Packet Storm new advisories for all of 2004.
e5b5fbcdd00c3bec0a70b4ae7fd8ea33Jacks FormMail.php script can be manipulated into sending arbitrary files from the server. Version 5.0 is affected.
22270187b18f9066be356c1b18f11108A flaw exists in the high scores module of IbProArcade which allows for malicious SQL injection.
61df6b5f7531a438ed03d6ac7e19a18fVersions prior to 1.4.2.1 of the ArGoSoft FTP server will disclose whether or not a supplied username is valid or not. A login name supplied with the USER command will not be accepted unless it is valid.
de8f3d772594d1e69c4b985eedc6f2b2Gentoo Linux Security Advisory GLSA 200412-27 - cYon discovered that the authform.inc.php script allows a remote user to define the global variable path_pre.
5c78c8821c527d78708884dba7ffab40Gentoo Linux Security Advisory GLSA 200412-24 - New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues.
1d3121a5369875b3b2f17b0844cdf0cb7a69ezine Advisories #17 - Internet Explorer version 6.0.3790.0 suffers from an FTP download path disclosure flaw.
c90e32830006de416786d6541fff9884Secunia Security Advisory - The vendor has acknowledged a vulnerability in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks.
06ad05dd7b12d5c2f9d555081a20d6b0Secunia Security Advisory - sullo has reported multiple vulnerabilities in Eventum, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and potentially bypass certain security restrictions.
dcd60e2bb73e26378e1ab958b111aadcSecunia Security Advisory - Symantec has acknowledged three vulnerabilities in the Nexland Firewall Appliances, which can be exploited by malicious people to cause a DoS (Denial of Service), identify active services, and manipulate the firewall configuration.
110f14a17c20e3cf0838dad233a1ff87Secunia Security Advisory - A vulnerability in aStats can be exploited by malicious, local users to perform certain actions on a vulnerable system to gain escalated privileges.
5e99e06d49c8e5d32d24af52f548f05aQNX crttrap has a -c flag to specify where trap file will be written. Combined with the trap flag it is possible to read or write any file in the disk. QNX RTOS 2.4, 4.25, 6.1.0, 6.2.0 are all affected.
5765faa4ad094a2c0a69ced0e9539975Secunia Security Advisory - cYon has reported a vulnerability in PHProjekt, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the path_pre parameter in authform.inc.php is not properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
bbc0574d1e1eae53944a5d3f31e787fcSecunia Security Advisory - Some vulnerabilities have been reported in Atari800, which can be exploited by malicious, local users to gain escalated privileges. The vulnerabilities are caused due to unspecified boundary errors and can be exploited to cause buffer overflows. Successful exploitation may allow execution of arbitrary code with escalated privileges, if the SVGAlib version is used in a setuid binary.
6c0022d8a0fd1daec785445e1fea355fThere is a weird denial of service issue with Internet Explorer and Mozilla Firefox when they attempt to render html files with long titles.
3357dc5d3a06a4e2bac7976e80e693c9Secunia Security Advisory - First Last has reported a weakness in CleanCache, which can be exploited by malicious people to disclose securely deleted data on a disk.
c4d38c96b00eabde9c68c7519a045417Secunia Security Advisory - Martin Schwidefsky has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the SACF (Set Address Space Control Fast) control instruction being handled insecurely on the S/390 platform.
7d9c2635d6e0aee58d0144bdfa9ba8afSecunia Security Advisory - A vulnerability has been reported in Crystal Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks.
0555ed56d6680e76b8a4edfa50f1e309Santy.b phpBB worm that affects versions 2.0.10 and below and installs a bot. Uses AOL/Yahoo search.
f4c02459ecd6bf099c06b116417f8a3eSecunia Security Advisory - snilabs has reported a security issue in PHP-Blogger, which can be exploited by malicious people to disclose sensitive information. The problem is that database files (.db) by default are stored inside the web root and are not correctly protected against being accessed directly on some server configurations. This can e.g. be exploited to disclose the admin password.
7af97deecc344ef6c750029906b994dfSecunia Security Advisory - Nicolae Mihalache has reported a security issue in avelsieve, which potentially can be exploited by malicious users to cause a DoS (Denial of Service).
80fc9a8d4680fdd69e2dcabc51896311Internet Explorer will accept %0a and %0d in URLs. In FTP URLs, it will accept them in the username part of the URL. Due to the similarity between the FTP and SMTP protocols, this can be used to send mail.
ee66b2e6d49b546793170520a819053ePlesk, a popular server administration tool used by many web hosting companies, is susceptible to cross site scripting flaws.
2a40d7304bd1fd94d5a07e880ad27fa5HP Security Bulletin - A potential security vulnerability has been identified with System Administration Manager (SAM) running on HP-UX that may allow local unauthorized privileges. Affected Versions: HP-UX B.11.00, B.11.11, B.11.22, and B.11.23.
c14db62e19bc70eeec74f51a043a334cSecunia Security Advisory - Two vulnerabilities have been reported in Rpm Finder, which can be exploited by malicious people to compromise a user's system and by malicious, local users to perform certain actions with escalated privileges.
1697b6efedeca34e4236ed6e1b44decb
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed