Ubuntu Security Notice 983-1 - Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.
62d38ec064d0f0ae54ffdd39f4c5cebe6d080d478403d1d548b88dc150afcebaZenphoto version 1.3 suffers from remote SQL injection and cross site scripting vulnerabilities.
9aba0f3c57e1571d92188f285c1e29dcc64f3a7c82c836c543a3f9fb95eb3db7OpenJournalSystem suffers from stored cross site scripting vulnerabilities.
2f321b47ef923d1b39d04a32346be20f9aac9c34c1079bd7860cba711e6a7de4FCMS version 2.3 suffers from a remote SQL injection vulnerability.
daf4160b7e75b7748e74d46da1039263d2bcab8032f63b4ca70cecf7ae169d34EnanoCMS version 1.1.7pl1 suffers from a remote blind SQL injection vulnerability.
91ac1532fe38504b6d8acadec6628503e0f25e90f03b20cf87ccf3a29ef65ea7LuckySploit Exploit Pack suffers from a remote php code execution vulnerability.
e0ca493b860d23d3c7a4efa33ec94327d45fef4b6ce9c3046f0b621288bf4469Google Chrome suffers from an installed extensions arbitrary detection vulnerability.
52da5016877181aca474a508679782a3b2ff97357ecd8b355f349ada96f2d008ColdUserGroup version 1.06 suffers from a remote blind SQL injection vulnerability.
4d561fc606364ff9f9c632eea881ffa65e13486e9b56f015c12fe0dba863cda0ColdOfficeView version 2.04 suffers from a remote blind SQL injection vulnerability.
855d1817a0ca53d21dc578095619d1437c8e8a51f5917ba373073c5ecdbe79b6Micronetsoft RV Dealer Website suffers from a remote SQL injection vulnerability.
14a649ccdcec269d6ff99d9a59e36913289a26c004e0531222d9147fed3eff0cGentoo Linux Security Advisory 201009-3 - The secure path feature and group handling in sudo allow local attackers to escalate privileges. Versions less than 1.7.4_p3-r1 are affected.
64d26ed806b78f1b66f52278ea929c7c037d7db811b81866bdff928a6b17c6fbMonth Of Abysssec Undisclosed Bugs - Novell Netware NWFTPD suffers from a RMD/RNFR/DELE argument parsing buffer overflow.
c81669f9a0dab88339bc13b0f5395505b6284452be79e0f17e5cb416a3709456Month Of Abysssec Undisclosed Bugs - Novell Netware NWFTPD suffers from a RMD/RNFR/DELE argument parsing buffer overflow.
a54ce7c53b97508938cdfba5be3024fb391acc0b3ad3f07b240c9903e0fab1b9BeehiveForum version 0.9.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
312402be459d7c166149f3fb0f18c3c24fa774b85e63d1ebe82957d5d8227fb1This is a backdoor PHP shell from ITSecTeam.
428640bd9e6ab10814a7560818cb822084078acd863ae3339c157e9a31c524dbHorde Application Framework versions 3.3.8 and below suffer from a cross site scripting vulnerability.
01e9ddbfdbf4d32de19869d646b2a9456bddb547a09999086f5546c532116c2dNetreconn is a collection of network scan/recon tools that are relatively small compared to their larger cousins. These include nstrobe, ipdump, and ndecode.
92622b34ac44670925923291aeac935a6275c7479f227a13aafc70595c01c109Gentoo Linux Security Advisory 201009-2 - Insecure permission handling in maildrop might allow local attackers to elevate their privileges. Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Versions less than 2.4.2 are affected.
2bfb6f35985ffdffe7307c2836a10362f23cfba6a7ac26e966bdc15cc16b8a84Debian Linux Security Advisory 2104-1 - Several remote vulnerabilities have been discovered in the BGP implementation of Quagga, a routing daemon.
8646a8caace9c92b61e4ac01d05fc51d46e9086df3cd81a4e5ef9950e0139977The Joomla Aardvertiser component version 2.1 suffers from a remote blind SQL injection vulnerability.
8efaa33898ed5fe60a2313b37c9b026a3d3536914f277339d98e0c3d4cb4cd2eMySource Matrix version 3.28.3 suffers from a cross site scripting vulnerability.
0b4022da0c3745024cfcbc130e3a207b832debd2b1888d8ca111d89d5a5154bfMandriva Linux Security Advisory 2010-171 - The cluster logical volume manager daemon in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted control commands. The updated packages have been patched to correct this issue.
c4273b3d2b834ca292d7a33635b5ab63841e94dd24978262fa809e54e9c0fca8Adobe Acrobat Reader suffers from an acroform_PlugInMain memory corruption vulnerability.
13643ed28eba98678a6df11405f3ca7ea0cc124d66bef70d224e26ab0e031857Micronetsoft Rental Property Management Script suffers from a remote SQL injection vulnerability.
95591f99d865571a4921815ff2a2639621f9b410eb7a5006c94fb9445ddd775aMonth Of Abysssec Undisclosed Bugs - DynPage versions 1.0 and below suffer from local file disclosure and administrative hash disclosure vulnerabilities.
264706b93351a6424f348269befb08a69d0d5091243f96ae114ef3833a49f6d5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed