Comersus BackOffice Plus contains many XSS vulnerabilities. Exploitation provided.
8532dfd39a7c83827ae82ebd4b5879756ce29fc64d579d3c6380ad47b885de18"Search.php" in Punbb versions 1.2.8 and earlier does not properly validate user-supplied input. A remote user can create specially crafted parameter values that will execute SQL commands on the underlying database. POC included.
ef14a68dd3dad542f61ee592dc81bdb6aebfcf8062ee30128e663c593850becfThe Computer Associates iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that could allow remote attackers to execute arbitrary code on Windows platforms, or cause iGateway component failure (denial of service) on UNIX and Linux. The vulnerability is due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled.
74bd732e56cce6be5894ef060731af97fd2aa0bfc7f55e97f70154c829339733Mozilla Thunderbird SMTP down-negotiation behavior allows a man- in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper.
45fbeadf936771da0e38eba38836f70be1b8a427bb908f4c6addba8fc4fef977Gallery versions prior to 2.0.1 are vulnerable to a directory transversal bug which allows any visitor to access any file on the server that is accessible by the webserver.
86f8258f02cc1291ee2f9685881b7c8451a0ccea1cebd712fb10916e53f62417TYPSoft FTP Server v1.11 and earlier does not properly support the RETR command allowing authenticated users to crash the daemon. POC code included.
36612b83e504f58ccaf2a816acc4c7c0d8164955ae0ab23d1114e380567f28b5The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
72d86b8c1c955788ababec544e7d6643269d85ed9f80ac0cd0d2edd1599e700dEthereal is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Ethereal features that are missing from closed-source sniffers. Screenshot available here.
1b1a18c8a47d6bf3a9e154eafdfdc649decf9ce78987d9cf3f9824cba009478cSecunia Security Advisory - Secunia Research has discovered some vulnerabilities in ZipGenius, which can be exploited by malicious people to compromise a user's system.
6b311f0ce4cf708527e467dca2c40460f213c233da3d21c23cacd0743525867bSecunia Security Advisory - sp3x has discovered a vulnerability in the NukeFixes addon for PHP-Nuke, which can be exploited by malicious people to disclose sensitive information.
e0540dacd61bb7ccb162b4679f9944490bb3b7d76708160bd21d353cffb038d0Secunia Security Advisory - alireza hassani has discovered a vulnerability in Chipmunk Forum, which can be exploited by malicious people to conduct cross-site scripting attacks.
a6314f3c3351e582140f043c024b90d63087cb93dedad9844bc08908f3aabc2aSecunia Security Advisory - Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
bbfc9790172884239eb1c0624d7ea247e9485464262a0484e83a846ef7a0b49eSecunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions.
472893a83ba26f97518b6a0ecd04d116be0f75fbbac2fc374f38778e8fffe2dcSecunia Security Advisory - A vulnerability has been reported in Cisco 11500 CSS (Content Services Switch), which can be exploited by malicious people to cause a DoS (Denial of Service).
37e8f094250cb593538195d15973a0cf57bbefbc4b274f9daf793534ced95b74Secunia Security Advisory - Tetsuo Handa has reported a vulnerability in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
fb5e362c09afafccbdf1b5877b172f0e148ba92d06fe2feb3964a22d24c52e3eSecunia Security Advisory - Debian has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, manipulate certain data, bypass certain security restrictions, and compromise a user's system.
088cc9a8d0086a1f55e16eef5b53e2eb3d21649182fecfbc17666a7b0679d296Secunia Security Advisory - Gentoo has issued an update for abiword. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
f7555529a7ee49b7c7c2e9c2c53fb2771e79d9f8141d0beeaa85b1c8699a1e27Secunia Security Advisory - Gentoo has issued an update for netpbm. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
9aa267bf979cc2c34db1528426366b3478b274a90cd137254db9fbff36697098Secunia Security Advisory - felinemenace has reported a vulnerability in BMV, which potentially can be exploited by malicious people to compromise a user's system.
22fcdd606e559b7b27c07685ed6245390982259e53e737f1777f95ebe6ef33c3Secunia Security Advisory - Debian has issued an update for module-assistant. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
b2620c99fdf4fa9dd5aec636d5ef2d29095eec083b5d4bda9d4434b9b954b71fSecunia Security Advisory - Some vulnerabilities have been reported in Symantec Norton AntiVirus for Macintosh and Symantec LiveUpdate for Macintosh, which can be exploited by malicious, local users to gain escalated privileges.
abe4f790cafd29832c1b4edc67b57a8a7f55b54ddff27131a9138858cdb57250Secunia Security Advisory - M.A.Young has reported a vulnerability in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
5be3e096618799eaf74f3f677f818df778998a51f47a2697031190954c685a75Secunia Security Advisory - HP has acknowledged a vulnerability in the JRE (Java Runtime Environment ) included with HP OpenView Operations and OpenView VantagePoint, which can be exploited by malicious people to compromise a user's system.
0aaa8e4bf03dc4636926d73998500b56d5139337792192af00d8e337086c5dfbSecunia Security Advisory - A vulnerability has been reported in OpenServer, which can be exploited by malicious, local users to gain escalated privileges.
2c315213afd390685e9b2fac130100d3bfc72186682d69f709a67bec33571598Secunia Security Advisory - A vulnerability has been reported in UnixWare, which can be exploited by malicious, local users to gain escalated privileges.
dcdea9d8708264a03b8bb3f178432541923b679eb3bf19a68b86467aeacad870
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed