Mandriva Linux Security Advisory 2010-161 - The vte_sequence_handler_window_manipulation function in vteseq.c in libvte in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. The updated packages have been patched to correct this issue.
5c7a414367f3129cbf38fe91e8a83bb33c301685dd0732c30600871a9afdbbefFacebook's Friend Finder feature suffers from an email enumeration vulnerability.
0a89d40eb5af83a2d4da92778f431ef869846fc0f793b50091c3195809f8ec10Mod-X suffers from cross site request forgery and cross site scripting vulnerabilities.
ebc4331a7829ff7faea7c68e9ebb7f995ab5cd44eef64514b5a9d14245b625caMandriva Linux Security Advisory 2010-160 - Multiple cross-site scripting vulnerabilities in Cacti before 0.8.7f, allow remote attackers to inject arbitrary web script or HTML via the description parameter to host.php, or the host_id parameter to data_sources.php. Cacti before 0.8.7f, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the FQDN field of a Device or the Vertical Label field of a Graph Template. Cross-site scripting vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. Cross-site scripting vulnerability in utilities.php in Cacti before 0.8.7g, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Multiple cross-site scripting vulnerabilities in Cacti before 0.8.7g, allow remote attackers to inject arbitrary web script or HTML via the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to data_input.php, gprint_presets.php, graphs.php, graph_templates_items.php, host_templates.php, lib/html_form.php, lib/html_tree.php, tree.php, and user_admin.php. This update provides cacti 0.8.7f, which is not vulnerable to these issues.
7d004715e50cafce7749a15aa672f04e8d454b40f4a8423f7b66af1bbecbdef1The WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.
c1c19a0790716c5f9303bea91e75baf88dbc048fc0d61fd7767c8acec1f1468aHP Security Bulletin - A potential security vulnerability has been identified in HP MagCould iPad App. The vulnerability could be exploited remotely to gain unauthorized read and write access to MagCloud application data.
9d0f55ba0d0bc3c9ca23360d2696209456b6fab3e16a4739c1930b0a28391ab9Athena is a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers.
ab328efae2073970504ced425560888a40351ffccf0762de763a120a64cb47bbClansphere 2010 suffers from cross site scripting and remote SQL injection vulnerabilities.
3ed6fcb6f7c4831c91d3d33490e402d0fcbc837ed787d2652b06799e13c50da9Simple Forum PHP suffers from a cross site scripting / html injection vulnerability.
a422fd41faef02a814dd68ecdedb5cfc85c19209859c92e0f23c9ac2bd05a408The Joomla Remository component suffers from a remote SQL injection vulnerability.
6b4cb8a7c48c976e5b7288b4907659a0feeac334558a2bedf3917f454c83ba74Joomla version 1.5 suffers from an open redirection vulnerability.
e7ed5d84c8f0eb78f1b87bae98ba0951b64a6977ca7c4dc15d79293b27308a68Flash Movie Player version 1.5 file magic crash denial of service exploit.
b22d5a5a82ab2a71c9775b4bb2f1f0c98fc2a3435291c81f8b2ed88d49055355Avast! versions 5.0.594 and below license files DLL hijacking exploit.
83c52bbd6448cf3230b7e88104b91f841be1c3a8fc6db5a1f1a34ed29a08841cAdobe Photoshop CS2 DLL hijacking exploit that leverages Wintab32.dll.
a0cdaa27b7173bb49e8ec90423dea1e0af3faa9beb5219941ae321c75eb25ba1Adobe Dreamweaver CS5 DLL hijacking exploit that leverages mfc901oc.dll.
ed2ce330b424fbb8c7040d59408f25a909b82f88f26be17d423d4c8dc9ecd669BS.Player versions 2.56 build 1043 and below DLL hijacking exploit that leverages mfc71loc.dll.
ca0d2e2a2c431e3e43693b5c2d52c79ffca1f7c37f4ff806392c50de259b9a74Adobe Dreamweaver CS4 DLL hijacking exploit that leverages ibfs32.dll.
d8971e05bea982d02edb1da6cd24a186f955607789c3dd2a8cad840bf2569689TeamViewer versions 5.0.8703 and below DLL hijacking exploit that leverages dwmapi.dll.
3ece1b22e3648333ee095b7f7528a9bc1ff3439a63ff9a0d683a8283e377deb5Microsoft Windows 7 wab.exe DLL hijacking exploit that leverages wab32res.dll.
35b7c1b9f52312456b1acdd0a76e24328a95287c53596f8ecf4eb80f7760b5cbOpera version 10.61 DLL hijacking exploit.
9269045def11f104b7e091b71b8e52338a01cc8574e1b4b51aee4617df82ae48Microsoft Windows Movie Maker versions 2.6.4038.0 and below DLL hijacking exploit.
41e1ff548a5abc3d43c36479f9834ef6e9b78e095bd723b392155eb18f30e411Firefox versions 3.6.8 and below DLL hijacking exploit.
dd6bd438744cbd4a32b1bc11a5b56f056ea6bbf9f28f77113d42bb600b0f29d1Windows Live Email DLL hijacking exploit.
8bf5ecb272046191b18b9dc8de4bcda418b2cd2e92bc90dde4d6e293e244ec2bFoxit Reader versions 4.0 and below pdf jailbreak exploit.
21d0239f1edc7ffe26fec255c0ce916d48c7a66bcdd415062350700d00c163e4uTorrent versions 2.0.3 and below DLL hijacking exploit that leverages plugin_dll.dll.
e10ea245a1f56c023695bb0e7b6dec6c81e31d875328c550199ae0fa98ecb6c5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed