Comersus Shopping Cart versions 6 and below remote user password exploit.
85811285b1b4093109d8e4e05f1be5765126afdb74df6e742c9f6c53bb7dd482The Netgear WG102 has the SNMP write community (password) accessible in cleartext via the MIB which is readable via the SNMP read community.
3c51a78420a0df8febc79c022317d8f0c0dc20bcc300e24c5d2b80e393e67407Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.
b94ef4ce7d1b2e477a85e81fe7d6abeaf756a2d58b5544818985f2c20cb90bb6Sun Solaris suffers from an aio_suspend() kernel integer overflow vulnerability.
cf4e53dd00147f6634c2f3e122968aec17988d62f758b49a1e1ca73472516ca8BKWorks ProPHP version 0.50b1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b6bbb0e66ae2e75ec0215b724b061c743b547b2f5011beb78fdfca6831296b80Xplico is an open source Network Forensic Analysis Tool (NFAT) that allows for data extraction from traffic captures. It supports extraction of mail from POP, IMAP, and SMTP, can extract VoIP streams, etc.
2c7281e26af9f4375f1fba80d772b37b730c87d38141e6995bc2ead45f2ef103Gentoo Linux Security Advisory GLSA 200901-06 - A buffer overflow vulnerability has been discovered in Tremulous. It has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236). Versions less than 1.1.0-r2 are affected.
283ce7d4a6859f05b0f7055117edc77e5200ad422ef1eb33032e181fc0156290Gentoo Linux Security Advisory GLSA 200901-05 - Multiple buffer overflows have been discovered in Streamripper, allowing for user-assisted execution of arbitrary code. Stefan Cornelius from Secunia Research reported multiple buffer overflows in the http_parse_sc_header(), http_get_pls() and http_get_m3u() functions in lib/http.c when parsing overly long HTTP headers, or pls and m3u playlists with overly long entries. Versions less than 1.64.0 are affected.
06710cdf85609b49b9e02c8b791e5ed9458ce96767d0fc3900a9ba20f466791eGentoo Linux Security Advisory GLSA 200901-04 - An error condition can cause D-Bus to crash. schelte reported that the dbus_signature_validate() function can trigger a failed assertion when processing a message containing a malformed signature. Versions less than 1.2.3-r1 are affected.
e86dda15dbd223756769eb5a6cb0db3ff174fdfad0f95fb3aed50a8d3969a8c4Gentoo Linux Security Advisory GLSA 200901-03 - Two errors in pdnsd allow for Denial of Service and cache poisoning. Versions less than 1.2.7 are affected.
4b5ce9962aef3dfe259bf205679bc9936d66a6ddc9dacad36e520a30b4d74eceGentoo Linux Security Advisory GLSA 200901-02 - Multiple vulnerabilities in JHead might lead to the execution of arbitrary code or data loss. Versions less than 2.84-r1 are affected.
69352640345ae81ab7981ab3b11c54588fc1cefd02630aad6d89b1768afc9683Gentoo Linux Security Advisory GLSA 200901-01 - Multiple buffer overflows might lead to remote execution of arbitrary code with root privileges. Anders Kaseorg reported multiple buffer overflows related to long ESSIDs. Versions less than 1.53-r1 are affected.
87b26f86c4dbef558e268f86b44703fd0b09ecee788d360dbf8898c733914fafFast Guest Book suffers from a remote SQL injection vulnerability that allows for authentication bypass.
14c3690ed933bc52831e5ab1f0ff2a9092eea09d9f5ec96d3a9f52e6c125b408Weight Loss Recipe Book versions 3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
78b9d5e916666145255e4d539942673293977d62dfe3c79de13e8b3593f33e4bDZcms version 3.1 suffers from a remote SQL injection vulnerability in products.php.
3625a663d32f09d2bbaeb82eb5bf7087c73519bd5a02e5b64a62410ad0443e82Debian Security Advisory 1700-1 - It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function.
48e98cae2f44369a048191e19c766e168a60c960f19a7195602408e8f45b9e5fDebian Security Advisory 1699-1 - An array index error in zaptel, a set of drivers for telephony hardware, could allow users to crash the system or escalate their privileges by overwriting kernel memory.
41809d3fbd0f8ef9ec0b5f913140c8648d4d4ef0f00416c132443f96bf9575bdfttss versions 2.0 and below suffer from a remote command execution vulnerability.
f9dceb86f7d799e014489962bfe0f7f4d9c1b8bcd5b27aa4bed6d2986270c8ddSocial Engine suffers from a remote SQL injection vulnerability in browse_classifieds.php.
df900bc6ceba5c468fe4b4a16a21fc2e62a64a2c8620a293c827ded68872628bProof of concept code that causes Apache version 2.2.11 to crash when leveraging a buffer overflow found in popen from PHP version 5.2.8.
69cd17b5829ffa6527992c1503dcd45d99c32941edab0451a004965ef6fad5fcThe PHP-Fusion module the_kroax suffers from a remote SQL injection vulnerability.
52126f916308a0ef7fd3781c9acdbcc830556847649522a62aef59dd1e0dca06phpMDJ versions 1.0.3 and below remote blind SQL injection exploit.
71043bfd3e8f83fc8a1b7f4929e7c082135abd42023ca0557440c555c3e2a6f6Mandriva Linux Security Advisory 2009-005 - A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm. The updated packages have been patched to prevent this.
2493748ea4d2a9b36180e68cee133d311ce65680b96da22fdf380057be4be1d0Mandriva Linux Security Advisory 2009-004 - passwdehd script in pam_mount would allow local users to overwrite arbitrary files via a symlink attack on a temporary file. The updated packages have been patched to prevent this.
995db9d8e704d137acc94adf36b40d3c21069603dadd49461a20f850d20d6687Mandriva Linux Security Advisory 2009-003 - Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow. Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. The updated Python packages have been patched to correct these issues.
28d63a5f76ce1c5a97ac6618dfcd9bf320b89e89ddb038a765988adc6e0b6471
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed