Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Wolfenstein, which can be exploited by malicious people to compromise a user's system.
73890aec65a29056d37c5fe2e2ae53be0215ac47fcdf75110f1d9fa42782c200Secunia Security Advisory - Two vulnerabilities have been reported in the RSComments component for Joomla, which can be exploited by malicious people to conduct script insertion attacks.
61056ca876422ce72783feda665a5dfafcf94659bc28523304a2da0d11458d67SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
1e25862cc9e81979e0d66e5fb298c8cfd17279e7dd683b1dd841dcf1dbc29cc8Lentyay Script Review suffers from a remote SQL injection vulnerability.
7811a374f22a5fc31cfda4a2bfa012345757f0ee046cc200c777580fca14ef5aThe Skype client for Mac Chat suffers from a unicode related denial of service vulnerability.
f948952222defade88deecce448672cc4c9753535691afb7597dc9381db5ac14Cornerstone CMS version 1.0 suffers from a remote SQL injection vulnerability.
e9cabeb8928adaec5705dfa77b8f6941360bca3ccaf316f67d8526957577dd4bThe Joomla Picasa2Gallery component version 1.2.8 suffers from a local file inclusion vulnerability.
e99e46db1fcc3cb3449aa5013a0f5595aa6aaed2808e7c688183d3b2ddade78aThe Joomla Ybggal component version 1.0 suffers from a remote SQL injection vulnerability.
aba050c2cb38d7eb1931dc8b5e5372d3ed19aa0f390238c9a4622d7fbd0742afsFileManager version 24a suffers from a local file inclusion vulnerability.
c13346916d0a566b8317c0f280e60a5a0961e290ec82cf84a6dd485d194ac2a7Pictue Rating suffers from a remote SQL injection vulnerability.
e0d1bb1f7917b5db6e1cd249fbc4aaabb8488a9f3344f3d04fc9b81c490016742daybiz Video Community Portal suffers from cross site scripting and remote SQL injection vulnerabilities.
269a3ac8df238c9d0bf39d93f1d5744aa1ac419ba07abd733d2f7e428d66d2a9Social Community Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
816045c51550965d0cc1527e25c650e261fba09e1b5d93e2b5eb7c0eb88daf1dThe Uploader version 2.0.4 suffers from a remote file disclosure vulnerability.
a06582d992b665eedad649893c5fba31959516d4f6addb115437d35cfd145583Grering Card suffers from a remote SQL injection vulnerability.
0409f790e9ad6201d09fc01d3cdfe3961a8138537fe4af07c54bb9b55922a362Con-imedia CMS Design's suffers from cross site scripting and remote SQL injection vulnerabilities.
29c6811f072e69fca8a738020ddd9092cd15227c262f43df6c61b4e9b39af384Subtitle Translation Wizard version 3.0.0 SEH proof of concept exploit.
53a08678d8d8e934aedd1d15dbc4def6e16432b41f85da05bdf3b9a5f802643bUbuntu Security Notice 955-2 - USN-955-1 fixed vulnerabilities in OPIE. This update provides rebuilt libpam-opie packages against the updated libopie library. Original advisory details: Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service.
6d881d1bf9449ce4551c894d833aa443a26b38c042725b55ac1b136dc42f49dbUbuntu Security Notice 955-1 - Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service.
507803c47313ade3c813f28b126c91b99fa0c93c366cc7954e2e3af2d7f85dd0Ubuntu Security Notice 954-1 - Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service.
445168d075106e2e28b608bb7b0e6b3a6fb154c276fc48ef2ed70391a24d46d6Ubuntu Security Notice 953-1 - Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges.
c522fc3e3fe5c9822122c33072c335308b6b3a4a2403c724a3b7a2aaf63b999eUbuntu Security Notice 952-1 - Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user (lp). Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data.
d6b0dd56c3037c879f67bee3d005df81cfa31ae5a24b1282c543cddedbbda89fAlpin CMS version 1.0 suffers from a remote SQL injection vulnerability.
0f3a225c99825208ab771da37cd2e33dcf1b75667dc540dccd3e27093df89187Job Search Engine Script suffers from a remote SQL injection vulnerability.
4d92476777790c306cc740296a364623aee05b0df6111d57eccdb41ffd166d65THe Joomla JomSocial component version 1.6.288 suffers from a cross site scripting vulnerability.
8bd42fc52b3f667e6519894ed2a6fe2ebe72cf9aa576e3bc7b5b72f3b10fb960PHPWCMS version 1.4.5 r398 suffers from a cross site request forgery vulnerability.
93e6488c6d392a12fe2649b75519d29ef3679d061392cf77e3996be46d13733f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed