Secunia Security Advisory - John Leitch has discovered a vulnerability in the Vodpod Video Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
051cd549cef7a05c964ea63af0ab44697a4c1d621aaeba0d4987f0dba70bc7cdSecunia Security Advisory - Some vulnerabilities have been reported in Cisco Intelligent Contact Manager Setup Manager, which can be exploited by malicious people to compromise a vulnerable system.
08f8e03141348c1cbdfaec5aa6ae8a38ee3e46750e3cc43b05f794c3f4a38279Secunia Security Advisory - A vulnerability has been reported in Novell ZENworks Handheld Management, which can be exploited by malicious people to compromise a vulnerable system.
d255f283901bef06dff181f6e6f3b24911e95b89daa1b6e61530e4c3e96eedc8Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
d467e0a8bcb680d22cadd6c39e319c22a2a6c3365d445a52b60fe6cec5439941Secunia Security Advisory - John Leitch has discovered a security issue in the DB Toolkit plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
1f5aab1ea01d45b4f0710d0adad054625fa46e9426769b12b991c2172b954be4DeluxeBB versions 1.3 and below remote information disclosure exploit.
39b87b4fb943d3ac274fad0d68ed1f22d928fd80c87570b1ecf6fb18525b0af3Zero Day Initiative Advisory 10-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a TZNAME variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
cf2b8c1eee1a4fba2455796399aba75a36ea4a100654d7ff0cee9383f67f47c8Core Security Technologies Advisory - The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Mac OS X v10.5.x to view or download a PDF document containing a embedded malicious CFF font.
68f4efdb58f840ab80355a23048b12dea182facc85054b76571b1964d5254a0eWeBid version 0.8.5P1 suffers from a local file inclusion vulnerability.
5bc0d49ec850e74c752eee1d6ab9e07d79d914d2a7decdf09e963cddad3f65c3WeBid version 0.8.5P1 suffers from a cross site scripting vulnerability.
f0ff17211f2f42b8ea38d8389d38335766bf84651af3a0a89477ffa0754f600fThe Hackito Ergo Sum 2011 Call For Papers has been announced. It will be held from April 7th to the 9th, 2011 in Paris, France. HES2011 will be a bigger event with even more talks, focusing on hardcore computer and network security, insecurity, vulnerability analysis, reverse engineering, research and hacking, and will try to keep the high quality content.
3a31eaa1a7e5a71ea5cdfb8dd7302060a3f7b5f54ecf368cc3e210593d0d91e4Mandriva Linux Security Advisory 2010-155 - MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service. Additionally many security issues noted in the 5.1.49 release notes have been addressed with this advisory as well.
a524f186d307832209245b071d7daa4a471c629263fcd6fbfbd50ae724e67063Zero Day Initiative Advisory 10-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the IMAP server component which listens by default on TCP port 143. When handling an IMAP LIST command with a large parameter the process attempts to free the same memory twice. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the IMAP server.
8b3616827ef624bddd373c340926e11f477a73ae12a6be8397a3813eddbcc3dcZero Day Initiative Advisory 10-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwia.exe module responsible for parsing e-mail messages received by the server. When the code encounters a Content-Type header it proceeds to parse out the numbers within its contents. The process does not properly check for signed integers and if it encounters one, it loops excessively while writing to the stack. This can be abused by a remote attacker to execute arbitrary code under the context of the SYSTEM user.
701c3c81c0adea6cbcff461a0e580d8b36f476d7aa30ec65c427dde7e963d52eosTicket (Open Source Support Ticket System) suffers from a local file inclusion vulnerability.
3797f8f72deb5008eacc5270ae34a4b3d06f0deb3a795a8e932645e5592353e2Whitepaper called Bypass Cross Site Scripting Filters.
98c54230f673a494f3e75cc0498f1ac15a1c3d915dc49325d4d8a69e7a1150c9Seo Panel version 2.1.0 suffers from a file disclosure vulnerability.
e9cb9ff3fe6d43db7750582807b27f23a216be0ec5249db3d990a282940a61f4Nevercenter Silo version 2.1.1 suffers from an insecure library loading vulnerability.
a8efe6fae5684a04b324c1c5767de49ec3e6db985ea14cf607c89df68bc2a109There are multiple JSON hijacking vulnerabilities in Spree e-commerce and as a result, an attacker can steal confidential information such as: product costs, price and quantities and users email, encrypted passwords, tokens, OpenID identifier, phone and address as well as orders count and values by period.
129fcbe0112190916cc1826e1e039917100d9c116fdf4c0f538a86a5ca357a91WordPress Database Interface Toolkit version 0.1.7 shell upload exploit.
e4df5996e48942d71f56bd825fdb96d3f3440d9bb868b5f67874a9a64e1a4720WordPress SEO Tools by SEO Automatic version 3.0 suffers from a local file inclusion vulnerability.
bab6ce96a2e22b4b4b250d991550bb85f2fe4d13922cc55fac0bb96d9f5d8b30WordPress jRSS Widget version 1.1.1 suffers from a local file inclusion vulnerability.
03d89c24ef473b925996d94e22ff0c00945e9766ea481380a99e4dc1e21f8055WordPress Vodpod Video Gallery version 3.1.5 suffers from a cross site scripting vulnerability.
0e14073e4f5fd1df8a00560c1568756bd32ae2e41573a960d65b958eee9f427dWordPress Survery and Quiz Tool version 1.2.1 suffers from a cross site scripting vulnerability.
1dc424c16ca8c8a6794ac98e586404cdd5bdb63bbbaa59235441734d6d8ef79bWordPress Feed List version 2.61.01 suffers from a cross site scripting vulnerability.
d84dcfc5e1082526511f3082194886e8dc819c85d60c653c1a4d30f713a15c40
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed