Acc PHP eMail version 1.1 suffers from a cross site request forgery vulnerability.
4581b3ccb8d64f6255f9996650a5bd65a510942012ece4b44f8874f82378819aWBBlog suffers from a remote file inclusion vulnerability.
f2a6735dabf275055d3a25a0184dc4849d25f16374750ce5ec63e4825f3e9052Piwigo version 2.0.6 suffers from remote SQL injection, cross site request forgery and cross site scripting vulnerabilities.
7c72c76c16aa2ff272df3138d054b4fa79cd33247ef20496da1fc0296c5d2d0bEle Medios CMS suffers from a remote SQL injection vulnerability.
49bcc9237c752ebb9a649805e0dc412c3b97de160f4b02a36796c3e11442a4e0This Metasploit module exploits a stack-based buffer overflow in the Millenium MP3 Studio 2.0. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extention is registered to Millenium MP3 Studio. This functionality has not been tested in this module.
4a1e117ec7a07c9369020bc7ebc32cb7a03208c810258087037afadadb98fa5dThis Metasploit module exploits a stack overflow in Xenorate 2.50. By creating a specially crafted xpl playlist file, an attacker may be able to execute arbitrary code.
ad0b6f04e4f71bee6bd71a38599a3b4587487cadbda7bb7cf60e018dc123d11eXenorate version 2.50 universal local buffer overflow exploit that creates a malicious .xpl file.
753f9d0b80827515eccc9e2846f7764cb82c02d4cad8f4b8b4098ab59bf0b3afSAP GUI for Windows sapirrfc.dll Active-X overflow exploit.
fb087f2477c856e8815f8b0952df2ba073d8a422225953ad69fc32b0a388ffcbHP NNM version 7.53 ovalarm.exe CGI pre-authentication remote buffer overflow exploit.
c3254e5bce844de2beae7b43c17e8ca6a8e7cc2e902e7f875b73fd47ddbfe34dDebian Linux Security Advisory 1950-1 - Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+.
cb6106ed509c73b812d4c51fc7788d4c959ede34e11383c49d52c9bb1f64fcceDebian Linux Security Advisory 1949-1 - It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping.
bdc7b81a44b21ccf791c69f5151721ef005a43fa61e21e1cf386af20ea9abc31ArticleMS version 2.0 suffers from a cross site scripting vulnerability.
8a0bb64b998a0a09683e7a77acd854fd568342dd11a596e6b95ea1b206d28bf9Chipmunk Board Script 1.x suffers from multiple cross site request forgery vulnerabilities.
d27c65a434e67dfcbec050b79dea0f074b1c3b9cde65d4bec2fda849d558083cMandriva Linux Security Advisory 2009-259 - preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this. Additionally there were problems with two rules in the snort-rules package for 2008.0 that is also fixed with this update. Packages for 2008.0 are being provided due to extended support for Corporate products.
ee5fec922445fc73e30d9ef005c7991028e684036a55c43cce10e70dfe8a3b98Chipmunk Newsletter suffers from cross site request forgery vulnerabilities.
c10e82617177a868ba0813d1c04e90e97a9388e2a7980a62bc041e761fe9f55fModel Agency Manager suffers from a cross site scripting vulnerability.
8ea501fd62b4294aabcd1c910a5dfef8ae2cf9c6e4be00571350605369851aafArctic Issue Tracker suffers from a cross site scripting vulnerability.
a2c36bc55723121d07d216436961734edb3389a48674475081287b37838c438dMandriva Linux Security Advisory 2009-296 - Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. This update provides a solution to this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
8a424be972edd20a5efd8fdfd4170719f59c4e38346adbd173702deb1f7539f6Safer-networking.org (Spybot) suffers from a blind SQL injection vulnerability.
746583321ca61eb6849608650333d8669ecf9aefddb3dcc33b69f840008422e8phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability that allows for authentication bypass.
67e84a12c1e1972d77ab6b80d76a12107a496e347fad485c8542b7bdf15742c4phpCollegeExchange version 0.1.5c suffers from a remote SQL injection vulnerability.
6b1b6ea3f643fbfb347dc878ece8be1636f2f3a195a232eb5bbb187fb833d804Mandriva Linux Security Advisory 2009-332 - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Additionally the patch for in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability.
a17d6153f5063f0ff22cb23f02d1a912a4bfd94c9b0d868d6b8cfcfba044824aDigital Scribe version 1.4.1 suffers from multiple remote SQL injection vulnerabilities.
ebbf4c9858b41d0bcd50257f84f3b396fe036c02646b8c5496e44b515fa54527The Next Generation of Genealogy Sitebuilding version 7.1.2 suffers from a cross site scripting vulnerability.
ceea14507d556caa6af031be03e20b6049d62d9bf686e4089b8b3f6754b3662f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed