A cross site request forgery vulnerability in e107 version 0.7.25 can be exploited to grant admin privileges.
63cb6ca823beffb1db021f387a72de0cdc5f339f33eb80b38b7c32801ec531fbA reflected cross site scripting vulnerability in vtiger CRM version 5.2.1 can be exploited to execute arbitrary JavaScript.
16503d8f7b3e70437cff319ce1fb193af7665166d746ed4b65f60860441ec7baA local file inclusion vulnerability in vtiger CRM version 5.2.1 can be exploited to include arbitrary files.
588c18208d84dab6e005ca0cf9a5d3627abdc7d5c0a944370d71d56b3058647fA cross site request forgery vulnerability in eXtplorer version 2.1 RC3 can be exploited to create a new admin.
73510bbcc0b1f03a41a02a1a718641f2649cc998082d27d2a801818d516a1fffA reflected cross site scripting vulnerability in eGroupware version 1.8.001 can be exploited to execute arbitrary JavaScript.
12b599a5bb6bc60e3ec879007d3ad6b455cda895ae66b2b950121333995b3fc8A SQL injection vulnerability in eGroupware version 1.8 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
172bfbdcfad1acd11c2432e343fc10b79bc2c32328f1c7d5cf4a1e219b0e5e46Originsoftech Web Portal suffers from a remote SQL injection vulnerability.
801c653b6810654a3d5e49660b106b3234aa621996879100476cf94dd446f024PrestaShop versions 1.3.6 and below suffer from a remote file inclusion vulnerability.
6d48010904e89cbb028165da32b18378068ad402de7edbccc4d8aa38f7a86938SMF version 2.0 RC5 suffers from a shell upload vulnerability.
a1f21657fc82224f89166bb64fd9ca7bc1faefc521a9ff441c0acaa998fae69eS40 CMS version 0.4.2b suffers from a local file inclusion vulnerability.
cdeb09a0f1390c3f32b053d7ee5f8c94b4566882ad81feeb09c6f09346bf55d8PHPList versions 2.10.12 and below suffer from a cross site request forgery vulnerability.
b5bb4955da0a735dfa018ccf451ebac4b437a2335d31fee95b7fb4a779d849e1O2 Classic Router suffers from cross site request forgery and cross site scripting vulnerabilities.
94d6ca9d702ec4f5fdb7414e8e935b6e8e12b2ba4c775e2b2fd39a04eff4c71fOmerportal version 3.2 suffers from a cross site scripting vulnerability.
d76bb6f54bf6535235d7dd60a0718c72aa7902b059e6eae48efe87fc55606e05Maia Mailguard version 1.0.2a suffers from a cross site scripting vulnerability.
a17fac23af4f8ee93e8a452180514970a4793b25fe74614e11dfcc833fad7384phpCollab version 2.5 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.
24dae2ce4e30998788f0079b222d025dfefa60793bbed690236f7d192c66acbbTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
0b340632db9d429eb3c32a592a51f7333feda0fe682229c2027ae445a1e3f54eGreenPants version 0.1.7 suffers from remote SQL injection vulnerabilities.
805f804e75a0585df2b9e1b27e0816e4cbf7495925ce07310d0e66e64526dfb5ISC dhclient does not strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client. Versions 3.0.x through 4.2.x are affected.
74c7470b833e5a628636a879d280edb69870985e9edf88bd5ec22165c18462faViscacha version 0.8.1 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
61ee407e4cc1b7462953d9c55d62167ad378cc531b261cdf394148de8508dd06Mandriva Linux Security Advisory 2011-068 - Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. Users on a compromised network could be directed to sites using the fraudulent certificates and mistake them for the legitimate sites. This could deceive them into revealing personal information such as usernames and passwords. It may also deceive users into downloading malware if they believe it's coming from a trusted site. The NSS and NSPR packages were updated to the latest versions as well as the rootcerts packages providing the latest root CA certs from mozilla as of 2011/03/23. The firefox packages were updated to the latest 3.6.16 version which is not vulnerable to this issue. The mozilla thunderbird 3.1.9 packages were patched with the same fix as of firefox as a precaution.
e8f12aa8728abc22813c5a873b4826eae6cfbeb81154145db07a394e39fb0c07Proof of concept exploit for Synergy version 1.4 that records keystrokes and mouse movements.
db83f185af928893b05ba89aa0a61dc9c2e04f651d28150ddd2a6937c182b5f7Libmodplug library is prone to a stack based buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious S3M media files. Version 0.8.8.1 is affected.
3b492361b42a31322dd539245a7c64c4f1cbf45a7f989edecf307ed261a181bdWamp Webserver version 2.1 remote file download exploit that appends a period to a file in order to disclose it.
357340de3f3be8b2c055c8487964333d98b2e37a79bfbc1da645c44f77e4ae43Debian Linux Security Advisory 2211-1 - Ricardo Narvaja discovered that missing input sanitizing in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file.
e073d46b4829b171e82673b95ad61f5320339eabeacacf28e5154686cc313d17Secunia Security Advisory - A weakness has been reported in the Node Quick Find module for Drupal, which can be exploited by malicious people to disclose potentially sensitive information.
01a47ffc5c44a647a82d6072c92ab2a2baa56dbc085de316115f1ec30c20be2e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed