phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.
a8c40f3aee84c74d540c2097d20b0799688cc7300895c4ba59bc51a7b094009fDebian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.
e634802cfae069d5d50208bd0bc4815d5ddbbfd3098ea941bd70b031e1a7a505This is a brief whitepaper called False SQL Injection and Advanced Blind SQL Injection.
c69a3b2da9530405c3ed93af845dd91cd134b73575ef841656393f8c04acc185Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5dRed Hat Security Advisory 2011-1850-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.
22b74347f86b8270406e2b6e7d57aac603828a1c39676ba682aa4f68f794b50dDrupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.
8a89f2d6aafb86f8a2a868799cba22ec0847d46793c38a7e65f20270b976c80eWhois Cart Billing suffers from cross site scripting and credential disclosure vulnerabilities.
14544ef73256873b243f248ee7ddffc710806649b369ac24542d5fedfed61670Debian Linux Security Advisory 2370-1 - It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.
e000da874c7e25eebb25bcd0318bb4cd093a50d621919fe8f74cae1ca32435f3Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.
7380de76d3f7ae9d28ad3d7ebd18e2d1d0c2c421ee05e83463651e5d8cf20229Red Hat Security Advisory 2011-1849-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.
59c592d94b44d37b278d4bf844f5506f5e4dd75ac7fedd8ac9b88a73109d048fZero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.
0fb0a3d7bd2a7b49dd9316a286d97947a5671246c119e459edc6c1cab2b9909aGoogle Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.
12b7469e4b9b834912c6f00c0fee5914c6b1ade79491520bd138743b393b095epfSense version 2.0 suffers from an insecure x509 certificate creation vulnerability.
3b7b79a0f1b97c9c7fca044603df65f48dd8eadf29bf8a745b42255bc9c6afe4Iran Sports Network suffers from a remote SQL injection vulnerability.
313de7f72a01e2adc00846d8d25134e08fcad8a8004e4e385dd96b4a476b5ffbZero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).
85ff49462a0a23bcdb93a84c14d5cea4bf254fce9874f80d0a8ca842bb90e051Secunia Security Advisory - A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct script insertion attacks.
d10f9a2348cc53f33afdaaba4e4ba2497f0312ad17311078840093fbf29e159bSecunia Security Advisory - A security issue and multiple vulnerabilities have been reported in pfSense, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1066245f999660154e89add7d2fe3fd41206b802a3d2f3ece8898b3b6538384dSecunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in epesi BIM, which can be exploited by malicious people to conduct cross-site scripting attacks.
6a9695e0c57eeeed2f761355b150af1952e218f9eb3332d3dd7eb3b9cf323b04Secunia Security Advisory - A vulnerability has been reported in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to cause a DoS (Denial of Service).
2b61db7a3695c6fbf25e189b37fc17ac81ee4f094ceadb1e6d814866c956b5b0Secunia Security Advisory - Ubuntu has issued an update for jasper. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
8f7d56c05de8b0c5a19091c8cf905b960d120a155bb839b124cc22c41535da99Secunia Security Advisory - Debian has issued an update for libsoup2.4. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
1c6f45a6782524e148794230a08a0dfb59eee2cd58ca015516e859d1910e071eSecunia Security Advisory - A vulnerability has been reported in IDAPython, which can be exploited by malicious people to compromise a user's system.
9837af998568d24d564c2d87fa10c0bf3fb4c50d437d506c9100b40fe27d5bdeSecunia Security Advisory - A vulnerability has been reported in KingView, which can be exploited by malicious people to compromise a vulnerable system.
3c3efb3462f6c5aa8ec982afedccfc641fce74bf1909ce41de24b328c286016cSecunia Security Advisory - A weakness has been reported in SafeNet Sentinel HASP Run-time Environment, which can be exploited by malicious users to conduct script insertion attacks.
a71253d54fdfdfd708d15e8f5d4d88cb551f34cc184b4542267f2bcad1e7ab45
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed