Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
6d393c315c5467e139f5d0406c2433248990c6ecc6bf52111a89f5d78d6333f9Real Estate Portal suffers from a shell upload vulnerability.
bc773363b1f3f1f39ab864e23861a3c9c74a5eee069655b206392472ca0f0b33Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.
9e5e13070e5b1bbb208fabf81b566739464738bffb9c5bb3ff0a0421519c348eThe MKPortal Horoscop module suffers from a cross site scripting vulnerability.
5cd99b2b28c90012d2621fce1bc0d12c673e3eed4cf702644ac3592edd5f809fMonth Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
08ee43cbc95c598ee383529242b6261189ff5b0ff455b68a97bde61b467737a1Software from HostFriendz.com suffers from a remote SQL injection vulnerability.
3b2094ccb61611208696bd23284f3bccbec8f621821c9bb28508a7739e661935Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
645c4430db4a9b9297b0921897e599d7efa4b474715e9e39c3c5c3413aff47a3Lizzard Active Media suffers from multiple remote SQL injection vulnerabilities.
60547b8115aaac6da072ca02e708470c806e2c9c0d8e4e1341e12f2cbc507893Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.
d18872107c1dda39b76981664dc3403c8e50ea470b81d3b0498d2a2b02444189Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.
7764fa816c681b9e1f35443ed5a5834ca32d0cf19952369802e37f00f1158457The Scientific Atlanta DPC2100 Cable Modem suffers from cross site request forgery and insufficient authentication vulnerabilities.
526edd304fca1c5a00df908a6e6c705539bd6f5e7a759e2196082becea2fc227Debian Linux Security Advisory 2052-1 - Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.
6f3d78e03ea57964721893e934702126fc045a2b77d0bd036864e7d173302c72Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.
c42ae5c025360afcc5198f641ee48d83cab08933bf20481af75643e96227a51dMonth Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.
d891d11b3e1bf5820eb5f73a06da57a12a760c688e8c28e1aca1ae8888a888a2Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.
88778104d5539c71d1331b422cb8c82ae5e1b58fcc633a019260fff969c2644aMonth Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.
9e0eb74b07d6b55063f896a9f5ca562cc45dd241ff70b6b37c470608c91cdd9eWhitepaper called SQL Injection Filtering. Written in Persian.
471f2f35cac4b774613c5c87f33f9439226204686687b4aa52a6690d0be6aa40BigAce versions 2.7.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
e1ed4583798dfdd2f64c7245007020d142877493b13f66362674c6b54442493dSecunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
d9970ef0d764c75ecf3bb66a82714be10cca66dd00299476056ec6b28769047aSecunia Security Advisory - Debian has issued an update for postgresql-8.3. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
75a1c7a74fafec8503da002aadc61b5aece04db0e858f95963bd0f93a1722e02Secunia Security Advisory - David K. has reported a vulnerability in the USR5463 802.11g Wireless Router, which can be exploited by malicious people to conduct cross-site request forgery attacks.
8ff4e731433fad273ea8e5816e3ff70250e0c00f4da282ecd9647b651cd96389Secunia Security Advisory - Debian has issued an update for kdegraphics. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
b3cb8ff2b199baccd660ac26f7b0523455e21df20350d0a6120272d3d8bac2f3Secunia Security Advisory - Rad L. Sneak has discovered a vulnerability in ManageEngine ADManager Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.
d9997452259c548af7a247b6b6a873d95825c1dda00d94b69f710070bc3be940Secunia Security Advisory - John Leitch has discovered a vulnerability in The Uniform Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
35fed674f28f1de504ba9ff3b40fe932769610a7763dc770040178bf2370e384Secunia Security Advisory - Maksymilian Arciemowicz has discovered a vulnerability in Sun Solaris, which can be exploited by malicious people to conduct cross-site request forgery attacks.
584c02125616e49deba87256342e6fb86974ee646ca2b03be714a7b1737a96ab
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed