Slackware Security Advisory - New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
b704efd34fea020dfef8a9b9848cf0433a54a6adea560c6b21f2008b64fa9306Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.
bb2851a7d694bdfdc081c72877ac631b96b1d0fc6f302e1493882794b986f6d1RSA, the security division of EMC, announces security fixes to address two security vulnerabilities in RSA enVision. These include arbitrary file retrieval and credentials being mailed in the clear.
21733d753cf541d05c9bdb1f1335a9efc8d4ec5ead044111b3d8aaaab1ffcf89GLPI versions 0.80.1 and below suffer from a database information disclosure vulnerability.
5eed314db85dc74bd217874b0c50d69d31f0f589c508750bace80938534ca81fWordPress SendIt plugin versions 1.5.9 and below suffer from a remote blind SQL injection vulnerability.
7106e3bbbc0f0a17bb69813ffc8c3ed81a8b43adfde17b2f5ade3a8ee682330bWhitepaper called Demystifying the Android Malware. It dives into various phases to discuss the hows and whys behind malware implementation for Android.
ad9e4c33e888d2a10ee1d2ca15fbe4ebac9bb71fc66331e213a36b8563c018b5Studiomenozzi suffers from a remote SQL injection vulnerability.
e2e3878a7699b0bf0fab22d8b32868d3347e3d5e5073e7c9b51901cda7c29621Ninuz suffers from a remote SQL injection vulnerability.
bc6d012e5c1d60b0ec9f1046ed573709c4619cd86100d5df4f666e8f2d6069b6Arya Web suffers from a remote SQL injection vulnerability.
5772c0532f7af420f6af95ca64a90c64f0cb8f73f48dff2dbb9f3d6a85a4f42bA vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
1231ae3590ce9f439d6b83bc44f312d176de967ea3fd246651485e8e72f9d537Microsoft Report Viewer controls suffer from a cross site scripting vulnerability. Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1 are affected.
4d9788bddcd51301180727fdb8f1bfb7d0282f2267bc50035868014db7f5b3e7The LedgerSMB development team has found an SQL injection issue in LedgerSMB version 1.2.24. Because this issue stems from their common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger version 2.8.33.
d46a40d761ab4f653c338833304f4974937256b45896dba52e8970d226b6ce1cLumension Device Control (formerly Sanctuary) version 4.4 SR6 suffers from a remote memory corruption vulnerability.
c57ef1704cb0c41b6705165642f98b7d6449b19cbe982463e50749ab3173be60Zazavi versions 1.2.1 and below suffer from cross site request forgery and shell upload vulnerabilities.
efc0457b3c527d10101324b43740b9416fa5f5c1b0f2473292acd3a5160b1f47SmartCMS suffers from a cross site scripting vulnerability.
72b51cc5ee1af6fcd43e3eb3cecfbb596d54706bd14bba01df086d4331da7384A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
a9690ce85ab38ad4c6cee06d55ad11d445eea51f1cdb17fcbcf5b56233597938Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Rational ClearCase / ClearQuest, which can be exploited by malicious people to cause a DoS (Denial of Service).
f689b815bb19801e01331128320dd168c381c78360367037b2a583098f264f7eSecunia Security Advisory - MustLive has discovered two vulnerabilities in neolao FLV Player Multi / Maxi, which can be exploited by malicious people to conduct cross-site scripting attacks.
a67b6e25f69a29517cc95cc007b863dfa9a13aa9021dbfda51a6d6a9b7e4c109Secunia Security Advisory - A vulnerability has been reported in Apache Wicket, which can be exploited by malicious people to conduct cross-site scripting attacks.
77917786ac8d670b1955d48a208120a0a4b8c00d4822d79141d64e428f81c2edSecunia Security Advisory - A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.
2c063a72930cf9f627aeebba359665be95b2bf3a97767ae9493c5b20b80060ccSecunia Security Advisory - A vulnerability has been discovered in VicBlog, which can be exploited by malicious people to conduct SQL injection attacks.
25b2c10661d9dbc640fdf707592272c4d66e4d0fedde2bd648bd4206f2bb8035Secunia Security Advisory - A vulnerability has been reported in CommodityRentals Books/eBooks Rentals Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
ae01f926b0c695817b4e2a6189b1b0462eb31b47d1f9252c91198b9e67face15Secunia Security Advisory - A vulnerability has been discovered in the Redirection plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
412f9d361e731ab5b2e205b00f2e0794f8472d9544b8ec30f36413eb637fc2fdSecunia Security Advisory - Some vulnerabilities have been reported in the WordPress-Amazon-Associate plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
155ffa0806a5c5f715e065d2ebc348ed6321a229f4dc5082c949077cfd1b8567Secunia Security Advisory - SUSE has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
594154926efe0e8b2c8a242becae22d9d1aa2f0a809662a973da6713f137e7e8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed