Mandriva Linux Security Advisory 2012-016 - A File Inclusion vulnerability was discovered and corrected in GLPI. This advisory provides the latest version of GLPI that is not vulnerable to this issue.
028bfba520e86d5fe32de42689d38c85OnxShop CMS version 1.5.0 suffers from multiple cross site scripting vulnerabilities.
85b48e51f020da6e12d2b8bc0f76f33cThis is an advance notification of 9 security bulletins that Microsoft is intending to release on February 14, 2012.
040f22a4eccddefd628ef64a917dcd16CubeCart versions 3.0.20 and below suffer from an open URL redirection vulnerability.
49425ccd1b828052f22cb200407b0f88The D-Link DAP 1150 suffers from cross site request forgery, cross site scripting and denial of service vulnerabilities.
5a44a6cd821fde309539e014d9f5ac7cZen-Cart version 1.3.9h suffers from a cross site request forgery vulnerability.
42e4327b1d0eeeda27d64892104d1ed6The Astaro Security Gateway suffers from a whitelist bypass vulnerability due to a poorly formed regex.
2693c18dfb30ca0dc9a57b5c07230f3dDolibarr CMS version 3.2.0 Alpha suffers from a remote SQL injection vulnerability.
39d891abc75d3ba32099c392a7620d95Dolibarr CMS version 3.2.0 Alpha suffers from multiple local file inclusion vulnerabilities.
207b459cec0937ee2f3aee2ef66e6d35Pfile version 1.02 suffers from cross site scripting and remote SQL injection vulnerabilities.
bde28341b3dadbe7b92adeea9471f0b2Nova CMS suffers from multiple remote file inclusion vulnerabilities.
7673269678b7edecc49fee9a237e9f22This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.
be5b28f94bffa3f147ce5adbcd0b95e6Kloxo LxCenter Server CP version 6.1.10 suffers from multiple cross site scripting vulnerabilities.
4484ecf10b77d51cfdcb490bf758cb17STHS v2 Web Portal version 2.2 suffers from a remote SQL injection vulnerability.
b6ca60101093d0cf77ea39097a7c1e28MachForm version 2.4 suffers from multiple remote file inclusion vulnerabilities.
b7a49f1630617a94570e00015b7b8553BASE version 1.4.5 suffers from multiple remote file inclusion vulnerabilities and a shell creation vulnerability.
7d80722404bccd99e5ce683c4622eeebGocart version 1.0.2 suffers from multiple remote file inclusion vulnerabilities.
e28f24434f6cdde0816a0739dd3023a6The Indianapolis Superbowl 2012 website suffered from multiple remote SQL injection vulnerabilities.
032fb43b781fe3cce94956e3cc43a8a5GLPI versions 0.80.61 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
5d7b5ba621c47f937f6a39efa475c467BeWelcome suffers from a cross site scripting vulnerability.
35c8bce7f617046de2f83324928d12c7DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
3843e851177812d4d3ff4b96ba6b5e4aThis Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
ebd008dd8851adbc04a4fd4966eddd59This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
fa4f5d5aff50cce0a0d0d58669a8f81aNetwork Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
8670d3d6208c59107b4fa94ed0c50eecSMW+ version 1.5.6 suffers from a cross site scripting vulnerability.
4e4fa3fe15a3a838537167d21729d08e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed