724CMS Enterprise version 4.59 suffers from multiple remote SQL injection vulnerabilities.
e61ee7822c297df8048b72e7ad0fa84edb48385a2a580190880e87d3b586c301Digital College version 1.0 suffers from an arbitrary file upload vulnerability.
6b1ccdb0c5ea3c771f5c53f357c5f6a317c3afc6abf2a6ca80f6e2bd7fa56195Technical Cyber Security Alert 2010-131A - Microsoft has released updates to address vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications.
734937a93aad140f993320ea92d9ed2ca13f36c93bab8370832391104cef175eCore Security Technologies Advisory - Adobe Director is prone to a vulnerability due to an invalid read in 'DIRAPI.DLL', when opening a malformed .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Director to open a specially crafted file.
7168bea5459b9ed347373ab8db050ec91b0f4575d1bcaa89f2013cb5eaab82f1Saurus CMS version 4.7.0 suffers from a cross site scripting vulnerability.
4fb1b69b324e2baa8dfedea1a8f0dd62b85bda31a52149cfb840ae85a5bc71efFast Free Media 1.3 Adult Site suffers from a remote shell upload vulnerability.
6a6692edd9ad1dd5bdfb0615e06557952283b72a4082ae9ce905b7ec711a7d65e-Webtech suffers from a remote SQL injection vulnerability.
cdb12dca22886d63cbd25c32c3a66bfdc91f255a18db92855b3f32384ff9f7f8Zero Day Initiative Advisory 10-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid Hostname parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
c506d236bec0849d06da5bf422cd5205ac1a99d26baca5b0e87f982864fea9f2Zero Day Initiative Advisory 10-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid iCount POST parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
8015452f65440290ba654f55ca908345c85c47a32758be472efab3338115e75cFree Advertisement CMS suffers from a remote SQL injection vulnerability.
657c9d92482a6e956562b4c1fc4f6cb9ecbde87f0941ce3585d81dd9cb417144Woodall Creative suffers from a remote SQL injection vulnerability.
72db659b74739a9c495916b4cb406e1cd5c056c053a16ed56fed24be773c987dMarinet CMS suffers from cross site scripting, html injection and remote SQL injection vulnerabilities.
5a63ebd45bff76c3561b868f28dad53161294ca234c25d1abed7783ba670b2bbThe Joomla Camp26 Visitor Data component version 1.1 suffers from a code execution vulnerability.
cb6dd0035c6093bdb03ba25096a7c831523ed95fb926a179af5d51870ec3ca45DynamiXgate Affiliate Store Builder suffers from a cross site scripting vulnerability.
c57a72c6659985eabaf7cb1591149cb11bd862bf2e37e5036f842dab48ba17a2HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
b8679c50a8aa94d63d460ccd120eae4f0fa1767849203be1affb0687ac3f1934Zero Day Initiative Advisory 10-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getnnmdata.exe CGI. If this CGI is requested with an invalid MaxAge parameter a sprintf() call is made to log the error. However, no length check is performed on the variable contents before copying in to a fixed-length stack buffer. This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
eda2c51e493c29d2758ac012e9f0f3fd057ea0373fcf515d6c8e501fe446845bZero Day Initiative Advisory 10-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpviewer.exe CGI. The doLoad function in this process calls sprintf() with a %s format specifier and unsanitized user input retrieved from two separate POST variables (act and app). By providing large enough strings a remote attacker can cause a stack-based buffer overflow and eventually execute arbitrary code under the context of the webserver process.
a162ea1fc08bd65d90da71128b74814b91dad7d4350ac1ae03a0c841a0a550b3Zero Day Initiative Advisory 10-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Network Monitor (netmon.exe) daemon. This process can be started by invoking the webappmon.exe CGI application through the webserver. When the _OVParseLLA function defined within ov.dll is called from netmon.exe it directly copies the value of the 'sel' POST variable into a fixed-length stack buffer with a call to strcpy(). This can be leveraged by remote attackers to execute arbitrary code under the context of the webserver process.
89e2936a1e93f217b1b452231b7aac6a726b12f437c13943a6195c014d5e7b63Zero Day Initiative Advisory 10-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovet_demandpoll.exe process. This process can be started by invoking the webappmon.exe CGI application through the webserver. The process calls vnsprintf() directly with the contents of the 'sel' POST variable. By providing a malicious value this format string vulnerability can be leveraged by remote attackers to execute arbitrary code under the context of the ovet_demandpoll.exe process.
fff96a3554f43a33a6ca8e0b1aa473ed6e433cfe92c42041fbf4858c3d4df93dDigital Upload version 1.0 suffers from a remote shell upload vulnerability.
63439ca248d8b1e8c976aea989c32270559fd81609330b1b4f7f78bdbc80b35cDebian Linux Security Advisory 2044-1 - tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.
23309c62e05d7344b505470ebce4aed58b2a331b1a25ddeaaad376b34062aabbDebian Linux Security Advisory 2043-1 - tixxDZ (DZCORE labs) discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.
73b74735d3d20ed0e2ef42877b443d0fe3dfd751d97cb95d826e71f69fa8171cMicrosoft Windows Outlook Express and Windows Mail suffer from an integer overflow vulnerability.
2acf22676b2db8c146ec43270d2c5a5e9f0d7b238abc38f7dbe2d45a0204f152This Metasploit module exploits a stack buffer overflow in versions v9.7 through v10.5 of IDEAL Administration and versions 4.5 and 4.51 of IDEAL Migration. All versions are suspected to be vulnerable. By creating a specially crafted ipj file, an attacker may be able to execute arbitrary code. NOTE: IDEAL Administration 10.5 is compiled with /SafeSEH
d487bf3a03cfdebd126e3b50fa65fc5bba22a39f6bc020af9d9f9429f2ff2e0cHP Security Bulletin - A potential security vulnerability has been identified with the HP Performance Center Agent running on Windows. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code.
c28c089bb7e2b55d12d10cd135ce2619d9a5fbc8851ff9fbcf0681a576c06e87
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed