Debian Security Advisory 1849-1 - It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
e42de45e18bc6fd49721aa9431ccae4b09d76106002c325d94332419287f6029Ajax Short URL Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6e769e174773a17d6bee1292f27a36f7ee5a6060457102f947064093c666d3d5AW BannerAd suffers from a remote SQL injection vulnerability that allows for authentication bypass.
78ae63af20dc007a15dda841b55eac957a60516c1a1eb93fd64725bedd01c240Mobilelib Gold version 3.0 suffers from SQL injection vulnerabilities that allow for authentication bypass.
5338977162f9d612a9c2aee1c4dde7fe057ca1d2868c952a56d5bdef1834b087Debian Security Advisory 1848-1 - It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files.
cbd9ba2111aa130c900f04a2c4d7606e1f621fccbd7f495d44b5e1cc468f53f4Adobe Flash Player has an integer overflow that exists in the AVM2 abcFile parser code which handles the intrf_count value of the instance_info structure.
aea6ae7ce5a8ae2ed2d979b62a2ec1ef65d2d9cc8ba7c1d8089d924a1c480ee5WWWBoard version 2.0 suffers from a cross site scripting vulnerability.
e4f61fc3cc02b59e10b7d963530c762ec843ae4e319af17d8a7c7e447a8db576Simple Search version 1.0 suffers from a cross site scripting vulnerability.
ee5e6c47ea992e4be95de6b9880d7c17a79725285b8618cdd5f4968c45a51c72PhotoPost PHP version 3.3.1 suffers from blind SQL injection and cross site scripting vulnerabilities.
db427c300b10862d2276ba3abfb6e4d9621428247a8d0a643e5fb20a6d655b2eTuniac version 09517c crash proof of concept exploit that creates a malicious .m3u file.
af4621d26c4721e5c5db2fc4b415b95f484e96679b5239312de543fdc443e455Arab Portal version 2.x SQL injection exploit that leverages forum.php.
14076b1857b841d117585bc631df83fd6a4ca9f67621154c72dffe621ebaac7cBlaze HDTV Player version 6.0 local buffer overflow exploit that creates a malicious .plf file.
e6a3524c59abb4b2968b8f70c40b042798e52228fae005521ad1270df4445620BlazeDVD version 5.1 Professional local buffer overflow exploit that creates a malicious .plf file.
49884abe0552d9f56609d2cfd88fdeae832450741ab4d11793e7ff1a528764cbAmaya version 11.2 W3C Editor/Browser buffer overflow exploit that creates a malicious .html file.
4f580ce6b0d0a1455564b8712abbdd29cce687fd15564c38f3c70f6f012539bfGentoo Linux Security Advisory GLSA 200908-02 - Dynamic Update packets can cause a Denial of Service in the BIND daemon. Matthias Urlichs reported that the dns_db_findrdataset() function fails when the prerequisite section of the dynamic update message contains a record of type ANY and where at least one RRset for this FQDN exists on the server. Versions less than 9.4.3_p3 are affected.
34d3b5d8037c7af8019999cf307ff64664d626a8ab8da78482f5b5e914d4bbcdDestiny Media Player version 1.61 universal buffer overflow exploit that creates a malicious .pls file.
e492fe3b71aa7946bcfa07517017be910bb1080cb919273dcaaaf15a6bb0b8bdjetAudio version 7.1.9.4030 plus vx local stack overflow exploit that creates a malicious .m3u file.
f1e5b1c802e3750bdfea62dbeb8ef14aa2be628aaab5e85205350fe746d458c6Omnistar Recruiting suffers from a cross site scripting vulnerability in resume_register.php.
3af800af3425dd707ba3bb4ab3ad980baaff28cf7ba65639b49d7a987f264e80procfs memory disclosure exploit for Linux kernel versions prior to 2.6.14.6.
a870ac7b48160c6a68b2fabfa0d763085a457e0261e1bcfb589827d445df5e4dBlazeDVD version 5.1 Professional and HDTV Player version 6.0 universal buffer overflow exploit that creates a malicious .plf file.
e0e9b695955528eca8b764b33768d0c17c3c9206ab0368e566e72dd5ecd31133Mandriva Linux Security Advisory 2009-189 - SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input. This update provides fixes for this vulnerability.
50d8d298ecc311a2c7b18a452040654741985845c4ded80977515874e4ea9d74PaymentProcessorScript suffers from a remote SQL injection vulnerability.
9e3d18634be53c0dad7dabd37157ed7f59b26d38a59b30805da14f811c09d779MAXcms version 3.11.20b suffers from multiple remote file inclusion vulnerabilities.
ff6ee9e6e41db76637e9946eca4bf3ad6366155aac6cde74bf58a9f7a8d513cdThe Joomla JFusion component suffers from a blind SQL injection vulnerability.
bdfc96046163ef17e1f23fa5c738c1f679878faf746084142291fdae018c0f9aLicense Manager 2005 for SAP Business One 2005-A remote buffer overflow exploit.
b012f0dd2b319c7c16f66e19e9181a61f356be7751a1d5d4ca318dcee04446a9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed