Ubuntu Security Notice 1434-1 - Ivano Cristofolini discovered that Samba incorrectly handled some Local Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated attacker could exploit this to grant administrative privileges to arbitrary users. The administrative privileges could be used to bypass permission checks performed by the Samba server.
38b127c8c765b97608e2d50fd59c5741Red Hat Security Advisory 2012-0533-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls. An authenticated user could use this flaw to issue an RPC call that would modify the privileges database on the Samba server, allowing them to steal the ownership of files and directories that are being shared by the Samba server, and create, delete, and modify user accounts, as well as other Samba server administration tasks.
bb9a5704371e720d42b963106ef75117PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
2417eddc3bf12db62df922d474f46cd9Secunia Security Advisory - A vulnerability has been discovered in Remote-Anything, which can be exploited by malicious people to compromise a user's system.
c19a364e383f28a17b9fcbf38ba1b6a9McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability.
fac7449425b40ef4af6501db05a9f65cWebCalendar versions 1.2.4 and below suffer from a remote code execution vulnerability.
5f262ed03724a9203109c2bb48d3886fPHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
3e0f2910740ee66fc78fe170dce97825Remote Anything Player version 5.60.15 suffers from a denial of service vulnerability.
0b466556879a512ae2083fdf895e14c6Booklight suffers from a remote SQL injection vulnerability.
f706b0a25ae1d26e10828d7e496245ebOpial CMS version 2.0 suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities.
acccb552e07ec87ea83457bb160d54e8The Chinese Pujiang government suffers from a remote blind SQL injection vulnerability.
4aeb1073fd69f453d9ae641e2741a9e3CMS GratingPeru S.A.C suffers from cross site scripting and remote SQL injection vulnerabilities.
8d7e011193836bbf70eb6fa57f91cb7bMandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.
2ded3927a0b08285a7c5a07703752ec9eRealty Shop suffers from a remote SQL injection vulnerability.
124cbc28812b9cfb5f098236f63908feMandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.
d970a7f09cf0264c29f9c880d7bb0874Uiga Personal Portal suffers from a remote SQL injection vulnerability in index2.php.
e59c9c4630ed5fbfefbc54cc2684ef83Uiga FanClub suffers from a remote SQL injection vulnerability in index2.php.
e00972e95769968a93571b80baefac5atheEZsite CMS suffers from a remote SQL injection vulnerability.
0cbe812f77b0274f93b0e1e102ded8fdSource CMS suffers from a remote SQL injection vulnerability.
828a7539bf9862345888c7a9781ba325Yemen Ecommerce Technology suffers from a remote SQL injection vulnerability.
7493fc5d4cb52585e54849d03375bf08WTE CMS suffers from a remote SQL injection vulnerability.
b50f529e57f515020666a0d329925ad1WebData CMS suffers from a remote SQL injection vulnerability.
4eee8c5da02808f1fedc834e56ebc99fPinnacle Pixel CMS suffers from a remote SQL injection vulnerability.
0761ae767e11130f18b66728eb923b4fJoth CMS suffers from a remote SQL injection vulnerability.
9d9329eb020c6f2c90218f0faa00d160IrIran Shopping Script suffers from a remote blind SQL injection vulnerability in product.php.
2a516164a47273d9d1bed4c821e4142c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed