FBC-Market CMS version 1.1 suffers from cross site scripting vulnerabilities.
09817e2c30bb455f5a4f765c97d05e24dedf95adcf65a34b06c088ba789f92a0Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
5649d72589cc6c97930d976d341ad0c29f94500381763825f20a088a4df9292eAni-Shell is a simple PHP shell with some unique features like a mass mailer, ddoser, connect-back shell, bind shell, and various other features.
5d436e5e3f0f9049b1f6c13ff1c3e8d6533281bd4fb1495f94866b260b5e0b5aDesign flaws make it possible to find out hash of the secret used for URL generation in secureURL.php version 2.0. The problem enables malicious parties to calculate checksum over fabricated URL parameters. The design flaws render the system ineffective against attacks and gives a false sense of security.
2bac6017745b6a2c0260aed056b9e2dfa6f9642bd68c12696537a9e5fa1695a9WordPress versions 3.1.2 and below clickjacking exploit that was part of an OWASP presentation on September 20th, 2011 in Wellington, New Zealand.
d4a46b300c33199d62f520ab8dfe78f8b757bb617b125029fabdb5451143d0d3JAKCMS PRO versions 2.2.5 and below arbitrary file upload exploits that allows for remote command execution.
53a1b1da7731dc0103e75d2e48b13fa41c546b8838b40a37ce1ecb416158b99eJohn the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
cd2ec7c7e2d178ab67e21097365bc72a0d202ffdcb27b4b6cdfe09b7ca9c2df3PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
20c69e1f380cf1263b9ca1277688da3d530b4f35a666f85f08603a6cfb7fcf67phpRS version 2.8.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
b19cfe13ab6c40445258baa9295b98457e1244a6ebfb220284a38f8c7d96813fRed Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
4c4d52c5fd2a5c20616f3ebc71ce87be9cc1e7162d05e80b851e4a21b45fc3b8Authenex Web Management Console version 3.1.0.2 along with ASA versions 3.1.0.2 and 3.1.03 suffer from a remote SQL injection vulnerability.
f902f5944c444b8605a921cdb93fa4459555c5706c75362bd646d783250aa507Nightwing allows the creation of quickly deployed wireless networks without the need to make complicated configurations. With the implementation of a Mesh technology called B.A.T.M.A.N, Nightwing allows the extension of wireless networks with a simple way of adding devices that works with minimal human intervention. It has public and private connection interfaces, and the ability to filter content using OpenDNS. It is designed with security in mind, and has low hardware requirements.
7a5bae353ed79b4d770caa71fc5747857d3d8342bec117dc2b58c8ac24009d11Cogent Datahub versions 7.1.1.63 and below remote unicode buffer overflow exploit.
b1a1fdfc109ba113353c2d3449719feaaa4bf7570bf06bc28a5f1ddb73a33455Help Desk Software version 1.1b suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
7c45c237a4df997457e5bd3ad6b66521ade15991fe7669f4b51a3cc9d807bfeaNGS Secure has discovered a high risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).
7d6ce6c13a81311a3dab3d62c8f6f1fcd10802a5c27a2eec0d0c72aecd82d362Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.
09a25924843b91f3f50dabe88e350b2457e7ea33b36285fc79174f374c87f60dRed Hat Security Advisory 2011-1327-01 - frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
f2ce352dc25eaf310d9bca25771cbd7c1b96df23f5bb9f0751705aae4632658cRed Hat Security Advisory 2011-1326-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.
702c85e7c9ccaf5dcb5dec68ba2238f7d983950a1752624f9190a5490c11e2f3Red Hat Security Advisory 2011-1325-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.
a1c24e64298830d8a2e338ef21d6a3d7fbe44b1bc20b76eb7693299bfb9d4913Blue Coat Reporter versions 9.1.x and 9.2.x suffer from an unauthenticated directory traversal vulnerability.
c95584bb52b8fdac0511f9e7187ff91fb07dbb25ff55a569ad9a80cc33f03b75OneCMS version 2.6.4 suffers from a remote SQL injection vulnerability.
340723e660fc8e70dd451b2d7e698464fa396300d183bc5e62d694cf4d42c827Andy's PHP Knowledgebase version 0.95.5 suffers from a remote shell upload vulnerability.
3090126effdf18e3ed5b2303531c98fe3c999ecd9072bc3d99b8767083084359The U.S. Geological Survey website suffers from a remote SQL injection vulnerability.
4a13a716e4a0712213640cb4f24263b14e5729a356f29ace454255c4669c9f11Red Hat Security Advisory 2011-1324-01 - Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
32bd8ac5fcc0b20ce8d3211423b8151ce158385ff712a0eb6ef6c742efb0c8beRed Hat Security Advisory 2011-1323-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
2b4e351ecf7b1e04b2a289d89c0a98e84a8bc39de3fd6f4dd885d4a0e30e59c4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed