Whitepaper called Introduction to Cross Site Request Forgery. Written in Persian.
acc26b2546c9db860528e7369f90e357f092c1dc969f3867a61a5d32f0eea508NCP Solutions version 3.1 suffers from a remote SQL injection vulnerability.
e1be2ba343567e9223a36652208a307bc0c707b2e265c2b6d114663c923e7689LUCille Script version 2.3 suffers from a remote SQL injection vulnerability.
cfdea51a614cd8b387e029b4a258a7be8b518315002c32bd065f1b65893e1efcPacSec 2010 Call For Papers - The conference will be held November 10th through the 11th in Tokyo, Japan.
3893b22e5a2ddd35925e0931ae3c03724707764b0ce2c2bf922e514683c9a4fcSecunia Security Advisory - VMware has acknowledged a vulnerability in various VMware ESX products, which can be exploited by malicious people to potentially compromise a user's system.
98288895449500a19db8f7ee1e1e731ac18e7eb4a9ec2ca78375f32822279b43Secunia Security Advisory - VMware has issued an update for VMware ESXi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
8ba03f7468622ad4a2ad81c963df4edf043df2b0add274d0c1c064c62556e6e6Secunia Security Advisory - VMware has acknowledged a security issue in VMware vMA, which can be exploited by malicious, local users to potentially gain escalated privileges.
8f5018b833acb56f430ac9805d2ae7154b3df46d08d7dd5f1e7059d5cc0fd873Secunia Security Advisory - VMware has acknowledged a vulnerability in VMware vMA, which can be exploited by malicious people to potentially compromise a user's system.
14f0529d79b641358834f8714d17f19f3d5a9406bb6a3355b1767704326a236fSecunia Security Advisory - VMware has acknowledged a vulnerability in VMware vMA, which can be exploited by malicious people to cause a DoS (Denial of Service).
697ebb9c4454d3763a2ad39ff8603927741b7be24ef40661af1960f7b0f6a250Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vMA, which can be exploited by malicious, local users to disclose certain system information, overwrite arbitrary files, bypass certain security restrictions, cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS.
d696a6d82dc2d3300fc2b1ea532e644644475309765f2182f4c4665132271680Secunia Security Advisory - John Leitch has discovered a vulnerability in Home FTP Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
892d4f78a222efeed8f9209e75e3d46095191978206540e48c09b2212e1d8ae8Home FTP Server version 1.10.2.143 suffers from a directory traversal vulnerability.
2f06167fdaf06832de2d57613482d2f70c245cc8a54490e2dce55331794214d6The Joomla MediQnA component suffers from a local file inclusion vulnerability.
f1fd1e83c30ec62f15640c3fe8320ec21d9f762d088688d6c6ef96b898ddd999Mandriva Linux Security Advisory 2010-110 - The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. This update provides clamav 0.96.1 which is not vulnerable to these issues.
8265db2be8f314e34b496a700d50e5bbb34294ef05e4b5aa3d2947737ecefc69Whitepaper called Cross Site URL Hijacking by using Error Object in Mozilla Firefox.
993115eaca328415779f0ad41ec21241e1acdc72bd095710c3cc2939a0d118f5NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
72a518658d17a8e88988867f00b4bfd8e5da11e3ca2bcff97091c5f435a13b7eUbuntu Security Notice 945-1 - It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS.
cc7d52c9fd696386c5ee3ad281de63e4fe60807ff4ac7374646f205fcc5e26d7Nginx web server versions 0.6.36 and below suffers from a path traversal vulnerability.
c8c2faee0dfc75f1004b96cc34f362329297ccf297f8d880789ce34e25330c4cHampshire Trading Standards Script version 1.0 suffers from a remote SQL injection vulnerability.
bf5accb6ef4abd93273fda1984d76e43f10600b9f9d496fa5590c82eaef7ea88Mandriva Linux Security Advisory 2010-109 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. This update fixes this issue.
fd37a0333074f22843b9284dc068deae15fe1b07943400355e8d7a51c292c24dWhitepaper called Improve File Uploaders' Protections. It focuses on Windows-based web applications.
803f2abcacda9201f41388593ce11f07255874a6d23932ff67d843faf023b0feFreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted.
70736852d69a5ba3339928319cc037983dc3817d723837db593e3435317fcb66FreeBSD Security Advisory - The jail utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants.
b2bcf78251c6486bcf6a16cbff4254da82066d5d6d8dfee5d7e784cbe34d6018Game ID version 1.0 suffers from a remote SQL injection vulnerability.
7e617a391cecdcf87c213607ed72b4dac49d2f608a91bd563b6d7eafc7c7c757Whitepaper called Finding vulnerabilities in YaFtp version 1.0.14.
df7b6114136d60935a464739865eac6e7866ddee528d58b47d356fb5c6881b15
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed