Practico version 13.9 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
ff9142aad0a2a97aa39c95d5224216c432ff5d621e823fbd324fbcf88aae580fThis Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.
1300424762c6a67dc6fa5b84891cd5d5326609e31ed49f16b15f85a4eadefc6fBluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
9750b007daffaffecea3b8dd2332bf74cc24955c307861197a20d04d845bc412HP Security Bulletin HPSBMU02931 2 - A potential security vulnerability has been identified with HP Service Manager. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Note: this Service Manager update includes updated Apache Tomcat, OpenSSL, Oracle JRE that addresses security issues in those components. Revision 2 of this advisory.
9a8fb879edbf5b36709d0ff1ef662419adf5550c3805fe3ba5ca0df8146ef1d4Apache Tomcat version 5.5.25 suffers from a cross site request forgery vulnerability.
3b4c8cfd49efc14d10b5b4f7153524eef6ad2a708d0e0998b67b8820bfb36e18eCryptfs in Linux kernel version 2.6.18 suffer from a write_tag_3_packet heap buffer overflow vulnerability.
015570f2ec233897e40a39fd6d6b1250c0412b0d3c5a7f74de150f8212dc2cf0Debian Linux Security Advisory 2789-1 - A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links.
586a0bce476ab0f9d1d501398d7c14fee3d4b555a7aaf91a10775d9a3ae369a9Red Hat Security Advisory 2013-1500-01 - gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
98163433f0f4fa97f8a768c780a3779f28965a348ea070cf769d1d97cbff3ca1Debian Linux Security Advisory 2792-1 - Multiple vulnerabilities were discovered in the dissectors for IEEE 802.15.4, NBAP, SIP and TCP, which could result in denial of service.
1cb18f981647ba2840d21deda75d552697a50a003485b8d0d5f762fe6851aa59Ubuntu Security Notice 2011-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
ee33103ea32047aabd67286280ca92fbf6c53d39f17883d82e769c15f0cb30d5Gentoo Linux Security Advisory 201311-2 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Versions less than 4.0.5 are affected.
bdc5fc2fd976e67643d39f9d1d11505fb74cb58060d3a64f0597fbc5774c8c45Gentoo Linux Security Advisory 201311-1 - An unspecified vulnerability in Mednafen could result in the execution of arbitrary code. Versions less than 0.8.13 are affected.
c87bf61942aeac0ca7002a2e507a96106c3fb84f253d1e9eae47399a70d83bc6Debian Linux Security Advisory 2791-1 - Cedric Krier discovered that the Tryton client does not sanitize the file extension supplied by the server when processing reports. As a result, a malicious server could send a report with a crafted file extension that causes the client to write any local file to which the user running the client has write access.
663ce20e4298f6b60c0aa736c72f904ed78e769610e2fd1985b52451b2d339bcSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
15e5db74df2499a8f6408c6a71f23d428b6ab44c9edf65b67b223e4fd1c2b310Debian Linux Security Advisory 2790-1 - A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library.
db345cda909e009ee371bb5edb764ae631ec33d4b18a27048a2278b04a991f80This write up is an in-depth analysis of the CVE-2010-0436 KDE TOCTTOU vulnerability.
38416e656eed90eb727e8283a9b7f15d42bbf88b4930302e3793941e698ff9c6pdirl PHP Directory Listing version 1.0.4 suffers from multiple cross site scripting vulnerabilities.
d502495c1f4d1697a4162c75518ef6cb8992eb9acf45eec537d6037429800847HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included.
585492350dc0303ed89cfacabf2156926a2aaab57dd7657dc750ff289331075aThis Metasploit module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however Word in IgnoredWords is the only field to accept mixed-case characters. This version of the exploit was deemed "old" by Metasploit.
1b1e0b81bd8090ce9c13897364857d059b72e2077047d444b433511ccd5550d8This Metasploit module exploits a stack-based buffer overflow in StoryBoard Quick 6. This version of the exploit was deemed "old" by Metasploit.
be9f8f5b5e74ec032e061db1790ee6ae7ad5663dd6c25860b0832e0efd98f2d3This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660. This version of the exploit was deemed "old" by Metasploit.
1300424762c6a67dc6fa5b84891cd5d5326609e31ed49f16b15f85a4eadefc6fWordPress ThisWay theme suffers from a remote shell upload vulnerability.
31b78f33e27ae904cd02bab021a4d0a640af569124695769127916982f012b39Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
dd24a88d788e980195e0a44141c64d9bf298fcce07e32cd2183b93efd0a7206d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed