SiT! Support Incident Tracker version 3.64 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
f96224a116d5b9a0cf199fe7824da18754178ae86a55d1412935c259aa11d26eSecunia Research has discovered three vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions and can be exploited to cause heap-based buffer overflows via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.
ca49063a3ce1d04720b9450f40327282be08ce864b34b3207257c6a67a5ed246Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.
07e9de28b9074addc7c2002be4bc50f5d8a928740507ce513ac4af97b163c2e6Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Ultratracker files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
da211724536ef1c0859a7361b4f4cf6b1b6866921c4d73d47b44411d27b7fddaClickTrackerASP suffers from a remote SQL injection vulnerability in sitedetails.asp.
d2d418a68891c16750e95f7ddb92bfb20159995c37d45fdb8415dc9587b09f1cArctic Issue Tracker suffers from a cross site scripting vulnerability.
a2c36bc55723121d07d216436961734edb3389a48674475081287b37838c438dSecunia Security Advisory - Debian has issued an update for request-tracker. This fixes a vulnerability, which can be exploited by malicious people to conduct session fixation attacks.
a020d59854b4c632e74c953eae8bcb17def59734fa1812f66616a5b6a87558d3Debian Linux Security Advisory 1944-1 - Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session.
b8afd96299c13b8d33964b4f08810dbf33d994f708756d1d83ce5007438b0fc6This Metasploit module exploits a simple stack overflow in the TrackerCam web server. All current versions of this software are vulnerable to a large number of security issues. This Metasploit module abuses the directory traversal flaw to gain information about the system and then uses the PHP overflow to execute arbitrary code.
ae55a6fee4cafa96c99ebd106e4931f2e8fc92f8db8a69e077e7d9353559240dPaper on poisoning a torrent's peer swarm with large numbers of fake peers, including proof of concept code. Works on most trackers. Could possibly be adapted to perform a reflected denial of service (DRDoS) on a target.
9ef8fa4913dfc7ea605f7ff92cc9b58d17bb8847b4e976ba538c2d898c68c01eDebian Security Advisory 1827-1 - It was discovered that ipplan, a web-based IP address manager and tracker, does not sufficiently escape certain input parameters, which allows remote attackers to conduct cross-site scripting attacks.
00635cca24bc92600de8f93c3721c5247f197717d7229303c32358b985872512phpBugTracker version 1.0.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
85e6bca2d6d2966734f413e3ed05de1a29efef2a35af1745df5af842230d459bSecunia Security Advisory - ThE g0bL!N has reported a vulnerability in Teraway LinkTracker, which can be exploited by malicious people to bypass certain security restrictions.
2f1734268f4d03bc14e43406d096c2d46dcc648969b81e24d57f219f5a2c8d79Teraway Linktracker version 1.0 remote password changing exploit.
7027fcc70398d9e8e2d66dee8ffcd68d9e5ae7ec96995f35015cd7b70d391c42Teraway LinkTracker version 1.0 suffers from an insecure cookie handling vulnerability.
fb8fc35cdf82b4af6c283c476b06ce9edb04dae754ff858e2108a6f67cd4d78dDebian Security Advisory 1754-1 - It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights.
1d5f494eaa3899e67790d5afdfd5e0665d93ebd6b6b7f46ef5c5f087c83b53d5Mantis Bug Tracker versions 1.1.3 and below remote code execution exploit.
8f7235d1fa244d88437b93a00f10ac0a9403dda9941121e364649b305566b796The Joomla Joomtracker component version 1.01 suffers from a remote SQL injection vulnerability.
27be85e82e6efd840b9a0cce5413370a21301c73c681dedf602834a276d92912The raidtracker_panel module form PHP-Fusion is susceptible to a remote SQL injection vulnerability.
011dbda72211944d87f6ecd0345b1167d038f75c1c8e573a7d5a33251095c4a0Secunia Security Advisory - InATeam has discovered a vulnerability in BtitTracker (BTI-Tracker) and xbtit, which can be exploited by malicious people to conduct SQL injection attacks.
540ee4b2c5e8e3b84bafc22591836ab0157782c4c98001fdde11c815930d65cbBtiTracker versions 1.4.7 and xbtit versions 2.0.542 suffers from a remote SQL injection vulnerability.
0fa6d573893adc76791d44b0b6f3998218991237eafe5070781528a685b61ed8Secunia Security Advisory - Hussin X has reported a vulnerability in Short Url & Url Tracker Script, which can be exploited by malicious people to conduct SQL injection attacks.
6f157a6224c925be7ed083200dff567614b8366349946ecbf174373a63a34141Short URL and URL Tracker suffer from a remote SQL injection vulnerability in tr.php.
98b9833855bea2db866caf2411d039d9e7762219432e34ac18290fe149bcc62fSecunia Security Advisory - Debian has issued an update for httracker. This fixes a security issue, which can be exploited by malicious people to potentially compromise a vulnerable system.
54898dc85c6a86735fc8f7ee21abd5031f338dca98f7cf273afd2b91ddcd1a35Arctic Issue Tracker version 2.0.0 remote SQL injection exploit that leverages index.php.
ae4b9d90549eb8dda513c2f1982ac7c92d173e1651a89ef51a0850cf1dc6f778Artic Issue Tracker version 2.0.0 suffers from a remote SQL injection vulnerability in index.php.
2a5468c3d9869429d8ca32e78e274b34b12c0bb24ec47000f73a3dad87b78c99
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed