Ocportal version 9.0.11 suffers from cross site scripting and local file inclusion vulnerabilities.
faede0cb81d60b5fb5a2c35f3e6404feed4e7be0d91a5386bde2e9081d318e46Red Hat Security Advisory 2014-0316-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash.
99f2e830a0ca86b1ef8e7e99ebe9ab5a9e0c7677928998254e8f18529e4d035cDebian Linux Security Advisory 2881-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service.
2af27afd313c8f96d46798f7a9e1133896ee197d30cd669d6f67ec0e83790bc4MP3Info version 0.8.5 SEH buffer overflow exploit.
19cc5bebeb794842f80566bba46f2cf2647ae496c2446bf26fea9ff7422221e1MeiuPic version 2.1.2 suffers from a local file inclusion vulnerability.
e8d9c595312499121eac6c52f762299566ae3b6bc2838a48eae0d4375dc224edChat2 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
f9bba0bfbcbb54ec3bb26fe3d9519eee24aaf05a80384de1ae7a878fe487af26Bigace version 2.7.5 suffers from cross site scripting, local file inclusion, and remote blind SQL injection vulnerabilities.
6563c4a382c4464440d2dde70009479e8fd3db7c9cecf167869d707212b06bd8GuppY version 4.6.26 suffers from cross site scripting and CRLF injection vulnerabilities.
0394a3aa71f089b16be69010836745f0a16a0c951974a25e3d45e1d35bf42bf7SePortal version 2.5 suffers from a remote SQL injection vulnerability in the sp_id variable of staticpages.php. This version has already had known SQL injection vulnerabilities noted in 2011.
8f4257a80f761be925bfdf6c5c86b1aa0a890871ff237d0be07eb7a35351f1e2litepublisher version 5.72 suffers from a cross site scripting vulnerability due to embedding a vulnerable version of swfupload.swf.
e1fecdf0b3a7d964162491358ce47cbfab6fd4578e9bf91ad55f835a67d690e1ChatNess version 2.5 suffers from a session fixation vulnerability.
90034333e4051eadbc50b8da91b74577db4a06a0ef48059204bac89f9c916e30Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.
1d3d72cce85f2a6161145afa314bf22dc05277449623eed73522cb834e16903aSecure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
4caa77fae4d047bf5dcc2b10c8ec1e389406d1a952675528f62ef30a410bedf7This Metasploit module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell.
bf8c7b893ced9c9f3bf296ad67951d4d007c88f1b2dea9ebce269ae5b6149708NTP_SPQUERY.C is a spoofed "monlist query" program which can generate packets like those used in reflected amplification NTP attacks that were common in early 2014. Written entirely in C, it requires no special libs or header files. It has been designed to run on most LINUXs.
b2921a12ef46feaba746bf166e1ad786a8a6d84e3174834a115c9770328ac219LACSEC 2014 Call For Presentations - The 9th Network Security Event for Latin America and the Caribbean will be held in Cancun, Mexico May 4th through the 9th, 2014.
c7f55e5e669c6136ad5f522091758377e2b9ae6f050f19b7f8a6f40a5119b6c7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed