JcomBand Toolbar version 2.5 on Internet Explorer Active-X buffer overflow proof of concept exploit that spawns calc.exe.
b017938670139dcb5c76147172c20264dd2bb621b6fbec6eda5fd463695ed5cdZero Day Initiative Advisory 10-01 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. This can result in code execution under the privileges of the application.
bb4abaf8ce4666da12982650ac8ca8bcaafb8c651e415bc1f93175c1e7c9b079TTPlayer version 5.6Beta3 denial of service proof of concept exploit that creates a malicious .m3u file.
99b4a4c566327a23a0c489764253ab93830b4192a5ffea0d1d2b7723d2340decRead Excel version 1.1 suffers from a shell upload vulnerability.
2fb84b80af4183c92206b4662cf76c61a7f516b9ddb59b1688cad19a2d5bd29eGridcc version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
6452e138562f1e242e7a1645ceb6cf7264b2f47bab345a3ea0efd240eb15dbfeCalendarix version 0.7 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.
2d7ba2c881798cc87a08e2a18b3afcc39aed5f713cbc791927b298eec398f922Match Agency Biz suffers from a cross site scripting vulnerability.
2b5287669af40c8a0b2b47b30bd562b354d299ec5dbaf776ef08d63fe25761bdCbse Class IV version 1.0 suffers from a cross site scripting vulnerability.
8b63ed7ccb41dae1406c49186e1f05674f0f7cff23ad662f254773d220598376CopyWrite CMS version 1.0 suffers from a cross site scripting vulnerability.
2fe7894cc9607751a2a16d85189fa1e494780e028b4d8932a7baaa1ad1984d7cDebian Linux Security Advisory 1967-1 - Dan Rosenberg discovered that Transmission, a lightwight client for the Bittorrent filesharing protocol performs insufficient sanitising of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.
7b2c445c07f6dde9e71018d1cd826d1c2ffa4139b41aeafb10f2b560ccfe5d24dotProject version 2.1.3 suffers from a cross site scripting vulnerability.
6a41f1c88b87339033dbbb43f92739c1f8be8e37050efa0cdbb345277320d5ebTPO Duyuru Scripti suffers from an insecure cookie handling vulnerability.
01cbf8e6c69079dfa0c9631d7728704c89210f77a1fc65b94ed87fb91149af1cSNadd Beta suffers from a cross site request forgery vulnerability.
0e66bd26cc76c13ee59d6039356b28e84fcd813c0bfabc6c687bd89fe47ef5a2VMware Security Advisory - Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.
750bfc5b2e28a67af487861fbcc96e099b1881a6cbe999078d4626cf32cfde37FreeBSD Security Advisory - When replaying setattr transaction, the replay code in ZFS Intent Log would set the attributes with certain insecure defaults, when the logged transaction did not touch these attributes. A system crash or power fail would leave some file with mode set to 07777. This could leak sensitive information or cause privilege escalation.
e3bb6ceafc54fde406ecc8555c1e76a7def3c492da5cea5206712b9ab53e7df8SearchFit PowerSearch suffers from a cross site scripting vulnerability.
d99867fd2b063b723886d4544de6f92647a55158b02456fa18bcac78ec3e431eMandriva Linux Security Advisory 2009-300 - The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
43576f963c9186851aae49bbe142541e3d61811fbb97479ddedb3ca187e4a8f7AutoIndex PHP Script suffers from a directory traversal vulnerability.
48520f4d33f5315d1ace63e60895df8f0cdffa72d86a941dfda78b224e9a8af4Kantaris version 0.5.6 suffers from a denial of service vulnerability.
16da9652fb51ee0d623be3207aaccd209f7c03eba0986df930bc6eed5c683778FreeBSD Security Advisory - If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. If an attacker can spoof such a packet from a source IP of an affected ntpd to the same or a different affected ntpd, the host(s) will endlessly send error responses to each other and log each event, consuming network bandwidth, CPU and possibly disk space.
6af8830787a9323a386cf6b466d54a33fd445e418971f060d214c8f60640767fMandriva Linux Security Advisory 2009-300 - The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. This update provides a solution to this vulnerability. The wrong package was uploaded for 2009.1. This update addresses that problem.
233bbf7db6114d34fc85d6e15dfa3e7a7c0e3e0ed906cc0fd0a3bfe739e2da6fThe Joomla Regional Booking component suffers from a remote blind SQL injection vulnerability.
0e4fd2b0aad7d00c24af29397060bdfc73a8a7b08cd6c163354caf27a18aecf5Debian Linux Security Advisory 1966-1 - Several vulnerabilities have been found in horde3, the horde web application framework.
52eb4d9abfdaa01e6725f2bb1929940e6ee18be87ee35c55cf0431a03cdf14ebQuick Player version 1.2 unicode buffer overflow exploit that binds a shell to port 4444 and creates a malicious .m3u file.
7120085cc61ac70aaf8d24d3adad38493fe40ea9658348cf64895d4cb0027c15FreeBSD Security Advisory - BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) provides data integrity, origin authentication and authenticated denial of existence to resolvers. If a client requests DNSSEC records with the Checking Disabled (CD) flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag.
0f22a4d47dc7c68a12af02c2413182c18bb718061322a55be70e8455c2d8acf6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed