Group-Office version 4.0.71 stores credentials in the clear in cookies.
63d144d75532557bd4e2c7319685e0f502852e50757da183cc38c9429081c7c9TCExam version 11.3.007 suffers from a cross site scripting vulnerability.
c2df81fe1434df8351dd6026e93abcd6a2dd042f7a15ef09a4566b27505d3dedTCExam Edit version 11.3.007 suffers from a remote SQL injection vulnerability.
06af1b2a6fb8ed7abd5d25d460237c12fee5dc2b4cf699e07621727d30f9fc9eTotal Shop UK eCommerce, which is based on CodeIgniter version 2.1.2, suffers from a cross site scripting vulnerability.
5152d11e96f30211a557516deffd45d1b790edd8b739f21a1dd10b248c3997c9ClubHACK Magazine Issue 31 - Topics covered include Tamper Data, Apple iOS vulnerabilities, Matriux Ec-Centric, and more.
a1ee74c3589ae4bf58768c3363b5b7224529e8dbca7f075937c393a8feb9f204ProQuiz version 2.0.2 suffers from cross site scripting, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.
cd96527f58d918d01dbe7ff75611b1729daf91b7449eeb441565cef7115b0a2aPure-FTPd version 1.0.21 crash proof of concept exploit that leverages a NULL pointer dereference.
c2280992211c9ea41ac2e2ddf61f4ee7e7455a52f000ddfb5f9302a7a81ccbc0The Call For Papers for nullcon Goa 2013 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email.
1a6082463e38b8465a0cf348d013c75a5c1276abd719ab4e2d1aec4ffee01c92Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.
15e682bf17192a767c067672be6251b9e0fad5a2b5601ea063b950e8a67a46aeDebian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
19d56ac85b34319b9d93e656f85139e1d5a6ad3686507f40c07541d97d990968Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7Shopping Tree, Inc. software suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
710c6c5f6d8a0112ff32d4cd35417f5a21917d22421ec5fcd825351690c94a00
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed