DragDropCart suffers from remote cross site scripting vulnerabilities.
4ebaa71ac6ec43505ab1bd06019de28b0d12fe448804f7f71d0e31951c9f3f40AdQuick version 2.2.1 suffers from a remote cross site scripting vulnerability.
b76020a2273e45b73b2ff4b4e529cdffc6d66b1e9361d881d7e27f631d8c398fMandriva Linux Security Advisory 2009-155 - git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. This update provides fixes for this vulnerability.
39d32aba881272a63e274ce28478c3f7508d1473676796bd725c858eb0336517This is a small write up discussing hacking CSRF tokens using CSS history hacking.
3e6af417a275ddd4f54c378f68b635c72decc52dea98fd75f944c2507197f6a4Gentoo Linux Security Advisory GLSA 200907-16 - Multiple integer overflows in Python have an unspecified impact. Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. Versions less than 2.5.4-r2 are affected.
83f11df9306a46ee89e4bdf5f479bc6fdfd41403a1d91c6881a4ac7ccb57d69cGentoo Linux Security Advisory GLSA 200907-15 - Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Versions less than 3.0.6-r2 are affected.
15854a35770c10a91cb609a48f4a7774e8d4d6d67c4cbc672de3009f5242e9cbThe Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
0c25720b101ace36c2d6e8690e52d2db9f39acb3098ead4872c97e1417281062Audio Lib Player local stack overflow proof of concept exploit that creates a malicious .m3u file.
adf6280c849a7c4d9c69cbb45dcaeb3d1b0def0ee05bbd9af9276fe1004a04c9Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
68640aa0222c406ac5779aa923ff6eb803a2686f3bc9dbf6c05f30e8f42d668cEpicDJ version 1.3.9.1 heap overflow proof of concept exploit that creates a malicious .m3u file.
ae42c742c5a52c7d5f38c249fd54427b00eee76fdd4d700ba218edfb8e28fef9FreeBSD 7.2 PECOFF executable loader local denial of service exploit.
6f5a0d5595aec23366df2e82623382d86a0e722426a0bc0df53b9ed926f3c18bMandriva Linux Security Advisory 2009-154 - ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding. This update provides fixes for this vulnerability.
a5fee68b57120e41bed46b987cdbc7a95a0deafc41924ab3c7874ee821b6b438EzWeb Calendar suffers from a remote shell upload vulnerability.
cedee4084efb833603e32661d6e22ae7deedf823cc31ea5d7df9b25280ddffa4Netrix CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7f2263198f509825c76599f6ce24eff41adf1eef7a4089034b839c0ea26d30daDebian Security Advisory 1839-1 - It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the "good" set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code.
020ddb2f99726ee66c9b9732bf1f93b25eb40f76f4839221462e3ab20e4797a8Tahyeess.com suffers from a user validation bypass vulnerability.
7bce473c26152c91988189b9c93a54aa280e29d3f361384b1de11d7fec256e5dSilentum Guestbook version 2.0.2 suffers from a remote SQL injection vulnerability in silentum_guestbook.php.
8bdb60706184f8ce425454b11b114a5aefa0cd0f3e4b1f3141c3dcfc17c787c4Debian Security Advisory 1838-1 - Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges.
45a80afc1cf274d6f81ee8a06edb00e8789a356accc2864d719d6ad7602ddbe6Pulse Audio setuid local privilege escalation exploit.
f0999000ab3ea0a79806e55c0a5c67d933478e0f8285df18faae4f664ed09b5aDebian Security Advisory 1837-1 - It was discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. This issue was caused by an incorrect fix for DSA-1658-1.
3a59f784c1f6132a397a122319908cb083f488ca4ee4aa00214ed8c13fedd9fePOP account checking utility for Yahoo!/Google/Hotmail.
1d072d13687310f60ea7f201ff7083b6ff6952037433149f9c172b8bb206365fTOPHangman suffers from remote SQL injection and cross site scripting vulnerabilities.
d091cd1ea1b5f2f84da81c762e97b35f84ebbad41e7c59f4df8c706c71ff3fb6EpicVJ version 1.2.8.0 heap overflow proof of concept exploit that creates a malicious .m3u file.
9a0a640bde69a2dddc1c3d0f714d7fb3655665c54116770f6454476594b35747Riddle Depot suffers from remote SQL injection and cross site scripting vulnerabilities.
d8b42177a55142a262e86909830f35b4fb8d7d1f790e020ae71305137c002573MCshoutbox version 1.1 suffers from remote SQL injection, cross site scripting, and shell upload vulnerabilities.
ca74e24e03d2a8e167e3f0ae5420a9f19da76cfa8265fab0f9c7f3c52ac491da
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed