b1eec12414c6f09f4033e757ec091640e3Userlocator version 3.0 remote blind SQL injection exploit.
d598c900988e96844d8ce2942d0abeafffbcfcbb2581cef2b7a9fbe00e1431d5Debian Security Advisory DSA 1689-1 - Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
0de29b8fab2fefaeabb052720b162b9a757b181550eb52d0a9b16f8641460152Debian Security Advisory 1678-2 - The perl update in DSA-1678-1 contains a regression which is triggered by some Perl scripts which have changed into the directory tree removed by File::Path::rmtree. In particular, this happens if File::Temp::tempdir is used. This new update corrects this regression.
7a6ee91b53e6aa6c99a93729bd44c00a32faf2e6b49baa69e2c88266c1e40521Debian Security Advisory 1688 - Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667).
9dc7b0b9ca92f9e1f59c4c6542e5d806f993baedd0e6072fa1262af0d44fbd0dchicomas versions 2.0.4 and below suffer from cross site scripting and database disclosure vulnerabilities.
1b8f18a6119696049fa61d70058a2a3e5bd969f4ce3c9ad0e262db1258a56d73Cain and Abel versions 4.9.25 and below suffer from a denial of service condition.
cc0f2c00adaa4b10e6aab7f5ebb814d51f23ec4edc068c91330fa64c88fce7a0PHP APC versions 3.1.1, 3.0.19, and probably earlier releases all suffer from a cross site scripting vulnerability.
c66690481d643d9fbf46653f31c83ab29640eb3464a300d6fe92f7230590d5d5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed