A poorly implemented feature of PunBB's template system can lead to execution of arbitrary PHP code. Versions 1.2.5 and below are affected.
bf008f3b79e34eaaecc1f82ba01fb769de6f07b844f0b7f4dd8378b54d52f33eJaws versions 0.5.2 and below are susceptible to the XML_RPC vulnerability.
dbbd5a4c9d50ba77f7b84fb0b0c6f6de1046a55a0a7e85335f74e2e902f7b30cGeeklog versions 1.3.11 and below suffer from a SQL injection vulnerability.
a7ca782761e0a409376d36cda0394ae4d439ee0ee330b8036371ab950806d143Cacti versions 0.8.6e and below suffer from a bypass vulnerability.
37222644fbba63cb60c1d66e20630458bb9114e3b3461b0895e9c3de90a9d540Cacti versions 0.8.6e and below suffer from a remote command execution vulnerability.
b0c145d8ac8ca565a651191f53e65514cc46cb9bc24d1a177b8add989ab8cac3Cacti versions 0.8.6e and below suffer from multiple SQL injection vulnerabilities.
e80c8ae4856a741ff26de5874481b3d65512de972f859e5a63a3007a466db410During an evaluation of Trac, an input validation vulnerability was discovered which can lead to arbitrary uploading and downloading of files with the permission of the web server.
f3d29acb6264e7e52acb1152dda2f9156a367be10f0e8013ba0df3ffb4203fd1Hardened-PHP Project Security Advisory - Several vulnerabilities within PHP allow local and remote execution of arbitrary code. PHP4 versions 4.3.9 and below and PHP5 version 5.0.2 and below are affected.
ed1ef90ff012b77b27997a86a514190dac77644dc99eaeeab47035e716b3d0cfCyrus IMAP server versions 2.2.8 and below suffer from several vulnerabilities that allow for remote code execution.
7d272318585dcd23335de60a53dfe23852040f2eb2bfe3c21f847207fdd71ba2Cryus v2.2.8 and below contains four remote vulnerabilities, including one which is pre-authentication. Fix available here.
54d472e1537f333c599a3d7c14b3c297aa87884e8449678168feafb1d6d5a268During an audit of the smb filesystem implementation within Linux several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. The 2.4 series up to 2.4.27 is affected and the 2.6 series up to 2.6.9 is affected.
b7b977ebbeedcfaf0b2c7258fb9da5b47131762e6dff111d09944b9387963f4dSamba versions 3 through 3.0.7 suffer from a buffer overflow inside the QFILEPATHINFO request handler. This vulnerability allows for remote code execution.
19cd039a672527a6b47d2c45a1745de3a774b639ca25e062a5e1932683d23767PHP memory_limit remote vulnerability allows for remote code execution on PHP servers with activated memory_limit.
a2764c250202043b5e2fbcc945ecc7953565f046d5aa69d07e2cf18d05dc5ee3PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.
d66c97661142fe3d557417694547c784d192d272603cbc2f590fd731fd0ddf21A vulnerability within Chora version 1.2.1 and below allows remote shell command injection.
a41aa4d39af2f221d39ccc9dc16ac042c25b39642f4b0f038fe3a4a1f40a2cfdA team audit of the CVS codebase has revealed more security related problems. The vulnerabilities discovered include exploitable, potentially exploitable and simple crash bugs. Vulnerable versions are CVS feature releases up to 1.12.8 and stable release up to 1.11.16.
155d8c19e5073cd3b1c60af1ba16f4d76266640aeb9a5c4f91e717dbed6b651alibneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.
fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.
f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.
cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49cStable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1Privilege escalation is possible for users with access to the systrace device on Net-BSD and Free-BSD.
5055b81404726430cf6bf4f0924753685d120e9b3cabd9c41fc131e5cd09cfb0Ethereal versions 0.8.14 through 0.10.2 were found to be vulnerable to thirteen remote stack overflows during a code audit. The vulnerable dissectors in question are namely: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP. Ten of the overflows allow for arbitrary code execution.
381080b5ef005f71331d2984b019292db1046026552c446cfec0adc047875699Trillian versions 0.71 through 0.74 and Pro versions 1.0 through 2.01 have two vulnerabilities that allow for remote compromise.
644a67bf065bdd9369181f79afb3191465a69dcc5c87f7d823e73f8dfeee5addGAIM versions 0.75 and below are vulnerable to twelve overflows that allow for remote compromise.
69198b878df83c96f86ad50feb5e689f19d7e2d127dade49757b71dc6062227cA vulnerability within the XBOX Dashboard allows a complete compromise of the security features. The problem lies in the handling of font files when the dashboard loads and allows a person with local access the ability to do anything they want on an XBox without having to open, solder, or swap a hard drive.
1ba78f7ab3b8b8fec30b9ed4589338a62969e572c52acd5bd24baf88365b6875
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed