Burden version 1.8 has an authentication flaw that can be exploited by a remote non-authenticated attacker to gain administrative access.
37b074fcfd1268b4c2a6f2caa51871c515255ca4a95d417dbb255ba1040e51e3WordPress WP-Members plugin version 2.8.9 suffers from persistent and reflective cross site scripting vulnerabilities.
385a5905db87d16b541ccca93a3f6fdc33d755988788c62aba7d2398acab7e99Debian Linux Security Advisory 2839-1 - Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library.
21bc9e2ca850fc53e08f2773db25c48890c4758a2dd389792d6e0026bac78030Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities.
c4a8ec5246cde659f575cae4546093150061579f6c6c6713fe4b0a2f20435884Eyou Mail System suffers from a remote command execution vulnerability.
9eb2afa048f0423a66d6d70e5d349f8ff7afc7986f519cce410651a890eb14ceEZGenerator suffers from cross site request forgery and file disclosure vulnerabilities.
0105ea969629a0b67c5dee553ed0d9e82c41961d40576436de6c749be569fa15CSP MySQL User Manager version 2.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
657bbaa377192ebc2eef6b897b2b4fcd8ece308cf0861143d569a083eff2e675Built2Go PHP Shopping version 1.x suffers from a cross site request forgery vulnerability.
c88f0c657889d78d03a3fe805274b562dc61938b49f2435de9ec600fbd7d9f55UAEPD Shopping Script suffers from multiple remote SQL injection vulnerabilities.
e6d58afc0a7ccc372d19bba4b96af7e5bca4d4f6d3b3a9bc0d6cb35b8f1f58edThis whitepaper details some novel methods of exploiting blind XPath 2.0 injection flaws that can be used to retrieve the whole document being queried (and others on the filesystem) without needing a large number of requests. It also covers exploiting some common XML databases.
bb958f4f5dc663b2b29dda1a486d1e5c6aaa2c1a738838917678623686d2a543dnsenum is a perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. It has been completely revamped.
c2583590e7431b48cb755b13575728b862ffe0778fc9ab445785f32899455590Ubuntu Security Notice 2078-1 - It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
a8d0fb9603d0b8ef1da182c41344b99320766a5306d3400fae58961c67e46a31Red Hat Security Advisory 2014-0011-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
12c9104c0b2fe908c6e82ce93a50c82825eff34ed3fc177c32b9625f20a33380Debian Linux Security Advisory 2838-1 - It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.
0d0ec3a588776ba817f0148e8f3f841283ae79915fa2a75381e8a8ab716e2251Debian Linux Security Advisory 2837-1 - Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference.
6994946e9b9d496cd4cb38e8153d382c718c783522f5a47212b7c7e15cdef6c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed