phpMyVisites 1.3 is susceptible to a local file retrieval vulnerability.
7241f2f8a76c391ae05432c0793f5990820b2fed8cb51db642a54432b01a251bmyPHP version 3 suffers from some authentication flaws.
7acb86e0cb84d96d1c0a4a8bad9fef5794155e64405dfc6914ef1930d430fdbcPeerCast versions 0.1211 and below HTTP Requests remote format string exploit.
38eb59d932b484344a4a487ce8592d5523ddddcc2d98338ae0b333ab12b961eeClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
b4e58bb23a3eb176987309aae3eb6a7dd7b0dd376cbd6b9298ef4007b16ec8ccEnterasys Vertical Horizon switches have a default account embedded in them. Additionally, a denial of service vulnerability exists.
97df385b1c7c2ba8b61d82c9701fcb688658ebfd12c37c7834c410d094db2645A Vulnerability exists in the Novell GroupWise Client that will allow an attacker to identify the id and password of the users GroupWise email account. Tested vulnerable versions: 6.5.2, 6.0, and 5.5.
921c82b00c438750325e3b3be83c287e5afe618d7a5952803687192893b0636dpaFaq version 1.0 Beta 4 add administrator proof of concept exploit.
14d1fab8be7b49e5b3ddba7f95173d88d0bae71b6edfda345710df0777ec61e5paFaq version 1.0 Beta 4 suffers from SQL injection and remote command execution vulnerabilities.
857e5523c32704ae5bef2804a3ddd90ad4b5070e6bc0a0ccbcfafb8a75be050fA race condition exists in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands.
a70767bc3df652f28565e7a7ef5f5857dd8f651bee8d0dcfe89f265f2852c080A vulnerability in Cisco VPN concentrators allows an attacker to enumerate valid groupnames on a through either a dictionary attack, or a brute-force attack. The issue exists because the concentrator responds to valid groupnames differently to the way in which it responds to invalid groupnames. The issue is believed to affect all models of Cisco VPN 3000 Concentrator: 3005, 3015, 3020, 3030, 3060 and 3080. It is believed that all software versions prior to 4.1.7.F are vulnerable.
2e460ecbb84d0cf7cfa5a0a6fbd7103c9f804914e042195662abb8fd2f0a6d00Multiple SQL injection vulnerabilities exist in Ublog Reload version 1.0.5.
8b1fbfc37efa583b7a759ad77da415d492a4b2b221e716e0c1939c405fa6da1eGentoo Linux Security Advisory GLSA 200506-16 - A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Versions less than 2.6-r3 are affected.
56da6d591149beb5f762ec3683a0d848342609cabfac8f21e3af5fc1af076feaDuring an evaluation of Trac, an input validation vulnerability was discovered which can lead to arbitrary uploading and downloading of files with the permission of the web server.
f3d29acb6264e7e52acb1152dda2f9156a367be10f0e8013ba0df3ffb4203fd1Gentoo Linux Security Advisory GLSA 200506-15 - James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL. Versions less than 0.1212 are affected.
d0754a98f63ac7de8c761599f8a05fda5f493cdfba87aa8e2d7eb3613dc7665fGentoo Linux Security Advisory GLSA 200506-14 - Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Versions less than 1.4.2.08 are affected.
105d3c65ced75ca1eaa4a5db0f76d17a025ce64a3dc61f0c01da843a5494eb5dPerl version of the Claroline e-Learning version 1.6 and below remote password hash extraction SQL injection exploit.
d611e1b2a90b10c2fd6329c2964130b5cfc4dca52477b13ec7e64443e116a313Claroline e-Learning versions 1.6 and below remote password hash extraction SQL injection exploit.
d4d28dad2ed1e2611a7cbb64a0a9e56b1021a8cf906461880bc67ae1541ae9dfGentoo Linux Security Advisory GLSA 200506-13 - Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Versions less than 1.11 are affected.
3cfe974915d396fdf153bb802d0bbb5e9680c1d3796239f09e6fb4b3abeef919Yaws webserver versions 1.55 and below suffer from a source code disclosure flaw when a null byte is appended to the filename being accessed.
ad42f94a077bca941b456f8f2abf8d40742de163faf4303e44afa003e94d874bRecent versions of Adobe Reader (previously known as Acrobat Reader) are vulnerable to XML External Entity (XXE) Attacks. By including a JavaScript in a PDF file, and have this JavaScript parse an embedded XML document with a reference to an external entity, it is possible to read certain types of textual files on the local computer, and have them sent to a remote attacker.
e4eb9bd6d086fc72abf05dc8225eb8384fbc26f2134d79f9587ff4deefa90078Cool Cafe Chat 1.2.1 suffers from a SQL injection vulnerability via an unsanitized password variable.
6b78863a9257dee742b652723b329cb3ae31c28d7db77fd5ad0dc78f007e9109eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way various versions of Windows handle Windows Help (.CHM) files. If exploited, this vulnerability allows arbitrary code to be executed by the remote attacker. A malicious .CHM file can be opened by Internet Explorer without user interaction by using the ms-its protocol specification.
8436f65d98a23317ef683d3d5247c324f8f9d5b1ccfee3217464b065fe672198Phpforum McGallery version 1.1 suffers from a directory traversal vulnerability.
c485d85c457ce5c2454a02c005e0d58a5d63527fc7c19b797142a176a708aef2Bitrix Site Manager 4.0.x suffers from a remote file inclusion and execution vulnerability.
7b62a61c54e53d330843b685ee3ff2a1179a09eaa2d32f06d6abc047f1a8410aThe Global Hauri ViRobot 2.0 server suffers from a cookie related overflow.
aae4fbf083312fd8cc842727b9168f931208ac628c9d8dfcd7103910ac1d0ddd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed