SoMud P2P version 1.2.8 suffers from an insecure DLL hijacking vulnerability.
69e35a255907ac6a7fb6844beec6be8c200db0d5fdd9e33aa89f674f5fabc8aeAlShow version 1.91 suffers from an insecure DLL hijacking vulnerability.
7492b0cb3a73aec7a4a5eadab01147e70c379016b23088c505ea2bfc48c0c6ecAlSee version 6.20.0.1 suffers from an insecure DLL hijacking vulnerability.
7a40656c26cdc85457810cd16c032db8f3494569ff783f1f185a19a01a556d80AlZip version 8.0.6.3 suffers from an insecure DLL hijacking vulnerability.
091a64b0c59568e9504c8b9f13e42bcd25ee9bfb1b4522cb5e69a1ed6f522781Apple QuickTime Player version 7.64.17.73 suffers from an insecure DLL hijacking vulnerability.
4b41d822648ff6dd14befcc9e1ee7950cab2f3f23800d16ca876079513ca19cfMandriva Linux Security Advisory 2010-179 - Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to the pngLoadF function, leading to heap-based buffer overflows. The updated packages have been patched to correct this issue.
ab573087b52478b0ba2cbb617705821a571b174e3af01062f5c796ad32476ae6Mandriva Linux Security Advisory 2010-178 - Multiple cross-site scripting vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via the BASE parameter, or the ega_1 parameter. Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the onglet_bis parameter. Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via multiple inventory fields to the search form, reachable through index.php; or the Software name field to the All softwares search form, reachable through index.php. This upgrade provides ocsinventory 1.02.3 which is not vulnerable for these security issues.
19df69fd0b6fc78d0eb1f22f8fb7cd641e0faec36e078fad506d36840509ea82HP Data Protector Media Operations version 6.11 suffers from local NULL pointer dereference denial of service vulnerabilities.
8f15be9e42f90d4dc5099b32262d4bd5550144e044fd8e236fa1cd5f5056ae58Month Of Abysssec Undisclosed Bugs - Eshtery CMS suffers from a remote SQL injection vulnerability.
eeeb0e7f2b5edb7e5a9b810f8b3418672ad8a604cd78962df5644611b5fba890Month Of Abysssec Undisclosed Bugs - Adobe Acrobat and Reader suffer from a pushstring memory corruption vulnerability.
e58656897cf8e09ac8588c121fa43858d05c8e8288192710e48625fc5b5903ebWhitepaper called Break The Encryption WEP In Wireless Networks. Written in Arabic.
8119c25ef347fa5fccd14f282f70db459bb1e41651fe81d269480a6303dc8564Whitepaper called Hiding Data Inside the Padding Area in Files and Packets.
819645d52b63d793d6d0509595914620f52291f7cfda89efb56aad13d26ca5a0Mandriva Linux Security Advisory 2010-177 - Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a. in an entry in a WAR file, as demonstrated by a././bin/catalina.bat entry. The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the.war filename. Other issues have also been addressed.
291d0c38e7636b30affdb40111c4d3e0b4af72630723cff88a59ed6a80cd2493Mandriva Linux Security Advisory 2010-176 - Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle characters or sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked this issue exists because of an incomplete fix for CVE-2007-3385. Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via. sequences and the WEB-INF directory in a Request. Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. Other issues have also been addressed.
fc7dd9c0367dbd633972bba44e45df2449d43149c7f42f5e75fdc5df99893222Mandriva Linux Security Advisory 2010-175 - Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence. The updated packages have been patched to correct this issue.
a2bbd5c115c98d917d40c978584d00aaf8a43d678490fb1e3a41bf3c453d8677MyHobbySite version 1.01 suffers from bypass and remote SQL injection vulnerabilities.
0194571ba9a2a482eff9b70c986016dbb3f6787143ea4361087fc60b48fc3faeSystem Shop suffers from a remote SQL injection vulnerability.
b61dbc1449ef1950f0fb543c75139c78bdacbae8e0691fee623e08584b3daf2dAlstraSoft AskMe Pro version 2.1 suffers from a remote SQL injection vulnerability in forum_answer.php.
7289b7726b9616722154ca8c2b4d188b68d5a7a2c62ddc6dcb09befe80cf65cfMonth Of Abysssec Undisclosed Bugs - Eshtery CMS suffers from a remote SQL injection vulnerability.
29b9fd1a5622edcaec5b9e97ed24a3c4909f3b35509a4a3caa5ff1ab55fd0cf1Month Of Abysssec Undisclosed Bugs - Adobe Acrobat and Reader suffer from a pushstring memory corruption vulnerability.
362001fb384cd9e48810d797d6abd03bd03bf182c6f379224107742aecc84121AlstraSoft AskMe Pro version 2.1 suffers from a remote SQL injection vulnerability.
ba9cad968c8c8303896047a35a521ba7de76976aec7066198999cec6aa6b8ab5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed