PHP Links versions 1.3 and below suffer from a remote SQL injection vulnerability in vote.php.
295bbf92977feae8a238a4941e7301b41650f7db9e356bcde2d96d65c465f3beThis Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4bThis Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9Secunia Security Advisory - Craig has reported a vulnerability in Cisco Linksys WMB54G, which can be exploited by malicious people to compromise a vulnerable device.
5f0151cdf237cc30c08bd74edb81d0e52c223ec4e57eeda993b98b075c67f682Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
a88c10267158fe9cf2d434bc63948819deb102117186a70288596b16e3102081Secunia Security Advisory - Gentoo has issued an update for links. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
adb6532c3423da89e39ba4b5a1d845ea7d92a072b7129d1f48b8aae3685d0f6fGentoo Linux Security Advisory 201206-32 - An error in the verification of SSL certificates in Links might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 2.6 are affected.
2844cba5db93a16c292bda396e0c06a8ae6bcd3c1befdcb1c5b2875a67615f1dPhpLinks suffers from a remote SQL injection vulnerability.
6b0bb7d467bab7799fe2dd17fb618ab07cc3d6bf9dc7d54f2820598232f8997cThe Cisco Linksys WRT54GL router suffers from a cross site request forgery vulnerability.
15765a5278a3d85691a1560925b05f28f2c55ddd9ccac8024f86755afe32809aDrupal Glossify Internal Links Auto SEO third party module version 6.x suffers from a cross site scripting vulnerability.
23a814bf3a31bf4c83ad7c8f343361d4794c4001adf51ccff631fe79bc2f5025Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed.
3cbc2c67f035fe9b1398b1120f8f0507ea8dbc4b9d3dce95d3e1907578dea5a9Secunia Security Advisory - Some vulnerabilities have been reported in Links, which can be exploited by malicious people to potentially compromise a user's system.
68661f5ecf03b74a7a6260e6a6d3eb502874eec3ea53eb88f57fbee0b2b27b80Ubuntu Security Notice 1400-4 - USN-1400-3 fixed vulnerabilities in Thunderbird. The new Thunderbird version caused a regression in IMAP connections and mail filtering. This update fixes the problem. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. Various other issues were also addressed.
383ee8f33b48cc0d16f1ee299e10b50a13188dcf42cd76498072c4c7bb351a6cUbuntu Security Notice 1401-2 - USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
18ff4554ba8f49486a34fb7d8714a434cb13cd31e28f8877c79af56223cd9cedSecunia Security Advisory - rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system.
91fbeb70423639d51561f20fdc0fe7590c4836fc40a9423339c16503d32289daCisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT active-x control (PlayerPT.ocx) suffers from a sprintf buffer overflow vulnerability. Version 1.0.0.15 is affected.
3933dd1431da4c063e62908b6d60cf61accefadfda1561e952bfa4c9d5163a86Ubuntu Security Notice 1400-3 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues have also been addressed.
553d78be7f7ed2853eaa6177ea136db38c2d1a480fb986ca79ad0876030a8c06Ubuntu Security Notice 1400-2 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.
5b55ea6fffee26c72843021b56e71cfb46a31c56e38ee3b9f75b058db2e502a3Ubuntu Security Notice 1400-1 - Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
6ec8a17ac5494f22879ac72d2367bc10e24938596bb360d6ddb0c7b09b2668c5The Read More Link module version 6.x in Drupal allows you to move the "Read more" link from the node's links area to the end of the teaser text. A user could inject java script into pages affecting other site users. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access administration pages."
bd92348ee67235662934cb4a09b086c5d52b673a6df75c2193424fa80f15fba0Red Hat Security Advisory 2012-0350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.
d8a60be00abc472adc04c925566012a45e0ea8c2dd26a7a38e5dd76f2aabd4c9The Cisco Linksys WAG54GS ADSL router suffers from a cross site request forgery vulnerability.
bfb35b1a670f2df0c8e171cb6cac8009146ebfef18fbcd82c5a7420cf409e60fRed Hat Security Advisory 2012-0313-03 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled.
932d2cbf7225ce2c987d4bcdd7f912e023df64a9a31b01d00a4f046b0c7fdb63The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
48b1ad0f0b8e17c97223e2272e12cd11873d14beb0aabe0425706a6b4379c4c5PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.
336cf42e8dc8faa6b50900fe87f736405e406fd222446974eea37d4c2c4ef253Red Hat Security Advisory 2012-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.
14cc28a3df69b8e6b2fc6473a6b5dacebe7c4ddbba6984ec740c93d61e9322db
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed