Xerox WorkCentre versions 5665, 5675, and 5687 suffers from backdoor and authentication vulnerabilities.
5f40de32a9dd28a731693198b0787cdbd7dff2200019016edc179dd16ce2dbaeLetoDMS versions 1.7.2 and below suffer from cross site request forgery and local file inclusion vulnerabilities.
c9b6e49cdbd9d24344a2e48a4b49a02dfc63f27df1f1c9790f6bea3a57ed26abSEC-CONSULT Security Advisory 20051125-0 - vTiger versions 4.2 and below have been found susceptible to SQL injection, cross site scripting, code execution, directory traversal, and arbitrary file upload flaws.
c40cfc60da4956c1504de1864fab0f8bc8c5873f798f96b78f0c2755e01d5af9SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.
3d4b8192b526f1b4f047163bef662b30bca31b99670048e5fedfcec7d1e728d6PHP version 4.3.9 is vulnerable to meta character attacks. The bug could enable an attacker to read arbitrary files from the filesystem of a webserver that hosts PHP scripts. In addition PHP versions 4.3.6 until 4.3.9 as well as PHP versions 5.0.0 until 5.0.2 contain a bug that enables an attacker to manipulate the file name of uploaded files to perform directory traversal.
183b6826fc0c2ca99353a42baba5a113c56394fdc9b6de72752fccc716136314Multiple Vulnerabilities have been found in the open source customer relationship management software SugarSales. These vulnerabilities include full path disclosure, file inclusion, remote command execution, and SQL injection attacks. Versions up to 2.0.1c are susceptible.
660b515e225040f3e8eb1e3937e6f49ab123225c3521ba0b2e94fe8eb9e7c085The KDE program Konquerer allows for browsing SMB shares comfortably through the GUI. By placing a shortcut to an SMB share on KDE's desktop, an attacker can disclose his victim's password in plaintext.
d82ec6638f5d0580ca26f1a42305b4b27eb5326e45e9c6fec5e0cf1b63ceed39The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.
53a21852c0242beeb54ba7eefa07e509f4a3ca8e3fb4efdc7230f7b036ceeeb4PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.
3665a6afbcf2c1f3e80aaebbd19c3b186545ef0c4c98f8e8daf399053845af2fSEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.
64158a7cf03bea19c8dd9020b9f99b7e6bcf2fe97d86ac1d244377dc6d5c7978
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed