The Joomla AllVideos plugin version 3.1 suffers from a remote file download vulnerability.
e9dda8ae08a11a40684f7bd3a4d0142b84326eb00479bf9a3b70cf83672a5b1cPixel Portal suffers from a remote SQL injection vulnerability.
58642a988f04600193625a4de6fabb0ced026eb401c6bb6cf399e05b4f3889e1Cisco Security Advisory - The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other.
89168264ce3123b644a7cdc45c7829cc364b9057312f73f74dba55d5259b1325The Joomla ACStartSeite component suffers from a remote SQL injection vulnerability.
14ded15eb3716be53a9029f4eddea21177b4286b9cee24588ae8e85e1c27efc0Mandriva Linux Security Advisory 2010-039 - Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
7a5d6b7bf889ee556ed937e2c8e9f9a9b35d1e918e402269a20973667ee185eebbNew suffers from a remote SQL injection vulnerability.
e7f64b66ba497cf136b8dddeea76ec058cac6387699d525f833471d1c7770f6bThe Joomla ACTeamMember component suffers from a remote SQL injection vulnerability.
d14e701fea615352dcec51bbdec1fc0280eda58ea81f02e1121055e39fd7b57bAuktionshaus version 4 suffers from a remote SQL injection vulnerability.
cbe64a89f21685a06e52c0194e489ce4f79884727f91f02be20a1b0009976c8eiTunes file handling local buffer overflow exploit that creates a malicious .pls file. Affects version 9.0 on Mac OS X.
0d3d25fbf64ab5c281bc87376978e384c6e0c60f12194baa9a83445c36bdde3fPHPIDS version 0.4 suffers from a remote file inclusion vulnerability.
3cfdaf4dfa2fe546e0fc0820ee2efde024e00a97e6fdd52989aceb7e48cfb22cThis Metasploit module exploits a format string vulnerability in the LPRng print server. This vulnerability was discovered by Chris Evans. There was a publicly circulating worm targeting this vulnerability, which prompted RedHat to pull their 7.0 release. They consequently re-released it as "7.0-respin".
9e9d9c676ffe3ef941db4fdffa7e60d38ecbbd2e8ce49d12e73a620e668ef3d6The BruCON 2010 Call For Papers has been officially announced. It will be held in Brussels, Belgium from September 24th through the 25th, 2010.
b406709ea89a938160e7a2a4bc3d9a242cc62e6f07d44408ebab6f12b0658705This Metasploit module exploits a command execution vulnerable in the hpssd.py daemon of the Hewlett-Packard Linux Imaging and Printing Project. According to MITRE, versions 1.x and 2.x before 2.7.10 are vulnerable. This Metasploit module was written and tested using the Fedora 6 Linux distribution. On the test system, the daemon listens on localhost only and runs with root privileges. Although the configuration shows the daemon is to listen on port 2207, it actually listens on a dynamic port. NOTE: If the target system does not have a 'sendmail' command installed, this vulnerability cannot be exploited.
a61d6fe01d001ab26212bd0bdbeb0ec7daf382cc4f4123b5cebd7477375463f6Auktionshaus Gelb version 3 suffers from a remote SQL injection vulnerability in news.php.
2e129ed2c68f568791b31e54017eead2a6f7c246d4a92732ffca6ca40515c8e8This Metasploit module exploits a command execution vulnerability within the DX Studio Player from Worldweaver. The player is a browser plugin for IE (ActiveX) and Firefox (dll). When an unsuspecting user visits a web page referring to a specially crafted .dxstudio document, an attacker can execute arbitrary commands. Testing was conducted using plugin version 3.0.29.0 for Firefox 2.0.0.20 and IE 6 on Windows XP SP3. In IE, the user will be prompted if they wish to allow the plug-in to access local files. This prompt appears to occur only once per server host. NOTE: This exploit uses additionally dangerous script features to write to local files!
df30ef328f778fb87ec1bedbb5fb44c049613998b97f376e12ee685cf60c921bThis Metasploit module tests the command stager mixin against a shell.jsp application installed on an Apache Tomcat server.
d8dd64919cdfb10de8c7a3cdcde49d5fbf78ea5803b2d4d65ba04543e2ee4058Erotik Auktionshaus suffers from a remote SQL injection vulnerability in news.php.
f68d45c98fe71acc90c07038eefffc60b75ca66a163850f72f9cd4488160b89cThis Metasploit module exploits a command execution vulnerability in Samba versions 3.0.0 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
b289ab34ef82c72ff59a32cde7bdb820e7678c2f9076832f19327938ba6cf263uGround versions 1.0b and below suffer from a remote SQL injection vulnerability.
4a51102f3270ddc18fe820211d591ab42e7af100f0ac7732932527b2098ceff6Nabernet suffers from a remote SQL injection vulnerability.
24828a23fa2a5c122b79708ff4490d82299668c4c7d7c07fc2e58ef4f8951db0Intuitive suffers from a remote SQL injection vulnerability.
98f041ac15ba453326d7e80934b1c92f3dc78eaf8df1cb562eddc2233bae24deTrusteer Rapport fails to protect any of its install settings allowing for easy disabling.
463ec3157a005c292c1ceb0426d09944563fc288b35a1f5a344364778dd1e036Huawei HG510 suffers from a cross site request forgery vulnerability.
094191035994503cb215fdf0f08e2ae41191c0754c469bc6949c483bf3fe8469Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple security issues and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct script insertion attacks.
570d782efca6239e7f7a08c225c3b2c452d8d539aa99547066c74af573255e91Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple vulnerabilities and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct spoofing attacks.
1883391a7c9442c6fc3f705a699b7396036db5549aa85b3a48eb2bffec30c8f9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed