PHPMotion suffers from a FCKeditor related shell upload vulnerability.
b91cb4287ff25950565e4177b3873042319271edb62941f3c2267b38c7d92374Xion Audio Player version 1.0.127 buffer overflow exploit that creates a malicious .m3u file.
ee043d8f547fddb1ff71713e59f96c2339da72ef132de627b0f9b5294598e73dAigaion version 1.3.4 suffers from a remote SQL injection vulnerability.
cac302e646bbd6aadacb02ef7912cc68680ac5d1c95ed27dbda95f6ace4188ecA potential cross-site scripting vulnerability has been identified in RSA Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Specifically a Flash Shockwave file provided by the Adaptive Authentication system could be exploited in certain limited circumstances.
5c0090b6b979158e606ecf53a777dcebbc56e093a0a0813c1445ef5ec6cdc62aHot Links Lite version 1.0 suffers from a cross site scripting vulnerability.
1c07af1357164e7a110b323e2710ae0a828479993a3d181841cc3f2514b8a2b8This application is used to get information about SSL usage (protocols and ciphers) at a server. It can also be used for testing and rating ciphers on SSL clients. The code is written for win32 but may easily be ported to Linux.
f01dedd83c2d7a18e92eb13b3b9432e87dddbb6e619544a79468729a1b71ce83Debian Linux Security Advisory 2125-1 - A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an application crash or potentially to execute arbitrary code.
3cbfe8a8ea1cb52e2fec7178ef590fb8659c62308801833679908f5b750f8975The session list screen (provided by sessionList.jsp) in affected versions of Apache Tomcat Manager uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Versions 7.0.0 through 7.0.4 and 6.0.12 through 6.0.29 are affected.
486777c2531b3377eea0df5a8570190ea9f8e536d75e7989f9c974dc66148c85Hot Links Lite version 1.0 suffers from cross site scripting vulnerabilities.
896c4311e45250f2be0e365c1fd67008be14722836c3b2d937057d653cb1053eMirc version 7.xx DLL hijacking exploit.
5af7239ddcf482f4096fa1f4dec440a60bec8113b4d073b5d59f57be03d1fabcBabylon-Pro version 8.xx DLL hijacking exploit.
f791e4e755198b562035c84c7250faa36001b03446e50fc9e4c0d92ab656cc48AuraCMS version 1.62 suffers from a remote SQL injection vulnerability in pfd.php.
521a812cde40a6acdf35fe37ab01169db401ead77b3026eca491ec463d98d139Hot Links SQL version 3.2.0 suffers from a remote SQL injection vulnerability in report.cgi.
60578be5a556d4074dde26d49c491c63878dc4ab271eda716681490ac13b26a4Thanks to the sponsors that helped make it happen, H2HC Cancun entrance is free on December 3rd, 2010.
548f02d8ec422aa20a8218ce3df321d8f8116d82f01e912ecba1597473a488f3ImageShack Toolbar version 4.8.3.75 remote code execution exploit.
862541c00deb9691c99688ca83bfc06b1c2355cf648a391d867154759ee6d93dNetcraft Toolbar version 1.8.1 remote code execution exploit.
c42e47773bf9f53688577b14573b2425f21f70014ee04cf453eb6275a0fdb5ddZero Day Initiative Advisory 10-257 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the wholeText method of the Text element. When calculating the total size of all the text containing it, the application will wrap a 32-bit integer. The application will use this in an allocation and then later use a different value for populating the buffer. This can lead to code execution under the context of the application.
25b882b473909491bee5e2d5d9ff573475d8e1674c9b7d01f58b348d3815e065Apple Safari versions 4.02 through 4.05 and Windows versions 5.0 through 5.0.2 suffer from cross-domain information leakage and temporary user tracking vulnerabilities.
abdbde57161cf20c6337e6e980249edada439d02a2ac99f79b10fb57b97e16f8jSchool Advanced suffers from a remote blind SQL injection vulnerability.
e2dea5cdc924e69f8a7ca7d19aacbfc6f20e6ffe57706cff13e8a5584ce422edSkipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
0682c65365408c6d51c6381d0478bb9155d259a2bdb792defe36472fba43dfe1Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people bypass certain security restrictions, conduct spoofing attacks, disclose sensitive information, cause a DoS (Denial of Service), or to compromise a user's system.
a94d3eb33904398564fcae1e7a4f6515e47410d2543423283737206ccd427e4aSecunia Security Advisory - Russ McRee has discovered some vulnerabilities in TinyWebGallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
587518295401a17dc618f0511176b8c5af3b973710c28d60e8477481cf7a63dcSecunia Security Advisory - A vulnerability has been reported in jSchool Advanced, which can be exploited by malicious people to conduct SQL injection attacks.
faa4e8412e2f2b0f66b164e3c46c65c5cc3a5df19e33e768d37218da32b49532Secunia Security Advisory - Fedora has issued an update for gif2png. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
cb2998c732479850c499700e43599bdbca7d9ce82bdf401493bac7af65c2fb54Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in Native Instruments Reaktor 5 Player, which can be exploited by malicious people to compromise a user's system.
6b6d9806dc17a6629fe5acadd06aea4324b37acf63668d5fa1a349165ea17208
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed