Simea CMS suffers from a remote SQL injection vulnerability.
a73c9169eef361a0e7116fbf4e07c7b02a1ed6296b19811ac982cd9bc28a4e9ePhreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.
851f74625841584a432de6c57ae431f0553eb5bb5633b06087be46e51e44f01bMandriva Linux Security Advisory 2010-234 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been upgraded to cups 1.3.10 and patched to correct these issues.
0dab4ef60a555b01565c5907cb2d99a63df8c8d71c529e3b72fcfb550aa56f4cThe Joomla Alfurqan15x component suffers from a remote SQL injection vulnerability.
7991552912198c9d5b238d147b28e3ea93e1d025de1ba497b70605c0fc7d227dAbleDating Script 2010 suffers from a cross site scripting vulnerability.
f22d2f87ea80aa4b9b215606e87249984e76fe497819fde95ebdab010de52303The Nuked-Klan Boutique module suffers from a remote blind SQL injection vulnerability.
ae2d25413ad0448009faf70893c6a483d295d4f302b8e43e69fe9b97909f3b68Mandriva Linux Security Advisory 2010-233 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. The updated packages have been patched to correct these issues.
4429a0ea4f7a712c583880adb10367e54b0ebca555534e9ce7b942a78300259eRaised Eyebrow CMS suffers from a remote SQL injection vulnerability.
d38e7bb1bb4a16716aac2827dc2d0a5190ab53172965eac2f19383d0a82de8f3Spiraleye CMS suffers from a remote SQL injection vulnerability.
0cb957208799dd31d4880dc388a441de6322c9c9e5a08436ae01d2247c00c6a5Mandriva Linux Security Advisory 2010-232 - Cross-site request forgery vulnerability in the web interface in CUPS, allows remote attackers to hijack the authentication of administrators for requests that change settings. The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted file. The web interface in CUPS, reads uninitialized memory during handling of form variables, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via unspecified vectors. The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the /var/cache/cups/job.cache file. ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
04e93c19aeb95affc703012416b9a127b061954e7f95f0664a38bba985b44c89Gentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.
e7fd1080a732debd69f8864702d36b5571373a61bee34c47c11be74bc1e37420Android versions 2.0 and 2.1 use-after-free remote code execution on webkit exploit.
3a158fa65b67817ab860792bf9c8a91e63d6eff5a881daecfe0f045cc87710f4Foxit Reader version 4.1.1 stack overflow exploit with egghunter shellcode.
9780b51aa733813b396e6fc1a53431ca2e325e1962af0b5c9d51ca76f2250eefvBulletin version 4.0.8 suffers from a persistent cross site scripting vulnerability.
532b77cbe0f670822b9ca72b962634967c91c6ebf944208f42852cd4e2b6da83CakePHP versions 1.3.5 and below and 1.2.8 and below unserialize() cache corruption exploit.
65a2b440d4696ecb893de017fe9da620c3ac3cbfb1083146551fa48a1d51dc2a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed