Secunia Security Advisory - John Leitch has discovered two vulnerabilities in Claroline, which can be exploited by malicious people to conduct script insertion attacks.
f310c7c014856a0c53d970c3b8f59092156d802f6933883564c55e43fae67926Secunia Security Advisory - Some vulnerabilities have been reported in Froxlor, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
8ca5fc48d3010b6251f58bceb96821b1913284488877ce640ea824995a7e4c5bAndy's PHP Knowledgebase Project version 0.95.4 suffers from a remote SQL injection vulnerability. In some environments it may be possible to create a PHP shell.
3362f821f69cf7647b8a82382dc84a639aaed20c0562335c522098d52d8a7f39A persistent cross site scripting vulnerability in Claroline version 1.10 can be exploited to execute arbitrary JavaScript.
90fe6ead030e3c46d84454b0be125a33b560e1c502df04a47f9e57155e7d883eIf the UserID cookie is set all virtual folders become accessible in Easy File Sharing Web Server version 5.8.
21615d4f36d5b7cd45ee4e5f342b744e70077736f0c8d2d3d17689b061ac2454A directory traversal vulnerability in Easy File Sharing Web Server version 5.8 can be exploited to navigate the local file system and create arbitrary files. A user account is necessary to exploit. If registration is not open, it may be possible to retrieve the credential containing user.sdb file using directory traversal combined with authentication bypass.
ac800ad9948f881dd6a2938280a77e88b9a8160b373a2e7f6101e471a36b3abcA persistent cross site scripting vulnerability in Easy File Sharing Web Server Version version 5.8 can be exploited to execute arbitrary JavaScript.
ed8b4b92ab766bf1e5557224303153a9fb3dbf3b2868ca81ca1c673f164ed493A directory traversal vulnerability in jHTTPd version 0.1a can be exploited to read files outside of the web root.
7714d7d0c2b394430f94ade33e5d1ee5451a1d69f42ee28c049bb489a1ee60b5A local file inclusion vulnerability in osCSS2 version 2.1.0 RC12 can be exploited to include arbitrary files.
ddfabb7fab1601434040280e29cf5bac13c0fe2ac08f6109f11acdc2170ea9d1A reflected cross site scripting vulnerability in osCSS2 version 2.1.0 RC12 can be exploited to execute arbitrary JavaScript.
f2ece481a0b0c093bc536696d2d1c33801f67b46fd5b6be9344b80d75980e38dA denial of service vulnerability can be exploited to crash Rumble Mail Server version 0.25.2231.
b0e3c08985a8d72ca7865e9e68c5533e75d35da0fabcf0562d520299c4b27731Secunia Security Advisory - Red Hat has issued an update for gdm. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
8a2c94e25380b49eb5dcc475493242000e228cb6b186cd3acdbd71c05beea6e9Secunia Security Advisory - Red Hat has issued an update for libvirt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
0b32a6748ff47b2689255f3e32eb399ee9d284856c1b081642db2026c323bbc2Monocle is a local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network. Written to work on both Linux and FreeBSD.
25a26dc029a4950b4607b691903551693d1f8588966942b0fc24280a5f345572Debian Linux Security Advisory 2205-1 - Sebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.
fd54d56a30cf7567ea53ed3b6cd7635bfef96b45f84c66c859941eb5f71da7a7Honey Soft suffers from remote SQL injection and cross site scripting vulnerabilities.
8bd7095bc322f26524154e4782051839420bd5523ebbf0a4866dd51452b89641This Metasploit module exploits remote code execution vulnerabilities in dRuby.
a681602f532ac58f4f6a9e537c9a81e6dec64369d00b6b75f0ed0815a4eb1b33Turkish Ays Portal version 1.6 suffers from a remote blind SQL injection vulnerability.
18b04c4febc09615167a32d00466382c954f3c32fa911ef43fe56182f011739ePPP Blog version 0.3.0 suffers from a cross site scripting vulnerability.
a38f2cb311068fd61f1dbd7b1a4746844f9ebea2d843a3d4f9ab569783d81ba6Zero Day Initiative Advisory 11-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Zend Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Zend Java Bridge v3.1 component of the Zend Server framework. The javamw.jar service accepts TCP requests on port 10001 by default. With nothing more than the knowledge of the proprietary communication protocol used by the Zend Server Java Bridge, it is possible to send arbitrary Java code to javamw.jar service and remotely execute these commands under the context of the user running the web server process.
9ff00ca55c520c19871b67b0652dabe5ef5cf5dc7e91eb8cfb94fcdee37c8fb0Dpayshop suffers from a remote SQL injection vulnerability.
d7daf343b42f1ff74e3c0a3ca4a2fa688b9078d198e8e022bfc23fa4532e30c4Toon Boom Studio version 4.9946 DLL hijacking exploit.
3f7d398da69ffbf5378c8e7bc89e79b8316bd3ef57ea36762d0e2dc09f0d6fccUlead COOL 3d version 3.5 DLL hijacking exploit.
7b6d9c64b67b37f404a3b6279873a153a56fa9a512c6f9a9deae473a90e16783OpenCMS versions 7.5.3 and below suffer from cross site scripting vulnerabilities.
4e75fdecc723a1733d9e6ad8aa18826e0fa6f400e236f263c8da2b39e8e6918fwebEdition CMS version 6.1.0.2 suffers from a local file inclusion vulnerability.
be79d960aa2f174f83cee93937a03c3c737fc0cb11cb2cc0881e230578e63a73
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed