Absolute Shopping Cart suffers from a cross site scripting vulnerability.
dee0f5cb61f9ac40aba384ad7f5576ebc85c2d974cbf6d77668c4dd5d072eb06Mandriva Linux Security Advisory 2010-134 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133.
3d73e4babfd4b5c82e8bde7f78c70aac24ac68d203e10354a9d51ebf133af653Secunia Research has discovered a vulnerability in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation of the "item" argument passed to the "SetDLInfo()" method and can be exploited via array-indexing errors to corrupt memory. Successful exploitation allows execution of arbitrary code. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected.
5a355eea57a95ebf55598d637130c88c0d5d14102954591e3ec5525966ddd53fSecunia Research has discovered some vulnerabilities in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The unsafe method "dl()" allows automatically downloading and executing an arbitrary file. Combined usage of the unsafe methods "SetDLInfo()" and "Bdl()" allows automatically downloading an arbitrary file to an arbitrary location on the user's system. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected.
08c0f290a97fa5c7bda21b8209232dbc8ff81b03dddee78d3ad8e64cdd838050HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running rpc.ttdbserver. The vulnerability could be exploited remotely to execute arbitrary code.
3c35f61d9c53605670ecceddcc3ea9e59ae28b0d0641cbcf19e2d0205f5eaad2Mandriva Linux Security Advisory 2010-133 - Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
9dbcdb392f0269d231a9304f120b56317d9400add78640b2d61a8c8ee985f7fcOracle Business Process Management suffers from a cross site scripting vulnerability.
bf912910410508689aa486e3ff80bc7660b173926d3a4e50e64cecd7fa49c84aMandriva Linux Security Advisory 2010-136 - Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 The updated packages have been patched to correct this issue.
9fe83cb142b2975efe8bfd4f0a6a6b22652cf1016190aea60be397f92ce3eeddPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
969b91e8ae1584524affb646ad128ef521ce5bf00f9f6f60159e8b58da5d0f07Mandriva Linux Security Advisory 2010-135 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. The updated packages have been patched to correct this issue.
dbbb7d1d19b0686c9fe07d480902056754e2254f4fda8cce0b3486a5646179bfNovell Groupwise Webaccess suffers from a remote code execution vulnerability due to a stack overflow.
6bc927bbb103ea68af6dfe0fd79afd57d34dc381ac12eaba2cd72d5a86b363a1BS Script Directory suffers from a remote SQL injection vulnerability.
a696baaa4461363bbdfb309cbfbe2cf949c7b57d9f355ef4f657a36d38589b12USBsploit is a proof of concept for dumping files from remote USB drives on multiple targets at the same time. It works through Meterpreter sessions with a light (24MB) modified version of Metasploit. The interface is a modified version of SET. usbsploit.rb can also be used with the original Metasploit Framework.
e92fea9e4a548bffde34146916cb0c63e949368dc79238ba26fd55cf55ebefd4The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, and CVSS.
2cc66d02ccbce04e3af3f2eda1456ab508b96f53fd147bf3d51007b1817d9f4cThe Joomla RedShop component version 1.0.23.1 suffers from a remote blind SQL injection vulnerability.
6a410d169270349d16863cca3f0fe83a7b3432240ed1e845fda1b51715882733Whizzy CMS version 10.01 suffers from a local file inclusion vulnerability.
966b682a7f3367f3eda499decf9119a83e159fe30e13be8d36cf52f8b0a2da96eXtreme Message Board version 1.9.11 suffers from multiple cross site request forgery vulnerabilities.
1ec13a5785d62586b4ea280109e9cf79c4c6799a19cc94ae3d441317eca7055cphpwcms version 1.4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
238c56be1149a2c41b7fe7cceb9e99be0c1302dde6f41931bc36aebbefbea36bTaggon CMS version 01.07.2010 suffers from a cross site scripting vulnerability.
ad97ce47a7e5d219507b16996ff44446c20e8d44024851fae44eb60fdc4ed35dPligg version 1.0.4 suffers from a cross site scripting vulnerability.
0ccea23e91cfc6e8ab73421bd8017b31faabc11de48e7fff06b641f2781adcd5Gekko Web Builder version 0.90 ALPHA suffers from a cross site scripting vulnerability.
85af3cfd14353783a98a7cfc2080d999b4986ceff50d83d0342674e5b13dcd8aDSite CMS version 4.81 suffers from a cross site scripting vulnerability.
bc953e49422823dd791c120c04686610e46c46dc850c76d9a77b99f4e871ca3eFestOS version 2.3b suffers from multiple cross site scripting vulnerabilities.
5072788f0a975e013a92c56a4f477514c864cede4ce09dab59f8f0eee27714d5Pixie version 1.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
dceea5fdc604cfa13b2a99efd6480667ccb25c0ed09befcd91ecdf6106c73483WebPress version 01.07.2010 suffers from multiple cross site scripting vulnerabilities.
15d63968d4bbaf83b2097e2d73e8bb895a81a7232adf709e79981c250ef3979a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed