Facebook NYClubs suffers from cross site scripting and remote SQL injection vulnerabilities.
020019b0185358c6ce547bb56328b622a933a70c7d9b015184e303bf8a78c074
Pandora FMS version 4.0.1 suffers from a local file inclusion vulnerability.
f622fa22608fe616e3b76956f2b63083b69ff106dfb8c0ed0c9ab4062916e540
TSS Scripts suffers from a remote SQL injection vulnerability.
f041bb176bfacdc4e197f9affdfdf5152134f9ef5f34c1057be3d6e106c8e66a
Upnorthwebs and Lightbox suffer from a remote SQL injection vulnerability.
daa626d1bff561da13077e8f44f4acd60efb58200e9fb2f9b5c2962175752032
Urban Genesis suffers from a remote SQL injection vulnerability.
3f253791a76cd18d2b0708de683b953ae4f4ba20441ecdc13c9d0600cd435d96
Taylored Ideas suffers from a remote SQL injection vulnerability.
5eb0af85917d396be354194d474b300d6b1760559b240d228d8421c9a85c216a
San Software CMS suffers from a remote SQL injection vulnerability.
9c3ee7fef32482406b756c7ebec800a8270e6f8a2765a1aed1ef817ffa54ca44
Magezi Solutions suffers from a remote SQL injection vulnerability.
da6578a88b8d69fc5b481f23cf982066ba63f7c508316066d9e21d792fabcbd1
Lava CMS suffers from a remote SQL injection vulnerability.
674d4afdd88f36a1d4b16eb13634bcb5623077b9be5c6f58b83c97dc4788bbc3
kryCMS version 3.0 suffers from a remote SQL injection vulnerability.
b818b9d460bc9f06f3153a7b1e8f8a672500cce10141462f677aa807a2e68a2b
AtWiki suffers from a cross site scripting vulnerability.
6dbf7267b0c15f6b6589d7aa897b6c7090c0153ec2b7fb5c2d39479c077bb467
RadhikaGB suffers from a local file inclusion vulnerability.
80b2b0881578c9dfb0e164730dbe6b67bca57a158d1a78dafc26d1482cf7bb71
WampServer is vulnerable to cross site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'lang' parameter (GET) in index.php script. An attacker may leverage any of the cross site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing as well as other attacks.
82ba8e83ba12b2d04f1f098dc012b6530cdeb97fe3b3c62e90029c820877884c
Telerom CMS suffers from a remote SQL injection vulnerability.
b15045be71336bb88fb5d1cf9c7ddbc694c9d76a9edd2108594ce8f8d6e701cf
Adbay suffers from a remote SQL injection vulnerability.
ffbba80a9691d80d765f37216fed24c73502b428cb5ecb760ca0fada9ab7e64f
SibexSystems suffers from a remote SQL injection vulnerability.
f3fad337d0e389ff2defd6c817db20a39a8e2bdd6c621f065681b80d54ce41fc
Jenkins suffers from a cross site scripting vulnerability.
10b89dba54d906764040bf448f75e6f2072ff616cd632032d43b279f6bb7439a
ButorWiki version 3.0.0 suffers from a cross site scripting vulnerability.
bda14c1fa1703b593fc2b9c3aafb3b0d9488efc4242e2f03752e57b754c128f7
JaWiki suffers from a cross site scripting vulnerability.
7467a36a300624866ddd5674bfc5015c3582e4a62c16ba5506e7a9e544a0ca6d
PRE-CERT Security Advisory - The function countCENHeaders() in zip_util.c of the java.util.zip implementation contains an off-by-one bug. The bug can be exploited via corrupted ZIP files to cause an endless recursion. The endless recursion results in a segmentation fault of the JVM. Oracle Java SE and IcedTea6 have multiple affected versions.
b5f37a7f307a6f81bd2dc8df66689823d138dc57ed9df9c9fb504453144b4fc0
Ubuntu Security Notice 1367-1 - It was discovered that libpng did not properly verify the embedded profile length of iCCP chunks. An attacker could exploit this to cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
5e6e1c7a32e2b8add05d91924c69b9e74d43dbd36b0283706d28bae212b7b2a9
Red Hat Security Advisory 2012-0143-01 - XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
6a4b096326db08d8c2fcd440cbca979c1098ca6e720bb0bcd536477dcceab229
Ubuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.
fa8c135df3525e7c504b7b8471eb4ffb02bbcb4cef2d2668c2621785aaf45c6c
Red Hat Security Advisory 2012-0142-01 - Mozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
9c3deacaccde4447524481ab21a6544b41c79753142e01143770d1d3b23bf6bc
Red Hat Security Advisory 2012-0141-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
f1267c41db6a862799ec7a24f82bdf3f9e615c43178f198aa66dbb317e17b034