Secunia Security Advisory - Fedora has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c65f0f1bd60926705d9bcc4b13a2fc16cb536b6fb9b4fe5f43df4032bf0b96a4TinyPug suffers from a cross site request forgery vulnerability.
0708377b9c58799c6cba394d0e8c610c9002204922dc1b9fed0077d1fd4aa235GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
7c854d2ef5ee592193bb04d8746a8b0ffc20f568674145a1f9a2e8f2bbced64cThe Joomla SQL Report component suffers from a remote blind SQL injection vulnerability.
bc02017323da06859f6b06d19ba7a5337c09bf1fccb42b6d94548b9df07140b8OIBlogs suffers from local file inclusion vulnerabilities.
25edf971feaca9030f3386892c3d7dd04c3dfe36d6d5182ec41cc9e2e07c4b5fZero Day Initiative Advisory 10-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetStorage. Authentication is not required to exploit this vulnerability. The specific flaws exists within the xsrvd process during the wide character conversion of requested file paths. In conjunction with a long username value the file path conversion will result in a heap overflow corrupting a chunk that will be immediately freed. This can be leveraged by remote attackers to compromise the NetStorage server.
86505f34da0ba244fc5a53e391d9c482ced37a1f06a9ea9729dafd66600e35c5CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
39d84995aec8b0cb22c76241f4147383e8b61c3f330f9f6678b33fe9bd42b489The Joomla Ice component suffers from a remote blind SQL injection vulnerability.
f18bcd874d8de343dabbe4fa1555eea9129fca94024105a342ad3a142543ddd0Mandriva Linux Security Advisory 2010-047 - A race condition has been found in fuse that could escalate privileges for local users and lead to a DoS (Denial of Service). The updated packages have been patched to correct this issue.
5496a7be3557bf95039baacc383fe0397de4ec0b2e027ce7564be91becfda6f2Mandriva Linux Security Advisory 2010-046 - A vulnerability has been found in ncpfs which can be exploited by local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
c108ed4df6585f5e3cdddb5770d4b2bf29a048d9140b0b94f6ac40e25242e1c4Top Auktion suffers from a remote SQL injection vulnerability.
689affc6bbbe5a84a7fa90ef58b66eb5ea608faeed0ee6dd10a26ebf762cb0bePHP Auktion Pro suffers from a remote SQL injection vulnerability.
dbf5a2666f633b3b6c5949ef66b9a8677cb26a2ba68c4e56a3d0805dab678eb5Mandriva Linux Security Advisory 2010-045 - PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
5e1d79fbc714c342600f61a55faaf39702ec104c83371e68e25ff475aa0b22d2WorkSimple version 1.3.2 suffers from shell upload and password disclosure vulnerabilities.
195de0afbe6ded78e131bd70e0706ac4d0e5e039013fb543b22f45967ea93f42Debian Linux Security Advisory 2003-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
190008779715122c274b3af16405f0cf335d68634de01dbd876c3af3c9e0c4acSoftbiz Jobs suffers from remote SQL injection vulnerabilities in searchresult.php and moredetails.php.
9db7ceb7eb9a6f58979a562cc32174a0f0d6d171ef0804fba523f74cfa1f4a69Softbiz Jobs suffers from a cross site scripting vulnerability.
44c658d5f2b7f79a33ff992eb6f94e231f074342080fbcb6736e3d251cb2544fSoftbiz Jobs suffers from a cross site request forgery vulnerability.
fc1d87799052dcc5aa9cbfc7263e61cbbe44ee69f2b17ebd4e1e6a9015fab702QuickDev 4 PHP suffers from a database disclosure vulnerability.
9631af5d6e5e9259a494df177276ef5522590e781c1e7bbe03d4bfa533fe49bcBispage suffers from a remote SQL injection vulnerability that allows for authentication bypass.
08da5d96c93dd04f77131601237b2524d8b3b3f32a08fdbd41c48add142b62c8Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The script uses temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks when running the update check via the "--hack_the_gibson" parameter. Version 1.4 is affected.
a3704c22bb29dbe74497c72e16245dccd303f51f27b7e0ceadaa0047b32b368bSecunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to disclose sensitive information. The script uses e.g. the insecure "-K" command line parameter to pass the key to the ccrypt utilities, which can be exploited to obtain the key from the list of running processes. Note: This may not affect recent Linux versions, but is confirmed for FreeBSD 8.0. Other systems may also be affected. Version 1.4 is affected.
28a7ae6c7e9250897654b9dd6ec9de66b67ea1f3c9d8407ce433899cb325f213This Metasploit module exploits a stack overflow in Novell iPrint Client 5.30. When passing an overly long string via the "target-frame" parameter to ienipp.ocx an attacker can execute arbitrary code. NOTE: The "operation" variable must be set to a valid command in order to reach this vulnerability.
ae1b4e13c905b8425b4ceb4cfcccf97150708024a6a4da135697c9050553c2a0jQuery Validate version 1.6.0 and SilverStripe versions 2.3.x through 2.3.5 suffer from a cross site scripting vulnerability.
b58bbf653f67c61d7ea82576ebcc408159863ba80fa9cc12afb1990ab6a1b478
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed