EarthStation 5, aka ES5 or ESV, is a P2P application that has been poorly designed in that it will allow any remote attacker to delete any shared file on a victim's system.
89c1007872624a8d4919eb557b552ac4SCO Security Advisory CSSA-2003-SCO.27 - OpenServer 5.0.5 insecurely creates files in /tmp which can lead to a system compromise.
e5d3dca64960ab302c2208ec3a937b75MyClassifieds SQL Versions below 2.13 are vulnerable to a SQL injection attack. The problem is due to improper sanitization of user input for the email variable. A remote attacker could insert arbitrary SQL code in the email variable. The passwords of the users can be written into a file and made world readable.
7fb44275dc75a1edebbcf4ddc3da0017Mac OS X v10.3 Build 7B85 contains a vulnerability in the screen lock which allows malicious local users to use the computer for a short amount of time, until the authentication window is displayed. Exploit information included.
a4448def57fd48f6b7e034d1594360c9Thttpd v2.2.1 through 2.23b1 contain a remotely exploitable buffer overflow in defang() which can allow remote code execution. Fix available here.
57ba2199816ae7ee306b0679bb7dceaaInfronTech's J2EE Web Application Server, WebTide v7.04 and below has a directory traversal vulnerability.
89814865583f7b8520d11ece19ac57d9SiteKiosk v4.x and 5.x contain vulnerabilities which allow users to bypass URL restrictions and/or browse for free because the software fails to check if the supplied URL contains a wildcard DNS entry.
c1e1aeb9fed59419616fc25e4f39805cLibnids v1.17 and below contains memory corruption vulnerabilities in the TCP stream reassembly code. Applications such as dsniff which are linked with libnids can be remotely exploited by sending overly long, specially crafted TCP packets. Fix available here.
4aa6532d60104b6993cc7abc151325caWu-ftpd v2.6.2 contains a remote root vulnerability if SKEY support has been enabled. Patch included.
b86a6c7f01741d36eeb7dbe29acea703Mod_security v1.7RC1 to 1.7.1 (Apache 2 version) contains a remotely exploitable buffer overflow. Fix available <a href="http://www.modsecurity.org"here.</a>
ee5c85c70d312322a49756db642eb976Novell iChain prior to v2.2 SP2 beta contains multiple remote vulnerabilities which allow user session hijacking, denial of service, and possibly system compromise.
98141c2857fdeaea0a1c6b90730bf43fAOL Instant Messenger prior to v5.5.3415 contains a buffer overflow in the CCertsByUserName::Cleanup() function which can lead to remote code execution. Can be exploited via HTML web pages or email via long aim: URIs. Fix available here.
465e2069bb67063f495c2a1936bbf9dfRealOne Player v1, v2, Enterprise Desktop, and Desktop Manager, and RealOne for OS X all contain tempfile vulnerabilities allowing malicious local users to escalate their privileges by manipulating URLs or embedding scripts when RealOne launches the default browser. More information available here.
1f84c216dc3a76207168355d481b0692Geeklog v1.3.8 and below contains a SQL injection vulnerability allowing malicious users to change passwords on arbitrary users. Fix available here.
8e76e6d4f3e04de09298039690c36c4fcpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Fix available here.
446d9e6522f11df16c5db549428624feBytehoard prior to version 0.7 contains a remote directory traversal vulnerability which allows file access. Fix available here.
0938c625550a01a3019c93680deee0f4Fetchmail v6.24 and below contains a remote denial of service vulnerability which can be exploited by sending a specially crafted email. Fix available here.
47da9e9e4966bdd9be06ed80f78a66b1Under some circumstances, it seems that when some code is added into a Microsoft Word document and then spell checked, the application will crash.
50005b9fc659e11dabb1ee6e26b7d152A cross site scripting vulnerability in Microsoft Hotmail allows access to mailboxes via malicious Javascript in conjunction with cookie hijacking.
f00911cd77f5b8221ea39691ab396671Security Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.
b8d4a3696bc3358e92c12c6462e166e8Original research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.
d5760432312aa04c8d86df25171c2a71SCO Security Advisory - SCO OpenServer 5.0.5, 5.0.6, and 5.0.7 has had multiple vulnerabilities discovered in Xsco. One matches the command line parameter -co hole discovered in Xsun and another allows any local user with X access to gain read/write access to a shared memory segment.
19eb5afd533353aaca78afc76827a7d9CERT Advisory CA-2003-27 - A number of vulnerabilities in both Microsoft Windows and Microsoft Exchange have been discovered with multiple bugs giving privilege escalation and remote command execution.
be063887ae4c9a37d0f1176b909a14cbA cross site scripting vulnerability still exists in the newest Bajie HTTP server release even though the vendor had previously been notified of the problem.
854064cb84e24b64afb2341a5d644411NGSSoftware Insight Security Research Advisory - Several vectors exist that can be used by attackers to make use of a stack based buffer overflow in the PCHealth system of Microsoft Windows 2003 Server and Windows XP.
26fd00211f9f12279d2b11e5774adc59
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed