Secunia Security Advisory - A security issue and two vulnerabilities have been discovered in Greenstone, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
fe98216e4aabcacb304f411427316aa8a054cc822f15207f4e1a88716d0b8c50Secunia Security Advisory - A security issue has been reported in phpCAS, which can be exploited by malicious people to conduct spoofing attacks.
a5a96a7db7145f90971a55670620bc7e469891670bc59a4fa4a1c9553ee0e609Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.
90ab742926bd9cb0fc57e37ec8e11486dca2cd8c598556ffb9050f73ff6d40b3BugTracker.Net versions 3.5.8 and below suffer from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
07b4beeb256cbf8c5f0d3759fcd338c89a7c545ae95b815b4e6b4126652889beRSA Adaptive Authentication (On-Premise) version 6.x contains cross site scripting vulnerabilities that could be exploited by malicious users.
84f8cf21f7e1dfc3a155bca1ff11ed500da27015edcbfdf7f394bf6e738444f1A filter and mail encoding vulnerability in the Skype Community website application allows for cross site scripting due to a lack of sanitization in the username parameter.
8139126dc6bd54dfa68f620141919aee07c4e0dfb91c8b9a3c0ad4c2c83d5fd4A filter and mail encoding vulnerability in the Skype Community website application allows for cross site scripting due to a lack of sanitization in the message and body parameters.
44fd3382c5f0a2777c58764b28b96984dab051341b8031ab27b5073128a5beddSoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.
f10319dfa651023dad3d0845d284ec08ef982c1fc1bdb55cf8a725f762961e97Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.
49a32b62fb4070d1e8aaa6c34b9e46b28acc5b05eeb6b1a378719f9edcaa254fSeringa (Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation Foundation (WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside (a manifestation of the Open-Closed Principle).
12c6c7ca253db5b9a765be47d038f7aafa4725d090e4409dd3208b0d3aa802e9This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).
ddda9ef400d14cabdbdf2f3208a25c3493b5c17111bbffef64ec3fb342b45d9dEMC Smarts Network Configuration Manager versions prior to 9.1 suffer from hard-coded encryption key and unauthenticated database connection vulnerabilities.
439bbcd4a69b43b581354b97da8d2fc1d0f95a1a7e8f113e8b824661c159e743VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
5a8e530f261da8290d43f4bfe0c239292f5ff8d72f3e1b7040beafbd9b701dffmcrypt versions 2.5.8 and below stack based overflow exploit. Bypasses NX and ASLR protections.
6f15e1bd074af02d183bab2a865cd5bf95ecee50e01396c6679bc20335f5266bSmartCMS suffers from a remote SQL injection vulnerability.
8b086e2e6bc7eeb1ffd6e000847cd1748adf58f95967e0ef4dd1f7b1159e3217PRADO PHP Framework version 3.2.0 suffers from an arbitrary file read vulnerability.
fd086e67da0464ec36c572d088ffc6674ea2d174e7ab301aeecffdd832d45766GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
2f095984dd9cbbf4dce417ecd81640fe47732322d025062b2c9a189d022de0d3cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
d054766533535bda5c86d8650a423042fb8de3363a77ff9ebc18531177104f66Incomedia WebSite X5 Evolution versions 9.0.4.1748 and below suffer from bypass and cross site scripting vulnerabilities.
6c4adfb0b186de88cf8aa1d1d84f4ddb0f4cd1d3e8f1f19606cace93970fa3a1WordPress Oberliga Theme suffers from a remote SQL injection vulnerability.
2d70289de97e352a135d3a3978019801c6eaea9b5dec5fae3815e1895fa50be9PHP-Nuke version 8.2 suffers from a remote blind SQL injection vulnerability.
5bd40e5c1333df98f71396e246db2673bfba846ced867a9b077d381b492c9545Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
8b11b2967d13e3ded26849ef210ba513392094241eb9abed528937a8aed5e852Secunia Security Advisory - A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).
ba2da04da292ff0dacb00c4df8fec6951c9f28253e4bc3dd88f6b1d54d01bad8Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.
f2c8ad4820af79432ab9ae3955e7ac0789beda59c53668e1c6c9b6908ab08cafSecunia Security Advisory - Julien Cayssol has reported a vulnerability in Synology Photo Station, which can be exploited by malicious people to disclose sensitive information.
3be5b46d5361090d126ad0adbf7704a61d183dd5ce049b6472644228c0f6ed78
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed