A vulnerability was discovered by Aung Khant that allows for exploitable SQL Injection attacks against a Joomla 1.6.0 install. This exploit attempts to leverage the SQL Injection to extract admin credentials, and then store those credentials within the notes_db. The vulnerability is due to a validation issue in /components/com_content/models/category.php that erroneously uses the "string" type whenever filtering the user supplied input. This issue was fixed by performing a whitelist check of the user supplied order data against the allowed order types, and also escaping the input.
647e5aeb46772c7d0cdb8e0649db65e77ffaa67a35949d881a8ff0eac18b6c6dSecunia Security Advisory - A vulnerability has been reported in Sleipnir Mobile for Android, which can be exploited by malicious people to compromise a user's device.
943f2ce7fee15408d358baaad3f9bc05c904e8694aa65521dc950f607ec1cac8Secunia Security Advisory - A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.
415bdb53a582f34c45fd6d68ab280ae7b73a6a7f56050e69f13483d539d6bbbeSecunia Security Advisory - Secunia Research has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.
59136adaf0e567b0ce15b4f2538944a0c01f2d4b96f4f62b0bdc2880f9857edcSecunia Security Advisory - David Litchfield has reported a vulnerability in Oracle Database, which can be exploited by malicious users to gain escalated privileges.
c0e217a5a59ee9cffe7edc6da96fa7ac2c6c0b6ddda4477b3549a3266b2ea978Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in phplist, which can be exploited by malicious people to conduct cross-site scripting attacks.
308ca8d0c240b0576241dedf473bed0bc4bd7979442dc1bb95d73630e8840b74Secunia Security Advisory - SUSE has issued an update for python-django. This fixes two security issues and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
f9efc7c401f1d4cbc75e1493da5ca92571feb8f58b4b4b9b6dbdf2564b5f715bSecunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
57d52249c5b44783e2665e65ed6367f52231e8619c87c486951cf95a28bd5673This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4dSecunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Linux, which can be exploited by malicious, local users to potentially gain escalated privileges.
a4d7a89a52823ee72e2d9c1b6867da8316cbe73c3406841aa4fb1e2b1d525648Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability which can be exploited by malicious, local users to potentially gain escalated privileges.
2eb5d533cfcdb87f080e49702bf297ae62062fa49729a3ee3845b1ff8d06cc66Secunia Security Advisory - Accuvant Labs has reported a vulnerability in KOffice, which can be exploited by malicious people to compromise a user's system.
ac14bbaedc29c2f936ec38bc639b32637749fa45449b932c1eaaf1935a45b3f7Secunia Security Advisory - Debian has issued an update for expat. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
a08cff871694f7e8edfadb551932b52d7279d0e2bbdd430a360ca65e0df88a44Secunia Security Advisory - A vulnerability has been reported in Intuit GoPayment, which can be exploited by malicious people to disclose certain sensitive information.
296d497cb44a6a3bb9e277edfabe66ef50ab505c27ed5b60a0cfc4ecf6bc7315Secunia Security Advisory - A vulnerability has been reported in the En Masse component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
86e058797cdebae4c518aed42b1eb24dfbbe687279be2bcf4f01d8696bb0b189Secunia Security Advisory - A vulnerability has been discovered in the AOL downloadUpdater2 plugin for Firefox, which can be exploited by malicious people to compromise a user's system.
34d39d1cffd7365c1f403a934dc593cd61940b634fb29827fb014db038bf0b94Secunia Security Advisory - Wsecurity Team has discovered a vulnerability in Islam Forum Script, which can be exploited by malicious people to conduct SQL injection attacks.
ec596d6eb223f36adbcc50198611912a7bbc5d78e77ad103bdd85dbf52d9303aSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
cc714013b48edf8a91e896f3529957fe8843c92a28a3771ed71ca4c69438166bSecunia Security Advisory - Abhisek has reported a vulnerability in Palo Alto Networks PAN-OS, which can be exploited by malicious people to conduct cross-site scripting attacks.
70b98eeac8cb50b44bb6efb9ff9cab1830cfd059b80b56ed07534db1ed48ed3fSecunia Security Advisory - A vulnerability with an unknown impact has been reported in the Featured Post with thumbnail plugin for WordPress.
8fe95c8e80b2cecde85a6e3478176cfe6c1c0058ba329781caa0c0e302963b58Secunia Security Advisory - A vulnerability has been reported in HP Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
c649631e42ac4ca6b051c0c3e3921a534f54ca8eb94cbdeee635e74cdc679975Secunia Security Advisory - A vulnerability has been reported in HP Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
104c03c457dc4b0062a4a27bd87c6a6413aeab6c2258933499e9a364b7a19793Secunia Security Advisory - Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
17c12c5c54c0c7837d919a4dfcf236c5e30c022bd1b6198d5b420f85bd85422bThis Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4bSecunia Security Advisory - A vulnerability has been discovered in ntop, which can be exploited by malicious people to conduct cross-site scripting attacks.
c8066f18e09f287c4708387488e581f254d752e6df4b1e4f84ce9429e88d78fcSecunia Security Advisory - Red Hat has issued an update for bind-dyndb-ldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c59d0f781028e733c2717a7ba399d8e4564bd1d37b48aafe348a26fade1899e2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed