Piwigo version 2.4.6 suffers from a remote arbitrary file read and deletion vulnerability user a directory traversal attack in install.php.
e353029bcf9710e372f8537b68b34e571dbae6cc2766ccd07ecd7d446174397eDebian Linux Security Advisory 2628-1 - Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for using LDAP as a naming service, can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary code.
7293e7af93c908b7309b1bbfd85a38e48c7bef2fec3f3dd808afeaa49befbae5USB Sharp version 1.3.4 suffers from local file inclusion and persistent cross site scripting vulnerabilities.
89b7ce758aba43e395f64df51494ad4141808360eba53cc694e6b93983671f8bPHP-Fusion CMS versions 7.02.01 through 7.02.05 suffer from a remote SQL injection vulnerability.
8af2eceb6310de34f105ac3f1d63fa473bc238e02647218b091b5fa4cd42959eNetgear DGN2200B suffers from remote command injection and cross site scripting vulnerabilities.
634264ce1a769f340ba92a3a358816a469ffa2e4015e8b04265695279dba696dWordPress Marekkis Watermark plugin suffers from a cross site scripting vulnerability.
c75b185c44998966c30a1f45dca46feb80b585a7fe45499c54e2c0f8bb7f8d36The %MAKETEXT{}% TWiki variable allows arbitrary shell command execution using tilde (~) characters. Only TWiki server with localization enabled are affected. Versions 5.1.0 through 5.1.3 suffer from this issue.
69ce1acdadc0b5a8985e3a80c2665154f577c3e6ce713f2e81c2207d4226efd5WordPress Responsive Logo Slideshow plugin suffers from a cross site scripting vulnerability.
1f8f832fe1392361e565eb2471f54ce920ce3a87626e68a557a19aa7475092c9MIMEsweeper for SMTP version 5.5 Personal Message Manager suffers from multiple cross site scripting vulnerabilities.
fd1e6d11db4e89634a1ec3e9c0b0e4b065a07b9bd8c9abc0e756f565ffef3052Air Transfer version 1.2.0 suffers from a local file inclusion vulnerability.
bd1b399f3fa1d8d95c53b2bbacb004e5332531f34c4eb77587f5eaaf2e9aa7b0Debian Linux Security Advisory 2627-1 - Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed 'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression.
502133805d72b568303783b87618bb62ad26a15d031b16dd58b9ca6d1e7cb802Debian Linux Security Advisory 2626-1 - Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd.
5e292e8e54175e8e00b461c7e8f7fe9612ce8efb84127e0f77aa67d27dba9078Ubuntu Security Notice 1727-1 - It was discovered that the Boost.Locale library incorrectly validated some invalid UTF-8 sequences. An attacker could possibly use this issue to bypass input validation in certain applications.
bcbf29b7785fd8ad48ae530299e64346f07140de1e4063acbd368c95dc890122Open Review Script suffers from a cross site scripting vulnerability.
41b6db4dd74c942b2e3863212ddd2842fd1b767666e34cefec257180661e40d2Scripts Genie Pet Rate Pro version 4.9.9 suffers from remote SQL injection and code injection vulnerabilities.
e55d6373fb5294f8a0c6fc9a3e933425b551b3bb554e7d3fea8131af660bef2dZeroClipboard version 1.0.7 suffers from a cross site scripting vulnerability.
af0fb722151319ca3401d5bdc35794d73db7ab87076d7f0e2c5f17677005d202PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.
aeac60e45a4d1bf191add36613a0e11f96afec1bb56b4a1a61e5c776e75f1ee9This Metasploit module creates a scheduled task that will run using service-for-user (S4U). This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job' permissions (SeBatchLogonRight).
cbb54215cefd21bbad843bf7ad1489f0dbdc50063f7fe9bb3f39430b2a7f556d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed