Mandriva Linux Security Advisory 2009-039 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current gedit working directory. This update provides fix for that vulnerability.
8b9e849975bf8bcfad7efeb3441096ffa012879e7c7d0e753cd1cf4b14a444e4Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability.
1e99fa3a1f0f0ec04047779edd481b19ceb202904e32e8a38780b66885631ce7YACS CMS version 8.11 suffers from a remote file inclusion vulnerability in update_trailer.php.
0a921702a6b193271c0846b5db6240e1121e3f6b6c9b2658a7dd02a6dc6a034dRavenNuke version 2.3.0 suffers from multiple code execution and SQL injection vulnerabilities.
c34ff1a2c075baf5cd498bcc9dba388976bcf111db9b56ba7173af2090138d40SAS Hotel Management System suffers from a remote SQL injection vulnerability in myhotel_info.asp.
1839523d0458fbbbc8e92253d8b34c58852ce3f9d050edf3d1343db9a0551022OpenX version 2.6.3 orderdirection and listorder parameter cross site scripting vulnerability details with screen shots.
159efe1f8cce18ebb81642c90697fc004c6d446db2b89abde07fdf13afb7992cOpenX version 2.6.3 clientid parameter cross site scripting vulnerability details with screen shots.
68b32130a6ec022e86de03f76a1ee18d06f549634f5a6afe7f3ded6b8725a0f8TPTEST versions 3.1.7 and below stack buffer overflow proof of concept exploit.
e960467ded01250b4096a2f1b3c39d2f2f30445208d7a509bc9240a451df57caratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
64074f2927e1d1f4a9dbc4878cdcbb6c98940d01e2588f6f9bdc85fac7498fdaGeoVision LiveX_v8200 Active-X Control remote file corruption proof of concept exploit.
e24f2fa615944e208a5882c0fdc94c33d025e658885ab4a8a2437a50f59f859aMandriva Linux Security Advisory 2009-037 - Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.
e35f21344acc99873c0c3c05ad0cf0801feef75fd84ceb50f59a670fc8061800MemHT Portal versions 4.0.1 and below delete all private messages exploit.
c0e93f7e01ec0a9ee8f05fe5f09c0a75049bedd768b076dc7f200d92f04db2fc30 bytes small shellcode for Linux/x86 that performs chmod() 666 /etc/shadow & exit();
4c44893378083171a83892266561dc67869751c21280f796639a23c91e022139NovaBoard version 1.0.0 suffers from shell upload, local file inclusion, and multiple remote SQL injection vulnerabilities.
cbfffa295a4b05222d38b2d1ae86e395de82376adc7fb687845cc20853a7a846The final speak lineup for CanSecWest 2009 has been announced.
beb8fb16a45b6e72de1cc886f96cce253cef8ea123f7bc0bc43cb25a5e333598All versions of Enomaly ECP/Enomalism before 2.2.1 have multiple issues relating to the use of temporary files in an insecure manner.
461388d5af9b086c1ea7698c7c71be0f51f4b95fd1d2fce9bd1ff0fe15f9f6d3PowerMovieList version 0.14b suffers from cross site scripting and remote SQL injection vulnerabilities.
0b5fbc41cf6afdc05cfd8593d7244cf0878bb0f42f906d22801f4822ff636204Falt4 CS RC4 arbitrary file upload exploit.
fe07399aa459a1057879fcf1842e7dd198c284a70f61aab7e7fdf5dbc7298218InselPhoto version 1.1 suffers from a persistent cross site scripting vulnerability.
c749608b4fd416564aa8945271143b661a7e687fe8c3af628901df721dbfecbaSecunia Security Advisory - A vulnerability has been discovered in Vlinks, which can be exploited by malicious people to conduct SQL injection attacks.
2d72f5c23d8734d145d6e176dfa46cb1aabddfe7d714840e5720c867bb7091dbSecunia Security Advisory - A vulnerability has been reported in xine-lib, which can be exploited by malicious people to compromise a vulnerable system.
6a1229c9e9ffd304f77d47fc2888c03bd747de08d43b3b7dc5410d4540e35d57Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.
36afc55a024ee0f3242df746e9076f47d0fb85155382f211202d532a06612477Secunia Security Advisory - Fedora has issued an update for squidGuard. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
13bf988147ed509f902c4523dc2328673c968d8131fbf0e97131e8f67198fe2aSecunia Security Advisory - Some security issues have been reported in iFIX, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions, and by malicious people to disclose sensitive information.
d061f37b9f0f2ee7f7c5f786d7f9d7451dd2b57e133a3d1ffda868a781b8b1a1Sun Security Advisory - A security vulnerability in the Solaris Kerberos PAM module may allow use of a user specified Kerberos configuration file, leading to escalation of privileges.
0b4f5956c54b78b438db584a20d734a43f248bdbe1b4ba68a0163cf173361186
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed