PHP Links versions 1.3 and below suffer from a remote SQL injection vulnerability in vote.php.
295bbf92977feae8a238a4941e7301b41650f7db9e356bcde2d96d65c465f3bePHP-X-Links suffers from a remote SQL injection vulnerability.
471c6627ceb3b865126edd11e6db101be7ca8cc213380000c36458ee3e614839WSN Links script suffers from a remote SQL injection vulnerability in report.php.
8df011c7700d0ac768739c6debb1d00b0a82f9032418f9dc0d9b6a7f14ebe125Artmedic Webdesign Links version 5.0 suffers from a remote file inclusion vulnerability.
f0792f7220dbeea15bec70c0269c980119b5f0683dfeb27d780b641edfe2e437Ubuntu Security Notice 1262-1 - It was discovered that Light Display Manager incorrectly handled privileges when reading .dmrc files. A local attacker could exploit this issue to read arbitrary configuration files, bypassing intended permissions. It was discovered that Light Display Manager incorrectly handled links when adjusting permissions on .Xauthority files. A local attacker could exploit this issue to access arbitrary files, and possibly obtain increased privileges. In the default Ubuntu installation, this would be prevented by the Yama link restrictions. Various other issues were also addressed.
61e40ebb8859955a63f234353d30af5813f52ebbb4d3496c598362dec3d4de19Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.
a8d8f271f9bcea57da5e8e80f09acc4ebc27b5f8820e5bdda23f748aa4eb75efDebian Linux Security Advisory 2320-1 - The dokuwiki update included in Debian Lenny 5.0.9 to address a cross site scripting issue (CVE-2011-2510) had a regression rendering links to external websites broken. This update corrects that regression.
187beb0ab606aea8a1826ae67ceb93072b90a110da9664c271092622bbc11ee0Red Hat Security Advisory 2011-0999-01 - rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the "filter", "exclude", and "exclude from" options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those restrictions by using certain command line options and symbolic links, allowing the attacker to overwrite those files if they knew their file names and had write access to them.
afb4edec8425d564ab97e6563e2df1c18b5ded90f774e37a7d8909104fefdceaRed Hat Security Advisory 2011-1083-01 - FUSE can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.
570a3ac9c4d8ba47567744f3a2508ef5c64019b15a6120d40f7b53ce18ed1cd0A persistent cross site scripting vulnerability exists in the Oracle I-Recruitment portal. The account information page allows the user to upload his resume in Microsoft Word document. An attacker can construct a malicious MSWord file to conduct the attack by setting a cross site scripting payload in hyperlinks in order to bypass conversion filters. Versions 11.5.10.2, 12.0.6, and 12.1.3 are affected.
89565c921950ce4770fa5b14b519ba8f3361837b5def92e74ce9f346295f4bdeDmxReady Links Manager version 1.2 suffers from a remote SQL injection vulnerability.
6e635c61bdccacc7c09c35aa26a0da2f5e80a0e925c758b77d89ab7b76bf66c7Glyptodon is a little file-system analyzer for Linux systems. It is written in bash and it comes with an installer to make it run everyday automatically. This script writes some general information about file permissions, socket, ownership, etc. It also verifies the file-system for potential risks, such as set-uid files, world writable files, symlinks nouser files, etc.
0c9a68bfb2e52bdc81f2316f067d7f264897eb737ada4467537a3e3f11c576b8The Cisco Linksys Wireless G Broadband Router WRT54G with firmware version 4.21.1 suffers from a cross site scripting vulnerability.
33023e6063d14ffdaada37d384498349e1d019e88d22a6bd58eef458b22376b7Linksys WRT54G with firmware version 7.00.1 suffers from an administrative password disclosure vulnerability via ftpd.
29ac89d17267faf8260fc55d0bf0cea35b3acec9de7d42041acbc8aaabc40393K-Links suffers from a remote SQL injection vulnerability.
4b7997809c7048d1abc47e21eca2e2b6741d956ec4b93ac2456536aa985be135K-Links suffers from a cross site scripting vulnerability.
4eda667e13fb757e6cf5f41326e1b11321dc1084ff39f945dcfa1493d54b6876Allomani Web Links version 1.0 suffers from a cross site request forgery vulnerability.
d54ccbe02f16ad14c2c1cfcd86b0f0cc16af6e7e1fa5f4daf2abda517de5f449Secunia Security Advisory - Khashayar Fereidani has reported a vulnerability in Linksys WAG120N, which can be exploited by malicious people to conduct cross-site request forgery attacks.
46377e7f96c211f52a92281e9a0d13bf4434496c608cc718ca8cfffe90d9f2e8Ubuntu Security Notice 1077-1 - It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
7abc581d95fd6fa91f14b15d1919d17c1f65a3f627fcc6b20f76aa12c42d3cceThe Linksys Cisco Wag120n suffers from a cross site request forgery vulnerability.
dd16115896453d01f25228f86f2b3ddaef343f8a7937d67e06a50aa3bf8827deSecunia Security Advisory - Matteo Ignaccolo has reported a security issue in Linksys WAP610N, which can be exploited by malicious people to compromise a vulnerable system.
88b060999e5c1386a52de314ae88c49d449096b12f3565f1884fc5dc72037a84Linksys WAP610N is a SOHO wireless access point that allows remote unauthenticated root access on TCP port 1111.
de0f690f14734c0bdb5d979f5549b27881d4226daff2f7bf6e1eac0775748d05Dew-NewPHPLinks version 2.1b suffers from a remote SQL injection vulnerability.
2a8c74fa21bbec57e95f9f9bc75de9d863b111a6e01b9b80b472dba3182ef77eSecunia Security Advisory - A vulnerability has been reported in Linksys WRT54GC, which can be exploited by malicious people to compromise a vulnerable system.
08c1f2f1907a6fc839e3cc59e44666e027ad8804333baecf7bf1bc97296b296dKismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
99e76f8f7684199b9176a7a2f6b1bb5c637d89f6906d6de279794fb1fb22cde1Ubuntu Security Notice 1038-1 - Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
124b7f8c1c05e457c65f82fc182edb95d165faa7814266e2591a6fd193c682aa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed