Alexander Antipov has reported some vulnerabilities in Web Wiz Forum, allowing malicious people to conduct SQL injection attacks and perform certain administrative functions.
024ed03e7937f3b0cf30e5a45a9ee9bce998f485ff34e66cf5910706d8b35241
VOXTRONIC Voxlog Professional versions 3.7.2.729 and below suffer from file disclosure, remote code execution, and remote SQL injection vulnerabilities.
1b7e866efc987b1e820a90007bf6bda712524774261dd6c1229b6080fec76cc1
AdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.
7e3a1369a020e57b96e59b8b0b9529fdb0e3680525f1bd1d5292095b172b5eb3
Apache Struts2 versions 2.2.1.1 and below suffer from an ExceptionDelegator remote command execution vulnerability. Versions 2.3.1 and below suffer from remote command execution vulnerabilities related to CookieInterceptor and DebuggingInterceptor. Versions 2.3.1 and below suffer from a file overwrite vulnerability in ParametersInterceptor.
8d363a18f897ed34231b59c495249b3756d6dd28557f389c633b72c05f3bea07
Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.
294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
The WhatsApp tool suffers from arbitrary user status updating, registration bypass and plaintext protocol vulnerabilities.
0616c7aaaea8c5766787ad6d89a5f5e1a9b8c80dda620060d4f23fe8f25ffa06
The SecCommerce SecSigner Java applet version 3.5.0 suffers from a client-side remote arbitrary file upload vulnerability.
5c2fa4abe1884f3a0b572d67e36f2d26b087f7cd52d35a19c40e81c656d3dd40
Microsoft Forefront Unified Access Gateway Remote Access Agent version 4.0.0.1 suffers from a remote file upload and command execution vulnerability.
3ebeabe791748805647629a3fbbecc741bc96a94f425f58d13409d7e8d83b60c
Check Point SSL VPN On-Demand applications suffer from remote file upload and command execution vulnerabilities.
16fc1a812d8e49f019aec198ac5b1f6339e0854addc6171fa54586f34e1a1259
WordPress versions 3.1.3 and 3.2-RC1 suffers from multiple remote SQL injection vulnerabilities.
0a7900515451e312b78d781e902fcb08e0d2c379668d6c7b467866395e99972e
Libmodplug library is prone to a stack based buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious S3M media files. Version 0.8.8.1 is affected.
3b492361b42a31322dd539245a7c64c4f1cbf45a7f989edecf307ed261a181bd
Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.
2bd10f0a3d3cc78cbdd70e360341145cdcc41d59f78c199e223b197ec74303a1
Xerox WorkCentre versions 5665, 5675, and 5687 suffers from backdoor and authentication vulnerabilities.
5f40de32a9dd28a731693198b0787cdbd7dff2200019016edc179dd16ce2dbae
LetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.
c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26ab
Sitecore Staging Module versions 5.4.0 revision 080625 and below suffer from authentication bypass and file manipulation vulnerabilities.
0021244a4c6cebaaec10e5a1c3d431de7999b29903a312e90b39f88e0151ebb6
RADactive I-Load version 2008.2.4.0 suffers from cross site scripting, file disclosure, and file upload vulnerabilities.
c73f8131d8b7af1c98eaee0158df5332fbfc1b52e29e3faae8acbe5a3fe2ab6f
SEC Consult Security Advisory 20090901-0 - A file disclosure vulnerability exists in JSFTemplating, Mojarra Scales, and GlassFish Application Server v3 Admin console.
997ef8e7a5352750004cfe364dea689341b943cbe725378661952f230c85209d
SEC Consult Security Advisory 20090707-0 - Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the RealPlayer and MMS viewer on Nokia's Symbian/S60 based smartphones. An attacker could leverage these bugs to gain control of the program counter register and execute arbitrary code on a target smartphone. The bugs can be triggered directly inside the MMS viewer of the target, by sending an MMS with an embedded video file.
aeaa346858f3d297167128f3741765a3b8de649f8ac8e79ef104a8614c5c1bc6
SEC Consult Security Advisory 20090525-4 - A format string vulnerability exists in the logfile parsing function of SonicOS. An attacker could crash the system or execute arbitrary code by injecting format string metacharacters into the logfile, if an administrator subsequently uses the SonicOS GUI to view the log.
6c7085cdc53507695204c983a9fba14a2a3502a8197d9696636f43a53f125f2b
SEC Consult Security Advisory 20090525-3 - The SonicWALL Global VPN Client versions 4.0.0.835 and below suffer from a local privilege escalation vulnerability.
697d26db1d1f4652470fb4f8020fe9df446a0fa526453fe1e008c228a820ddc3
SEC Consult Security Advisory 20090525-2 - The SonicWALL Global Security Client version 1.0.0.15 suffers from a local privilege escalation vulnerability.
a249f7b5b6c96e7e73537b527e46de221df15b9ac124b216b83d675ced67349b
SEC Consult Security Advisory 20090525-1 - The Nortel Contact Center Manager server version 6.0 suffers from a password disclosure vulnerability.
bac6e60c36d211176326d66db94bf9e89951039cf254351e8c0aba6df234e565
SEC Consult Security Advisory 20090525-0 - The Nortel Contact Center Manager server version 6.0 suffers from an authentication bypass vulnerability.
983ea312515d8fc13a674dd0481967d73dbc7ab8781412dcd68339905b846a46
SEC Consult Security Advisory 20090429-0 - LevelOne AMG-2000 Wireless AP Management Gateway suffers from proxy bypass and plain text vulnerabilities.
21fedd3d58a60ec4be0f1b3d390a6efc6e4b55fd06209cf789610813125e1daf
SEC Consult Security Advisory 20090415-1 - The Nortel Application Gateway 2000 versions 6.3.1 and below suffer from a password disclosure vulnerability.
6a602258e8f29deb14f3eb5ff281f26e0e43c3f7484aceaeafab1860a788f32d
SEC Consult Security Advisory 20090415-0 - Multiple vulnerabilities have been identified in Novell Teaming. These include enumeration of usernames, information disclosure, and cross site scripting flaws. Version 1.0.3 is vulnerable.
e32f1a48232fe353e2a85526ef291e78bafffd7789d861410bca9cc87b1b1dc3