PhotoPost 5.0RC3 is susceptible to SQL injection, arbitrary file upload, cross site scripting, and various manipulation flaws.
0b6ed983b076ee2d4747a046aec2414e2cdc85fe6b5b11e5af9bf5f2cb0512b8UBB.threads version 6 is susceptible to a SQL injection attack in the editpost.php module.
cfbe8ebd5d12e416db9bb89e13a9b9fbec917af66bef40faa03dc285bb757b1cA vulnerability has been identified in Spinworks application server that allow a remote user to succesfully crash the server by supplying a '.' in the sid parameter.
910f03dfbc884bf97c6b6788b7c2a7b7d5ff6e6b9d751e648b24eff160c82744Proof of concept exploit that makes use of functions in libc in order to gain MySQL user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
883268c86f6fa35f215d28b707d9b6aa5143b2203243c3f53302acab8d0dc34dIf an authenticated user has INSERT and DELETE privileges on an mysql administrative database, it is possible, by using the CREATE FUNCTION command, to take advantage of functions from libc in order to gain mysql user privileges. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
05ae9e22a0591885b9e526aefabcc601ce81851c4dcec3496411367507e6bb0aProof of concept exploit that makes use of a library injection flaw in MySQL via the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
d74efbde515c47b96c4ca08796c904e378535ec258fbffd7eb05c6774714d9c8If an authenticated user has INSERT and DELETE privileges on a mysql administrative database, it is possible to use a library located in an arbitrary directory using the CREATE function. Version 4.1.10 and versions below and equal to 4.0.23 are affected.
b6cd1438080f20142c162f5f1c30010bcc56c15eeb9a45e72e51b6759e1dc41fNuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
73018186a2d1d30f0b50f0b6d8819edb8cf8742f51531fdd50ba98e6aeb3cb76iptables is the new packet alteration framework (firewall utility) for Linux 2.4. It is an enhancement on ipchains, and is used to control packet filtering, Network Address Translation (masquerading, port forwarding, transparent proxying), and special effects.
9f8b504a6133f6065659d4d4aeccae3509663d014946633ceb25e5813db6a358Access Point Utilities for Unix is a set of utilities that configure and monitor a Wireless Access Point under Unix. It is known to compile (with GCC and the IBM C compiler) and run under Linux, FreeBSD, OpenBSD, MacOS X, AIX, and QNX.
f01d068650f0f05c5b3753147ee0a5d3dfc07732c9788bb295683e66415a325dp0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris. This particular version is modified by Nerijus Krukauskas to store the data in a database.
524bb56f5c023913a3328472fa5f6aa5a6cb2c88568ba205c466a1b9a7dfe0e4iDEFENSE Security Advisory 03.10.05 - Exploitation of a remote buffer overflow within the IMAP daemon of Ipswitch Collaboration Suite allows attackers to execute arbitrary code with administrator privileges.
65f99d3babacbf39e324ea4688bb6e5789a845e47f28952a95d10b7dd06116f7Apple ships XCode 1.5 with a feature for distributed compiling that ships with distcc, a Samba module that is susceptible to known exploits allowing for full user access to the target machine.
eceae8836e927c9decfd2d91544916148c6c6233db47ee50f8252e1caf55601fSecunia Security Advisory - farhad koosha has reported a security issue in aeNovo, which can be exploited by malicious people to disclose sensitive information.
733dbc1fe2feb97af0844bbfbf3682a8ed3f40767cd9f8f102480517ab015546Secunia Security Advisory - Luca Ercoli has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service).
a263c19e2fb82d6ca83a3b34bd2b99892f0cb51c7bed23d4f54e9d4f7641ae4aSecunia Security Advisory - ADZ Security Team has reported a vulnerability in UBB.threads, which can be exploited by malicious people to conduct SQL injection attacks.
955ad40fa70492eb158512a423d975e8d166540d6300a533c5cf2188d6da5197Secunia Security Advisory - Virginity has reported a vulnerability in holaCMS, which can be exploited by malicious people to compromise a vulnerable system.
83f245a1865b1abd5122d6a46542c374f3abd6e61e6fc8c13d3f8a08d2c08d3fSecunia Security Advisory - Dr_insane has discovered a vulnerability in Spinworks Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
a3c1e9fa7bcc022ac9bd467eb46eaa340af2c1b7ad9ba84457bb705a501954b9Secunia Security Advisory - Igor Franchuk has reported some vulnerabilities in PhotoPost PHP Pro, which can be exploited to conduct script insertion and SQL injection attacks, bypass certain security restrictions and manipulate potentially sensitive information.
878de5ccb8b58f6e7985e222ec01cad579f6b3df3a3789cac42b0a520f106a07Secunia Security Advisory - bitlance winter has discovered a weakness in Thunderbird, which can be exploited by malicious people to trick users into saving malicious files by obfuscating URLs.
d67dc703f0c77b9795a523679563b801ed19cb524624f9ee9a44f8aadfadee61Secunia Security Advisory - bitlance winter has discovered a weakness in Mozilla, which can be exploited by malicious people to trick users into saving malicious files by obfuscating URLs.
3394eed9c487f3de5bf2f72540ba5a7aaf3604097f142ccedaf1cac756ade7f8Secunia Security Advisory - bitlance winter has discovered a weakness in Firefox, which can be exploited by malicious people to trick users into saving malicious files by obfuscating URLs.
5d15df5847fd6524a76df440cb853b29e46921dcc89bb1723bcc7c2f34ccd920Secunia Security Advisory - Stefano Di Paola has reported two vulnerabilities in MySQL, which potentially can be exploited by malicious users to compromise a vulnerable system and by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
7712d3b9ec53a57e5fa78166a6a9748c7cb3c0218dbf72e38440b994d5e05518Secunia Security Advisory - A vulnerability has been reported in Phorum, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
23763bf33e6937d2fddee3bf9f33718a6a42145c1af2b2425375a76d47caa64fSecunia Security Advisory - Fidel Costa has discovered a vulnerability in WEBInsta Limbo, which can be exploited by malicious people to compromise a vulnerable system.
7c516590cd63b79f262bd4adfbd2264446516549faee87cef7f568677bc0c935
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed