Ger Versluis 2000 version 5.5 24 suffers from a remote SQL injection vulnerability in SITE_fiche.php.
f1bd591c48448148fd348f7f0227644059f1c2c6a4306824267783b2e6a8d331Battle Blog version 1.25 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
faaa6c0707364c1b20aec7895084419f30188ae1662bbdfefe1345f0773ca028Super Simple Blog Script version 2.5.4 suffers from a remote SQL injection vulnerability.
2eaf78f0259db4226e81b5847645bc8773165a6abee749b4d5675396c8055510AJOX Poll suffers from an authentication bypass vulnerability.
468b81bb47c7541464a43fee4a02f03bcd6be3130560edff0cb36970890793b7This paper describes a practical attack against the protocol used by SAP for client server communication. The purpose of this paper is to clarify the fact that the protocol does not sufficiently protect sensitive information like user names and passwords.
f6435814e3afad6ebb4262a9c614cacd418277717cf925da94343a17ae06aa57Gentoo Linux Security Advisory GLSA 200907-14 - A directory traversal vulnerability in Rasterbar libtorrent might allow a remote attacker to overwrite arbitrary files. census reported a directory traversal vulnerability in src/torrent_info.cpp that can be triggered via .torrent files. Versions less than 0.13-r1 are affected.
2e799ebd355637e542c267e8331df9e50b6992123a5c166740bf71f8ea5e2b8eSuper Simple Blog Script version 2.5.4 suffers from a local file inclusion vulnerability.
366768ae70b606de0d7bb00223af59b1fc919d438c466bf9f3b0ee254fcbc30dPHPLive versions 3.2.1 and 3.2.2 suffer from a remote blind SQL injection vulnerability.
19f6ac6b2c16407931d51161f7b1340078dfbd0f6f21782112ec19793cd93b2cVS Panel version 7.5.5 suffers from a remote SQL injection vulnerability.
7839ca6fc4dba932d7af30ad329307b23f38f2a2d632705ad899c57b60423e56Linux 2.6.30+/SELinux/RHEL5 local root exploit. Works on both 32bit and 64bit kernels.
3709a659201e1e4914bcbd137c9f08224a39b712f0e57cf22a9cbec5957de619Ubuntu Security Notice USN-804-1 - Tavis Ormandy and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges.
b8beb3fe604ec782db3bd384c85199c455906f54b4b92e94931ef02d23954d69American Airlines' sites suffer from a local file inclusion vulnerability. The author was ignored when contacting them so this is being published.
fda78076c0e5b1cc9ca87be6898c56ce10b32556cded3690d40d24dba883f27eZenPhoto Gallery version 1.2.5 administrator password reset exploit using cross site request forgery.
1a2d15c4041d20cefe60ca298054f060cd86c3a57e3568f9c13a0d676329c67bOracle BEA Weblogic version 10.3 suffers from a cross site scripting vulnerability.
9a650695810614f4973ffb7f573662e9896423657f31d2bd9a505ef52184447aOracle Secure Enterprise Search (SES) version 10.1.8.2.0 suffers from a cross site scripting vulnerability.
94834e7f4609e3dadfba3ea1aae38f276c43166e3d130a1e1273d767615609e3Android, an open source mobile phone platform, improperly checks permissions when applications access the camera and audio resources. All 1.5 GRBxx versions are affected.
4b7c6f448acecc2ccbd344ea7c61afdac0b498f3432e5044a92d1cb41fd80890WebLeague version 2.2.0 remote SQL injection exploit that performs authentication bypass.
56b80450b2e49f96bb4663e79307fcd502f54b0769bdafc927f32604532ca8deWebLeague version 2.2.0 remote change password exploit that leverages install.php.
3fb5da098010897a942a82ef5b38853ffffb816299b2b2dcd1eaab4ba881e30fWebLeague version 2.2.0 suffers from a remote SQL injection vulnerability in profile.php.
31375ea467033249c5fefe4dcfc75e0793b59e42aba3f44914bbbb9f5d6ebb4bInfinity versions 2.0.5 and below arbitrary create administrator exploit.
1474e48bd198bb26943a78a4ab23baca7ad396e18632ca7d374d013fcce3e1b5Harald Scan is a Bluetooth discovery scanner. It determines Major and Minor device classes according to the Bluetooth SIG specification and attempts to resolve a device's MAC address to the largest known vendor/MAC address list. Written in Python.
a2dd70511dc23d8b1a5e3c9c0c58ad172b1d2b69b541733b29c44ff752626bbeGentoo Linux Security Advisory GLSA 200907-13 - A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Versions less than 0.9.9-r54 are affected.
0845b919b201ac150850dea798592c3e2d37064dc4f6d888379d713a2eda6d3dDebian Security Advisory 1836-1 - Vinny Guido discovered that multiple input sanitising vulnerabilities in Fckeditor, a rich text web editor component, may lead to the execution of arbitrary code.
8aca73d4db5e9a83ca752db9f342ac157518676f56efb95cb2c291cfe066ef03OnePound Shop version 1.x suffers from blind SQL injection and cross site scripting vulnerabilities.
f02ec4164088a06aa297e0f32460d74139b7180ff68c5f86d50a6be94eea8f03Audio Editor Pro version 2.91 suffers from a memory corruption vulnerability.
64622995076d75dbace9f66f378ed9f87ac2c88ce07f202f1987657ee9ec774e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed