Whitepaper called Socket Capable Browser Plugins Result In Transparent Proxy Abuse.
65eb3183b07857bbd608feebd92c0299d36ca985daae597dca43bbc3f0bd50f9Gentoo Linux Security Advisory GLSA 200903-24 - An insecure temporary file usage in Shadow may allow local users to gain root privileges. Paul Szabo reported a race condition in the login executable when setting up tty permissions. Versions less than 4.1.2.2 are affected.
024dea4d4945ff11e176b4d3f8e31a9f6fab11c9d699ae4e96d59d56ecce6f05commerce35.pair.com suffers from a cross site scripting vulnerability.
fefe9b8f7502d1abb958d5e6a58da6492ac244adee03f1d83521fd0367ae8226WordPress MU versions below 2.7 suffer from a Host HTTP header cross site scripting vulnerability.
4113cda2b941db88f0101e9657393b355c6a879ccc46d2953d89e73cafc8d026RoomPHPlanning version 1.5 remote administrative user creation exploit.
208a451c3dc7fc271fe8b5602ee73f403947dfc68be86f0c9b9b930578ed078eWeBid versions 0.7.3 RC9 and below suffer from multiple remote file inclusion vulnerabilities.
cc032baa87192c68451ce6313b9f796925f6d37b4d41bef2dba0784a80ffcb8aAsterisk Project Security Advisory - A remote crash vulnerability exists in the SIP channel driver allow for a denial of service condition.
ca3545fb7ff461a737f99935a89bf271977ba6509b3a6a50c11000b7d15536f7Joomla Djice Shoutbox version 1.0 suffers from a permanent cross site scripting vulnerability.
ab0983764c6ae2589c7647ff07614d3c2113d33e06c2b3f5ed24b6f240991231Mandriva Linux Security Advisory 2009-071 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
62b36ae835832a2ca1a529bc8dc60e7dfd2ad25732679f7b1be252a91160c5e3Debian Security Advisory 1735-1 - It was discovered that znc, an IRC proxy/bouncer, does not properly sanitize input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands (CVE-2009-0759).
c7050e28cdec2b23cd3e001e95a49c799e6f63b9f49b26ce0d87a88aafdde18dTechnical Cyber Security Alert TA09-069A - Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server.
9ff852dd830e814efb4f93f15ca7c66fe392ee0d93aec87740c0b7c7d8f4c056Ubuntu Security Notice USN-732-1 - Wolfgang M. Reimer discovered that dash, when invoked as a login shell, would source .profile files from the current directory. Local users may be able to bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users.
248625dfa29b8e4233d57c94a13683f32a4a76cb842fd10cf237efc5ff11131aUbuntu Security Notice USN-731-1 - Various cross site scripting and cross site request forgery issues have been addressed in the Apache2 package.
53c042689592505b6cc1714dc0b02d8469fa878b9973b4b6057be919a686c447Circumference is an implementation of a WebAuth client and server to supplement the recently-written specification for the WebAuth Diameter Application, complete with an extensible Diameter server and base library. Diameter is specified in RFC3588 and its updates.
cd9befa5150d71dabd2d314c05507db6f3ef6c64c93de0b823e6bb91315cd4b4The PHP-Fusion Book Panel module suffers from a remote SQL injection vulnerability.
7711480980e8a89f5acb59861c327c9d786ad36cca49d85b494f11d57ab74e6dMandriva Linux Security Advisory 2009-070 - senddoc uses temporary files (/tmp/log.obr.4043) in an insecure way which enables local attackers to overwrite arbitrary files by using a symlink attack. This update provides a fix for that vulnerability. Also, this update is a rebuild against (latest) xulrunner 1.9.0.6.
0640a490a00105b5aeba2a2760baee91c692e5ec3a87a7679597723cf21fd0b0RainbowPlayer version 0.91 playlist related universal SEH overwrite exploit.
cac584521a4b5bbd8fbc6456be71941227f97a2346dd24d8dbb5662c94770baeGentoo Linux Security Advisory GLSA 200903-22 - A buffer-overflow in Ganglia's gmetad might lead to the execution of arbitrary code. Spike Spiegel reported a stack-based buffer overflow in the process_path() function when processing overly long pathnames in gmetad/server.c. Versions less than 3.1.1-r2 are affected.
d82d1afc3792aca891062de3ccb6945580ab8592dfba3ffe27583f6250d12fbbCMS WEBjump! suffers from a remote SQL injection vulnerability.
45a61661293a5ed9e48ce77ca710110cffa74f50a773993664d0b94a98e9f6f9SEC Consult Security Advisory 20090305-2 - IBM Director for Windows versions 5.20.3 Service Update 2 and below suffer from a local privilege escalation vulnerability.
2c4bdf15757ef2a4d79baa1f93e9076442d2eb8f9826084c908501199c234703SEC Consult Security Advisory 20090305-1 - IBM Director for Windows versions 5.20.3 Service Update 2 and below suffer from a remote denial of service vulnerability.
6ec03fbbc9d5a504fb1686b5770ec4c08945779d3dfcac2447a621f6e80a6a21SEC Consult Security Advisory 20090305-0 - NextApp Echo2 versions below 2.1.1 suffer from a XML injection vulnerability.
e364a88c2cc90f61eeb02c0e5b44a6ff6992024991a758fa3a4903a2fe77a6b5VUPlayer versions 2.49 and below .cue file universal buffer overflow exploit. Win32 bindshell code that ties to port 5555.
b92e3d1c5b3faa53203419f25f64d31b16ec4a45ea5fcd1da8c0414ab5342addSecunia Security Advisory - Some vulnerabilities have been reported in Mahara, which can be exploited by malicious people to conduct cross-site scripting attacks.
91e700f15765c78343d0657672f798048411f7741e14a005ac76fcac75403150Secunia Security Advisory - Fedora has issued an update for libpng10. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
c3c0b423f6fe41bee77f8c21f2c7052d7529a3328c875eb5cea2da767ed0c7cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed