SEC-CONSULT Security Advisory 20081219-0 - Fujitsu-Siemens WebTransactions is vulnerable to remote command injection due to insufficient input validation. Under certain conditions, WBPublish.exe passes unvalidated user input to the system() function when cleaning up temporary session data. This vulnerability allows an attacker to execute arbitrary commands on the affected system. The vulnerability does not require prior authentication and can be exploited from a web browser.
4fcccde253345cf5e3f0f4106c7f74d8b15fb08e20a6c514630001cb3f299309JA-SNMP-Reader is a simple Windows executable that reads values from an OID of a given SNMP Agent.
f79868f69d225f4308f36d526a18a2d328f8c100707c806272d882961a3d5febNew script that exploits the very, very, very old phf vulnerability.
019371e115ef1e5f7c22f50f06a0b178a7b66d03de1c24b4361814c83f8f415fKsplice is practical technology for updating the Linux kernel without rebooting. It enables you to avoid the disruptive process of rebooting for kernel security updates and bugfixes. By making it easy to keep your systems up to date, Ksplice helps you avoid the security and stability risks of running out-of-date software.
6c2345b2737e7efe38db87ef4da9d5a9b582ced20141bb8ea97215118970bf87dietsniff is a tiny tool for analyzing traffic on a network. It is not intended to replace well-known tools like tcpdump or ethereal. It is intended for the case when a small and especially static sniffer is required. Accordingly, it is also by far not that powerful, and is also bound to Linux as a platform.
3e7c2c47da2d48008a1433d1f22cc5872cb178b7fdbad557b0f5e47ec2732eb3Constructr CMS versions 3.02.5 and below suffer from directory traversal, database configuration disclosure, and SQL injection vulnerabilities.
8908b832dd7e2db1b424f4b9917043856c22abaee2f5b23ac11aab5ffa5bc102FreeLyrics version 1.0 suffers from a remote file disclosure vulnerability in source.php.
f1541579debf5757b4f11c9594466e8377d21a68420f8e87920d73bbfc0845f2Extract Website suffers from a local file inclusion vulnerability in download.php.
7408a2b8415be0d4829898d7e23adc262d21eaea9c368b98351780b53db5355bOnline Keyword Research Tool suffers from a file disclosure vulnerability in download.php.
f26f222bb6d29381eff01b3bcd67f0257d8e7a2c8dc9c0c0c96d4890f9430f39Gobbl CMS version 1.0 suffers from an insecure cookie handling vulnerability that allows for administrative access.
2a7cc21cdd7afbae98f73da97637186e73f07262ecd3d465d722804050e40c99Gentoo Linux Security Advisory GLSA 200812-19 - Two vulnerabilities have been discovered in PowerDNS, possibly leading to a Denial of Service and easing cache poisoning attacks. Daniel Drown reported an error when receiving a HINFO CH query (CVE-2008-5277). Brian J. Dowling of Simplicity Communications discovered a previously unknown security implication of the PowerDNS behavior to not respond to certain queries it considers malformed (CVE-2008-3337). Versions less than 2.9.21.2 are affected.
b32ba72341374ae1aaf8bbe760d230f8539182bc7d93feb0dc89b4807dcf3baaHP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
060a4c69b772c5dbbe93812a8abd274eb7234e26034b2a9e635c88b055b0e945Multiple sites on Sourceforge.net suffer from local file inclusion vulnerabilities.
d5d7639990f19a6cdb90802b8b4c6cbc3303e7d07277527d231b990b19462570Realtek Sound Manager buffer overflow exploit that leverages rtlrack.exe version 1.15.0.0.
134faf3432cd881dea3a0ee215beb947a5c4de7a19d014bafdbd98aa209de733Ubuntu Security Notice USN-696-1 - Emanuele Aina discovered that Avahi did not properly validate it's input when processing data over D-Bus. A local attacker could send an empty TXT message via D-Bus and cause a denial of service (failed assertion). This issue only affected Ubuntu 6.06 LTS. Hugo Dias discovered that Avahi did not properly verify it's input when processing mDNS packets. A remote attacker could send a crafted mDNS packet and cause a denial of service (assertion failure).
4ed8338613bd90bd9db4370e94dd72fdf7c7aeb5538276764c37e414ec7895f3OneOrZero Helpdesk version 1.6.x remote shell upload exploit.
780c96fbf034819075a9a3cb2dc05aeab8c58c211a6cb6c2f02d589d69069320MyPBS remote SQL injection exploit that leverages index.php.
19e4a423cd72942e5ab709588e3f87869f16e3355583f54c909ec7ab1c417d43MyPHPsite suffers from a local file inclusion vulnerability in index.php.
2ee794daf137781320ca735673c2a215b995317e48931e20e0cda93dec97c7famyPHPscripts Login Session version 2.0 suffers from cross site scripting and database disclosure vulnerabilities.
c974a27f358ad5825e23a363f6e732b521bf7b04da139805c8d1167c4adb6d02ReVou Twitter Clone administrative password changing exploit.
09a92eefcf18c327fafb1fd705b5c7acf080fe8f62e95dda962ef16b8023a95fInjader CMS version 2.1.1 suffers from a remote SQL injection vulnerability.
2b8e91e3d21f060d0479c319f74259381a056ccd90b8fbf2e48753541e99f869PHP Clan Website CMS versions 1.23.3 and below suffer from local file inclusion, remote SQL injection, and cross site scripting vulnerabilities.
d45c28aab7c91960a39308081bf1c245f4be13a82331f5b6534a6fdbfaf0d2f8Secunia Security Advisory - A vulnerability has been reported in SPIP, which can be exploited by malicious people to conduct SQL injection attacks. Two additional vulnerabilities with unknown impacts have also been reported.
7fddda19489d535b75f4499b4127fdc1d609073d789b649eddbc564a999b0f8cSecunia Security Advisory - Some vulnerabilities have been reported in PHP-Fusion, which can be exploited by malicious people to conduct cross-site scripting attacks, and malicious people to conduct SQL injection attacks.
b96207480c0508272f82ee664e13926b941e2c857b9fb52349993a6c8ededca8Secunia Security Advisory - siurek22 has discovered a vulnerability in ThePortal2, which can be exploited by malicious users to compromise a vulnerable system.
eaced42a4cdf5691918488068186b09d9f58efa7c434ab78ed4f843660c479cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed