25 products from dMx READY all suffer from a remote database disclose vulnerability. Version 1.1 of Testimonials Manager, Site Engine Manager, Secure Login Manager, Secure Document Library, Registration Manager, Portfolio Manager, Polling Booth Manager, Photo Gallery Manager, PayPal Store Manager, Online Contest Manager, News Manager, Member Directory Manager, Mailing List Manager, Account List Manager, Billboard Manager, Catalog Manager, Classified Listings Manager, Contact Us Manager, Document Library Manager, Event Listing Manager, Faqs Manager, Job Listing Manager, Landing Page Manager, and Links Manager are all affected. Members Area Manager version 1.2 is also affected. DMXReady has stated that the following release addresses this security issue.
df486b4f263d494c527f0748fd3320759a556c925cc4697ca07841d882730977PWP Wiki Processor 1-5-1 suffers from a remote shell upload vulnerability.
83a7f6dac45df85481372ae895e5757e05aecbecdd7c000855ce907d244a11faExcel Viewer OCX version 3.2 arbitrary file download and overwrite exploit.
21c20712b13cc0aafe8584748354985796a09c4fdd4be07e3b6c9a78fc389323Realtor 747 version 4.11 suffers from a remote file inclusion vulnerability in define.php.
54a5e488d3d8ab34894543abe228dcaf53254229ee294d037ae9da1c4bb0cef4Gentoo Linux Security Advisory GLSA 200901-08 - Multiple vulnerabilities have been reported in Online-Bookmarks. Versions less than 0.6.28 are affected.
291be486814345377f4516d26b5d77146c3743894bf617849c8d7160a0b0d998The Joomla Portfol component suffers from a remote SQL injection vulnerability.
e14b7f15681ede07a072d0be5cc443299f5dc13e94dfcd39b4d5bc4ccfa5701bDebian Security Advisory 1703-1 - It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine.
2870f20bb99066f6892b5f6fa5169dbaaf0c0c11caa6558bdfeb5f57ca91f20eWordpress plugin WP-Forum version 1.7.8 suffers from a remote SQL injection vulnerability in forum_feed.php.
59b95836af54cf323cec67e10d4a75e3ddc488f6dc3663094f1660039f189a97Debian Security Advisory 1702-1 - It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. (Note that cryptographic authentication of time servers is often not enabled in the first place.)
da30bda0f6254fc59ac6cfd41f4e732342fec33fac7d90562e8150b9449d09d3Simple Machines Forum Destroyer version 0.1 that performs multiple malicious acts.
571c46e28eeed37f560de46ede3b84cc7932ce975f95677b6f5e13c306ebc67cDebian Security Advisory 1701-1 - It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).
82596423956ee15a8376f75613cf4b6a394787f41372c89ee99020f4389b471cProof of concept heap overflow exploit for Triologic Media Player 7 that creates a malicious .m3u file.
c0bca48398cfa9030b3e7438393431fed74cf74f7f12c95159f0e54b380f83dbShort whitepaper discussing the basics of ARP spoofing.
56f3378dd01789a74ddf49e5ff62368ae70ce2e7c90c4aef079ee4fb53ef02b7Whitepaper entitled Short Review Of Modern Vulnerability Research.
50f3d7b703ae7599064134dd9771cdf630e1cfeb90294a067782e794b36e361eWhitepaper discussing anonymous navigation of the Internet. Written in Spanish.
0b41da26eab88d13fad3fbc57615b994397df2dcf6b72b8b1ea628f55bd15e1dGentoo Linux Security Advisory GLSA 200901-07:02 - Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Versions less than 1.0_rc2_p28058-r1 are affected.
a0d17e5282ee3f678c9d2f0857185c3ffd590e9cd23b30ec57e917b7dd662cb4HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS).
c97f302cc2e1218201ba03418fa7066a3111c58abd5ae5cbf808dd294d809c85Ubuntu Security Notice USN-707-1 - It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. It was discovered that CUPS did not authenticate users when adding and cancelling RSS subscriptions. An unprivileged local user could bypass intended restrictions and add a large number of RSS subscriptions. This issue only applied to Ubuntu 7.10 and 8.04 LTS. It was discovered that the PNG filter in CUPS did not properly handle certain malformed images. If a user or automated system were tricked into opening a crafted PNG image file, a remote attacker could cause a denial of service or execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that the example pstopdf CUPS filter created log files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS.
a74367854a58a1911ddaa489d9fd8218667d9571e9707336bebfe1ff63c0d9c3Photobase version 1.2 suffers from a local file inclusion vulnerability.
da7323de95f44258f494317be4115529489d8d4e08c4dea0eaee5c57ce114b51SyScan 09 Call For Papers - The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScan is a non-product, non-vendor biased security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia. This year SyScan will be held in Singapore, Shanghai, Taipei, and Hong Kong.
e1ca1b1275ff1fd471ee95f39b99988e7bdb740df332b2077b9cda5d57d1a00dVisuplay CMS suffers from a remote SQL injection vulnerability in news_article.php.
26e8a8a80fa8c769b0fd4828b1331b5c7eb265a3cf81664e81039f5dc2f51629The Aethra SV 1042 ADSL/VOIP router suffers from a local password retrieval vulnerability.
976d182fc143e63de58d9115d3e6324a208d6c56c7b880013bebf560b4fa6866The Ovidentia portal generator suffers from cross site scripting vulnerabilities.
f5fdff9b27486dd9e03b03a1cdd8cdd6f4d5957803430461270a1bc7755283b7Interspire Shopping Cart versions 4.0.1 and below suffer from a remote authentication bypass vulnerability.
94975000acca58a49393a3f3d1842b09ca8ecd7cef44b79521ff5233267014a5Silentum Upload version 1.40 remote file deletion exploit.
098f53a317c79b74ca7317aac3e3675febd3f9fe398fadfd2b64a316a2a6c08c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed