Studio Lounge Address Book version 2.5 suffers from an authentication bypass vulnerability.
e218b9ca427d5dded1002e8d59eb0bc3e3a59cfc82c99dd8a475d17d5a86c0cfI-Rater Platinum version 4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c44108e38f90d6f398efd3e369f67ab6a105fa478895004e99a30228c7b91374Trend Micro OfficeScan Client for Windows 8.0 SP1 suffers from a denial of service vulnerability. Proof of concept is in the zip file.
102f9c7f326d84e4b68901f071b8f3e0572d7ea01db81a6f006c8f951eece852Multiple bits of search functionality in rediff.com suffer from cross site scripting vulnerabilities.
59d63836bd264f54d9d95ed8c77b0c5c2d42aa6cbf21b6126306234ea151c41cNotFTP version 1.3.1 suffers from a local file inclusion vulnerability.
cbe38e9f96be701d49add9869bf72460018622b3f19277ef09b7bd2efa287464Debian Security Advisory 1777-1 - Peter Palfrader discovered that in the Git revision control system, on some architectures files under /usr/share/git-core/templates/ were owned by a non-root user. This allows a user with that uid on the local system to write to these files and possibly escalate their privileges.
500d8f3151384f814ba1d78f67eb1c977fbe6867618aac9141e9b60ffa3ad885Debian Security Advisory 1776-1 - It was discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster job management and scheduling system, did not drop the supplemental groups. These groups may be system groups with elevated privileges, which may allow a valid SLURM user to gain elevated privileges.
bcc99d56f7e6067a0879ea95d658212a4a23ce4cfe56779f3d6ea88e34c233e1Dokeos LMS versions 1.8.5 and below remote php code injection exploit that kicks back a reverse shell and leverages whoisonline.php.
f0b09e2882fc239f1226e9456fc3ce190720e3cab172daab59ab0400fac16e39OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
b60f1c90773c234e67ab70e601d7516f72a37f65f67382f2cff9ab025574539eOracle RDBMS versions 10.2.0.3 and 11.1.0.6 TNS listener proof of concept exploit.
a8aafbc4532ef9d0035dccd0935b39a7da392f76ebb9973af9ff6c1e70f61347Ubuntu Security Notice USN-762-1 - Alexandre Martani discovered that the APT daily cron script did not check the return code of the date command. If a machine is configured for automatic updates and is in a time zone where DST occurs at midnight, under certain circumstances automatic updates might not be applied and could become permanently disabled. Michael Casadevall discovered that APT did not properly verify repositories signed with a revoked or expired key. If a repository were signed with only an expired or revoked key and the signature was otherwise valid, APT would consider the repository valid.
975eacfd0addf18325b1120ebc834dbbeaecfaecf5d79a606c1bcac81f2293bbUbuntu Security Notice USN-763-1 - It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. USN-746-1 provided updated xine-lib packages to fix multiple security vulnerabilities. The security patch to fix CVE-2009-0698 was incomplete. This update corrects the problem. Original advisory details: It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking the program.
a0da351fb7306efd42d22d15a232304aa752909301c6a6254a912fd68382ed7dUbuntu Security Notice USN-761-1 - It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that PHP did not properly handle the mbstring.func_overload setting within .htaccess files when using virtual hosts. A virtual host administrator could use this flaw to cause settings to be applied to other virtual hosts on the same server. It was discovered that PHP did not properly handle certain malformed strings when being parsed by the json_decode function. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 and 8.10.
a395489f8192730cf1245537c3a3b1a0804639245e2d8915b403959163756996VS PANEL version 7.3.6 suffers from a remote SQL injection vulnerability.
f513f0880b0188ccb57a97d524ad86ae90c9dc62e2501ebf14f5b8fb2b071322Quick.CMS Lite version 0.5 suffers from a remote SQL injection vulnerability.
ca0d356e9b484c7fff5746b776c03fb7b3e01a8a69694c6ce21fcb47cf3b035bCRE Loaded version 6.2 suffers from a remote SQL injection vulnerability.
c14df01c0f2a18a8ac34df762760dc4898f9e4cbd000fad77e702d88b966e47bZervit webserver version 0.3 remote denial of service exploit.
8a96d44c8700c28f033ed3d3894d53e2c7c1135fbfe5116c579d56a9530ce035TotalCalendar version 2.4 suffers from a local file inclusion vulnerability.
99a5437ddc1b622b9b0750cd85c1176db45fafcfe13b35f5ed933928abe6dea2PastelCMS version 0.8.0 suffers from remote SQL injection and local file inclusion vulnerabilities.
7e15ce7dee26edca6208804e924ab4d9b1b0dec4580fbf12cfc96877caab9ac7eLitius version 1.0 arbitrary database backup exploit.
96efe579ecd7e7135f0219b9a12e50a7ca8cc86159a217e0239544dcbc49c81eSecunia Security Advisory - A vulnerability has been discovered in Seditio CMS Events Plugin, which can be exploited by malicious people to conduct SQL injection attacks.
7a81d47fb08e0d1c0cfea4efa4e189528ba00ece8b018619b6280de7ffd7cd9dSecunia Security Advisory - Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
9d508e28b77a34c6f266d63c1374bd733dfc856e17cd1e993f3ea48d0ab25be6Secunia Security Advisory - Debian has issued an update for php-json-ext. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
006550bd93fd23b70ac7dda68eb47f72c8c260480ebf5594162a4b4fb9e1cb8dSecunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
57638088d8543fc9c4cf16533b981a114320c6ff8c97e3a600f428e6ebf9da9aSecunia Security Advisory - Ubuntu has issued an update for php5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
eb0f0b210014250b04a2c1b20d11010850275e1385de25f828798451c690399d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed