Debian Security Advisory 1874-1 - Several vulnerabilities have been discovered in the Network Security Service libraries.
c3c145e663c0e41608a4517f6698e23ceea9427cb81c0b2b53641a715105c451Open Auto Classifieds versions 1.5.9 and below remote file upload exploit.
7322a5373069e15092dc57a0de4058e73dee14a907bea94cf3798baa0b9bdde4Open Auto Classifieds versions 1.5.9 and below suffer from a remote SQL injection vulnerability.
f4d256bf5b94a24105c65130d206160fc23ebc64c40b09e1bc5146d96200727bThis is the source code for the Skype Superintendent Trojan. It injects function calls into the Skype process to intercept all audio data coming and going to the Skype process. It extracts the PCM audio data, converts it to MP3 and sends it to the attacker after encrypting it.
50398ad61e00692c92dd2314b4361cbb17e4a9e0f3004de10cacb297e3951d03Positive Technologies Research Team has discovered a denial of service (DoS) vulnerability in CA Internet Security Suite. The IOCTL handler in vetmonnt.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system.
5e302735926df7a191cd4c4df3119475cbea6aad9029461f9bb55779ca994495VideoGirls BiZ suffers from a cross site scripting vulnerability.
45157b1204667a6a4cb2128debe099fde2a65cc2cc276dd98c60af35228ac810Total Calendar version 2.4 suffers from blind SQL injection and local file inclusion vulnerabilities.
e00088f7ff09003746dc049878ea5ba7895f03e12a09f5af7aa10ee57f281ed7Stand Alone Arcade version 1.1 suffers from a cross site scripting vulnerability.
15f91a1e6a5a77cd6d0583330e0465441acada38bda090512fbbf618d6716223SearchFeed Script suffers from a cross site scripting vulnerability.
b97d37e1011b7ba56976b4e78eb17b56dd4bc0f5baa626402f5a8bb5f2d97194PHP Video YouTube Script suffers from a cross site scripting vulnerability.
5038cbd660a2c0114224332f68f41913a75bc747abbc54c0a0a70b024ddace0ePHP Calendars Script suffers from a cross site scripting vulnerability.
00c2efb6f29d7a2f40ee698f03cc86421b1d5b00a830643b38faa3919e978820Discuz! Plugin Crazy Star versions 2.0 and below suffer from a remote SQL injection vulnerability.
f46aa68f55a22ddcbeb0e9dd80d8f9a1c7086c3d04053e84be0357031fdb1d64TFTPUtil GUI version 1.3.0 remote denial of service exploit.
7dac29f1e21983324fc9a9d2664d4ba0fd34a688e5b3b6fecc20a89bbd88c1f5Debian Security Advisory 1873-1 - Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page.
356bf7c18df73523e6398c09fcd86214240a2f6d1b8b04047695a2254b6e4857Ninja Blog version 4.8 suffers from cross site scripting vulnerabilities.
5312a74a3dae0b65adfc64707d9ee64e0ecf9ec80f9e1bfcd5c88d997993d2abE-Gold Game: Pirates of the Caribbean suffers from a blind SQL injection vulnerability.
59c736927e50aec080bdd871e1f29121c26adaea4d3578668e246f6b781e35b8DigiOz Guestbook version 1.7.2 suffers from cross site scripting vulnerabilities.
ed03a1db41098117876cd4503e1bcdf5c67b46e90122b62aaf8c16a68bfc4b74Simple CMS FrameWork versions 1.0 and below suffer from a remote SQL injection vulnerability.
04e5ccf3969856d83e3f9759d4ba50644d0216d016d70210d2bf7dafe554431fAuction RSS Content Script version 3.0 suffers from cross site scripting vulnerabilities.
8f7cf9a6a227fbed484626d604acfea12217c71f82ffb0e7580813bba15ec1e8Affiliate Master Script version 2.0 suffers from cross site scripting vulnerabilities.
cac15c4fe4603e81dca3e23e359891535d7718d819a7bea48d4af05dc0574c4aUbuntu Security Notice USN-826-1 - It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS.
2ad29fa1156368f088ec7fd61ddf354bd88a9b875c072b5a2b54cec8ad4511a1Cisco Security Advisory - Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities.
8a2ea0a4627f9010053dc3a65ff3691adac7f833b375825a60556dbd0c581ab4Moa Gallery versions 1.2.0 and below suffer form a remote file disclosure vulnerability.
ebe84fa16df2febf9af5c6fbb5e7bb718d1de30bafd790d1b881c96eb4314a94Whitepaper called A Practical Message Falsification Attack on WPA.
e4508ac705e974e5997e8f259c77fb0c5a4426a86c4bc54012872d08daa7d98dMoa Gallery version 1.2.0 suffers from a remote SQL injection vulnerability in index.php.
10b9e7cf37d3f3dfd23cbba0f954aa18a6fb6c50f5c71b5f5c0068f1dfd8bfb4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed