MagicISO CCD/Cue local heap overflow proof of concept exploit.
77b97ee12dc4806f0298958be98c27fc5629d49397a2188886760cb8e812b9ffchCounter version 3.1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8ad7b342e8a35bd56c62ef83b816939d5bc67739be6e6a24ef1a4a1aa485eb92SMA-DB version 0.3.13 suffers from multiple remote file inclusion vulnerabilities.
f87ac85bec4c33c5beb2fa573e7eaaffc60fb46c2614fe13640bee0d06da6b21cpCommerce version 1.2.8 suffers from a remote blind SQL injection vulnerability.
27cfa068d3abf366bb0788a9d6b15ed1283ce8b8c6eaedf874215519a9e61f79Gentoo Linux Security Advisory GLSA 200904-15 - An error in mpg123 might allow for the execution of arbitrary code. The vendor reported a signedness error in the store_id3_text() function in id3.c, allowing for out-of-bounds memory access. Versions less than 1.7.2 are affected.
09d6f2d6c14ac8477c9ce49993f7a075374bc302e68f8890d03a7dc54fee33e6Ubuntu Security Notice USN-760-1 - It was discovered that CUPS did not properly check the height of TIFF images. If a user or automated system were tricked into opening a crafted TIFF image file, a remote attacker could cause a denial of service or possibly execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10, attackers would be isolated by the AppArmor CUPS profile.
1dc005a96043f91675c0fc03534f4c08210de405a4aefa245c34a31195540b39Ubuntu Security Notice USN-759-1 - Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that poppler contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
14e966272b90da16305a171fc41d502e1415a3d0aafed6a4309ae8fa86c08257Apache Geronimo Application Server versions 2.1 through 2.1.3 suffer from multiple cross site request forgery vulnerabilities.
ab5151d75750e8854022e1daadf9746179f3b968add34b790f5e180eac99a1b6Apache Geronimo Application Server versions 2.1 through 2.1.3 suffer from multiple cross site scripting vulnerabilities.
e8321a196336ef16412f41549f949538a9bfa174b2f175f96d8ec1d1d089e4f9Apache Geronimo Application Server versions 2.1 through 2.1.3 suffer from a directory traversal file upload vulnerability.
627efca106e9f4c52417dc49589cac5b6d37ea40b23ea7ab81e7972801c513deRazor CMS version 0.3RC2 suffers from cross site scripting, weak file permissions leaking credentials, and arbitrary php code execution vulnerabilities.
d61b736cb56cc63118de4b8724efe8e19395be8880c3afc5815d4f34a12fc74eDNS Tools PHP Digger suffers from a remote command execution vulnerability.
ec660b6d37e02eba3c95fb0e3ee53813fd0f6107f5f100abd1345efef2ba594eThe Miniweb webserver suffers from a buffer overflow vulnerability when a URI longer than 120 bytes is requested.
5a08caa755b97e6424b028ae4230790373b5632da79d11cec1c837b2926f63d1The Miniweb webserver suffers from source disclosure vulnerabilities.
c7b9a1482824e3ff857859d3ba1617294fc236ecd37dc80cb1ca9727368fd1ebApache ActiveMQ version 5.2.0 suffers from multiple cross site scripting vulnerabilities.
facd8b60c03d9cdd1f29564d4160b000cae88832aec7d172e4d7c88393a2f1a5webSPELL version 4.2.0c suffers from a BBCode bypass cross site scripting cookie stealing vulnerability.
05756b992189d870ebd23c42d21edcc6b7a2a6b86f274a8e1810bca1b4fc9f8bOnline Password Manager version 4.1 suffers from an insecure cookie handling vulnerability.
8ca8a657c644216555343514088de0b86ce35bc4ec67fda4d0d5b8ac3a8a14c9NetHoteles versions 2.0 and 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1e35c9bb06eba2a17cb279c353bd101e311e145473f1093b0fa9dbe349e95bbeDebian Security Advisory 1772-1 - Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon.
ce2e8b55c9a2b21b04a8bdd7c9e64cc29f98349742be875d9a6eb64c1050de6eSecunia Research has discovered a vulnerability in Danske Bank Danske e-Sec Control Module ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in DanskeSikker.ocx within an error logging function. This can be exploited to cause a stack-based buffer overflow by passing overly long input to certain methods when the ActiveX control has been initialised in a specific manner. Successful exploitation allows execution of arbitrary code when e.g. visiting a malicious web site. Version 3.1.0.48 of DanskeSikker.ocx is affected.
0c49f548014bf47c1e0f20a22462665573baebd5130752d4f8f8b83d773e45d4Unprivileged database users can see password hashes in APEX version 3.0.
4ea827b7dad31bf7f8a520ba5bd15585d49f4dbefc840fa534832c2dba249d7eThe package DBMS_AQADM_SYS contains a SQL injection vulnerability. Oracle versions 9.2.0.8 through 10.2.0.3 are affected.
7794e9874a4f543ae4589f703f2f702dc64a787fe98e19f45a20c036e3247932The package DBMS_AQIN contains a SQL injection vulnerability in the procedure DEQ_EXEJOB. Oracle versions 10.1.0.5 through 11.1.0.7 are affected.
5964a7374194365921ab37c0db44964a7c72c74b0ff677173feef43536686a35Phorum versions 5.2.10 and below suffer from cross site scripting and cross site request forgery vulnerabilities.
d13f52b1d448646ea2389ea7d32b171e6472f6818b842fd48829fb6eb42fc5d3Geeklog versions 1.5.2 and below savepreferences()/*blocks[] remote SQL injection exploit.
01f186f7d9475a21bd6726d4df16f0d0bb6421ab3a8a03f626b9833f14455435
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed