CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability.
ab2bb4ee4397e607d687ba9dbfeb8d2bbe0759bf552f9eef576d986e406dafb4GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
4fdb58572fb91fc0afbdfcd7845d4467d4b13ef2f9141bdaa955b959a319f8ccSecunia Security Advisory - loneferret has reported some vulnerabilities in the SimpleMail plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
f83e5e65043670becdc42a9b437540aa6f27a980121590167a6dcb2bdef541bfGetSimple CMS version 3.1.2 suffers from local file inclusion and path disclosure vulnerabilities.
31b1e57fbf7f937f77d9784291e1782b0f12b663027604cdcf7b49912b6578e3Secunia Security Advisory - Two vulnerabilities have been discovered in the Simple Video Flash Player for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.
9df20f91497034cf913395b05a7fb43d08018c030260a70ebd99396fa8c979e2Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.
260067c1b6a7935399c21b2621857237ac79808b7df319270dbb7fa906648b17This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34cSimpleWebServer version 2.2-rc2 remote buffer overflow exploit that achieves code execution.
d479bd8f4fea4bdf5c0972e056189d54814dde491f87ef49ea5a3093231a8ef1This is a simple snippet of c code that can be used for creating a denial of service condition against a DNS server.
23d955165e262da83e17e578062db6045a5487a02f461e22bbd4b3d9d5a162afSimple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
3e2b136f015fae19c61b2b118d1d58402b2d75b2f9c0c22031532788387ffcbeMagento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.
6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Items Manager plugin for GetSimple CMS, which can be exploited by malicious people to compromise a vulnerable system.
bac3348b2a4f3591e49f5a2cf12251641e00d52ca7be21a7931e5738f34470c1mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.
6243e220a650147a49269970cfc1491e6c727f6e9ef4eb34673909783bc258b2Mandriva Linux Security Advisory 2012-097 - Multiple vulnerabilities has been discovered and corrected in python. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
ea9f72137a552f0a45271fbb9a2d3f3aee9113cb46971ef47821e194f3b4801eMandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
a875f61d4323d9bd3fdd15f37616b7c52da1e10355b2f976bd21d77e7714133cRed Hat Security Advisory 2012-0876-04 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.
0c8e59b5862b260540cb82b2f28c910e34cfe4e663196688dfe6b2ae3d270f8bSimple Document Management System versions 1.1.5 and 2.0 suffer from remote SQL injection and bypass vulnerabilities.
942eed47d424ad17988a30166d09e420d52d423237a5a96fc57f378242d92bd8Secunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Simple Forum PHP, which can be exploited by malicious people to conduct SQL injection attacks.
b310487f85c895c2908d936488eea902e2984d3ee32c99e5ac573759ed482de3Simple Forum PHP version 2.1 suffers from multiple remote SQL injection vulnerabilities.
978cef328c0e2e191c9abf9210cb467e76ca8ebb5b1975c8eebb5db09da71a2dDrupal SimpleMeta third party module version 6.x suffers from a cross site request forgery vulnerability.
559caf9547f39a2aeed5b0f1830e8ad64accf5a1df871e48df2290bd93d06919Joomla Simple SWFUpload component version 2.0 suffers from a remote shell upload vulnerability.
ddcd612e618f2d645241ee933cc9cf982cee677684cec299c14d74bf974a5e60Wisimple suffers from a remote SQL injection vulnerability.
8232fd0fd5264b0082caedefa68913f85cd0efd1eefd8895458bd162bdc61e25Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Simple Download Button Shortcode plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
e1a460c937f6f04c09d9dd0c5160dec2552f2c01757a653a5eb1f1b32c732f5fWordPress Simple Download Button Shortcode plugin version 1.0 suffers from a remote file disclosure vulnerability.
e4ea7bd25d10fdaf89c8e656cdfa5028c177aa91fd04a159e38b67fb23e04e98Drupal Simplenews third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.
c6685213ac066fa6bc378bac975fe3b4f3589d5f1e3d5de4ed106c5fa290eb9a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed