The Joomla Gadget Factory component version 1.0.0 suffers from a local file inclusion vulnerability.
5008f2e222ce327f1539ba401406c8ac681c068e0111380606c26bb4e647871eThe Joomla ZiMB Manager component version 0.1 suffers from a local file inclusion vulnerability.
4fdcaa27e26bf8ec235422e43511ee32dcb9a13fac6822421e8d3f46cf4edb14The Joomla ZiMB Comment component version 0.8.1 suffers from a local file inclusion vulnerability.
eedf90ecb027ab600e919e8cd55c265f9d4bb4e9fdaf86a2b2e4a659dd1b13baCMS SiteLogic suffers from cross site scripting and shell upload vulnerabilities.
62e9aca8f964175fefe02ba27af0b2aedac0409a782508d7777f922344d8486cMandriva Linux Security Advisory 2010-078 - The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
d73db4cce13f07558bb167bb1c09f7caf34a09bdb07a74b3921f8547fa6960e614 bytes small execve("a->/bin/sh") shellcode.
cbd9bf3d2679e4546ba2a9147e21c22a13493264f11c43178cc537383e00094aMandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.
1b59ceccf86720022917393ba8d2460f6083ecf14b3020ddf7d6270d3d69d8efAgentX++ stack buffer overflow proof of concept exploit.
9e66d7c97044c835c099e68a991b581c76c73dadb00968bebac32159afe1bb6bDebian Linux Security Advisory 2035-1 - Two issues have been found in the Apache HTTPD web server. mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. A flaw in the core subrequest process code was found, which could lead to a daemon crash (segfault) or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers.
2e6b0f7ad880c0f3365b95e2a5bac6059fd50fbc187c84c58913bb3270c47a31Aligro version 1.2.1 suffers from a remote SQL injection vulnerability.
b4c89d984b0493a422685e922510f34fe6c9393a953b242972799e1ad5b8a9b9eclime version 1.1 suffers from bypass and database download vulnerabilities.
6709837cd53684dd49310a2fb490e20802ab6644499d364e51991cb3ddb8d1ffMicrosoft Windows 7/2008R2 SMB Client Trans2 stack overflow exploit that leverages the vulnerability discussed in MS10-020.
c3792c66700a76e600e4a641a3d11ba1c09fab08f19b94f78816408c90755b20Mandriva Linux Security Advisory 2010-077 - The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module. The updated packages have been patched to correct this issue.
ccece97cdc94a42632eb60fec233e0eaedd86806ceda46b8535014ee4a06839aMojma Scripts suffers from a remote SQL injection vulnerability.
de18a73fa64bc14f7e25af2e5220c39148a612ec14db02fd891ddbfe955cb7eeOpenscrutin version 1.03 suffers from local file inclusion and remote file inclusion vulnerabilities.
1f1fb2bcce1b5ea4790e1b7f44e976ed97560c994f5f2ad6b80c7a26151b8681Debian Linux Security Advisory 2034-1 - Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
c11128f13b24f32ffcfa461f8a03e8e60f8c0e84d7f0db53e30c1c42f1ab272eSnipe Gallery version 3.1.5 suffers from multiple remote file inclusion vulnerabilities.
695faed6356b7d1975ec45920035be4cfe54abf475fd0b2f1c8b28d2fa8bb9cfWinMount version 3.3.0401 suffers from a file handling overflow vulnerability.
da50e6c93f241f0f02e2fdc61ce2836c8deb69e453f03e04e6c2f56d850081a8Secunia Security Advisory - A vulnerability has been discovered in eclime, which can be exploited by malicious people to bypass certain security restrictions.
edb82f338e781621ae03906aedec35a52e83c681df730eee63045157f4340e15Secunia Security Advisory - Valentin H
7d36aa577796748cbde5fec63961542d79590e287e1b6cb913f808c73bd4cf0eSecunia Security Advisory - Luigi Auriemma has reported two vulnerabilities in HTTP File Server, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
a71c55dd8487491d440962e4a9dfbc933d10f4d48f251ae6d1dbe0c6b40ae48cSecunia Security Advisory - A vulnerability has been discovered in the Archery Scores component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
08c520742784f67bc44e3293a739a3b24066671331d9896a09dbf180f994283bSecunia Security Advisory - A vulnerability has been discovered in the iNetLanka Drawroot component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
ee39c1eef90b6937e7059baac6f0f82665c3c3bf763746e9afec56259b7422c0Secunia Security Advisory - A security issue has been reported in MySQL, which can be exploited by malicious users to manipulate certain data.
e2f40d2b2aff9d7a96c9b5642b820e28e2a3e273fcdf89a899799b37ed24c522Secunia Security Advisory - A vulnerability has been discovered in Zyke CMS, which can be exploited by malicious people to conduct SQL injection attacks.
58560dfb89d7b3d35f21d4dff071bdcff2e197b30d14b5bade101b6a8e6e2e2f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed