Pixie CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
014b6b5d9e7d55a61601dfa592eff2121ab89e7597270c082c0ba7309e7e7ba3LittleCMS versions prior to 1.18beta2 suffers from various integer and buffer overflows as well as memory leak errors.
e08b60bf2eb57ab4cae3a2831d2547cb74b70029d9d52d83b1c5a3cd3d0f3ac8Gentoo Linux Security Advisory GLSA 200903-33 - Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. Versions less than 0.4.9_p20090201 are affected.
2e7fe0c9e6d617ee63532c22950f83623c514d7da4bb23685213a080f9af5e9fUbuntu Security Notice USN-741-1 - Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website.
71df0c63229902bf45a99f841665304d7746f712c8283e344ef1a621a412203fMandriva Linux Security Advisory 2009-060-1 - A security vulnerability has been identified and fixed in nfs-utils, which caused TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. The updated packages have been patched to prevent this. The Corporate Server 4 packages had the wrong release number (lower than before) which prevented the update packages from being installed automatically. This problem has now been solved with new packages with the correct release number.
fb8a0645d60f88224f69188bd2314dc54eb2e4a2b2fb67caeff72743794909ceHannon Hill's Cascade Server product is vulnerable to a command execution vulnerability. An attacker with access to an unprivileged account within Cascade Server could exploit this vulnerability to run arbitrary commands on the system with the privileges of the user who started Cascade Server. Exploit included.
f7ced456827e556f7666c29ee5a31702075e67c0ad2062551073b9d05905ce9fIt appears that Smartfilter for the Sidewinder G2 web proxy stores a world readable clear text password on the system.
23911ab359ad001748750028cc5ad14c36650f378092c7ee3b5a0dd207cc0cb4Ubuntu Security Notice USN-742-1 - It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. It was discovered that JasPer created temporary files in an insecure way. Local users could exploit a race condition and cause a denial of service in libjasper applications. It was discovered that JasPer did not correctly handle certain formatting operations. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
ceccfd6fef2b3c020e4997d4f5e70f5339b859709880e7609d97a4b9af7869b4ModSecurity versions prior to 2.5.9 are vulnerable to a remote denial of service vulnerability.
8773bf44208c8558e5fc2d15ae1be757d30697c1928ff4fefbf8e5dcf130a0f1Bloginator version 1a SQL command injection via cookie bypass exploit.
b8172605df4b145cf245c69432ea57caeca02389a3ee55d556b10e5072a6bf6dBloginator version 1a suffers from cookie bypass and remote SQL injection vulnerabilities.
50ac04563af974eeb6d2bfb31a70f72e9331ebf13c78dbb148fe7c76fb80ecd4SW-HTTPD server version 0.x remote denial of service exploit.
6d206225ff5add8206c22ae2a426a16c591e3ff1aeff00e404894858c80e4475Chasys Media Player local buffer overflow exploit that creates a malicious .lst file.
4e8702efbcae9346ad68f9d61412c5d07863fd42a85b371a534a4045e6ff1a91Chasys Media Player version 1.1 stack overflow exploit that creates a malicious .cue file that adds a user.
bf96b8cd02ed49d8484802fff7a8892d0e424145613aa091804cca7a9a89f291
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed