Mandriva Linux Security Advisory 2009-128 - Multiple security vulnerabilities have been identified and fixed in libmodplug. These range from integer to buffer overflows. The updated packages have been patched to prevent this.
0571fd8d87c92d6328067f290b78f164ef29e209aaf3cb2cc002ce05d1c6f2deHost Directory PRO version 2.1.0 remote administrative password changing exploit.
77ce0f56f40398d3fb015d2b9770183c570116d460ac8e21bd02841f7dabb031Web Directory PRO suffers from a remote database backup vulnerability.
1a033eff9b6c300112878921ac083615125db94bd23cf947fdf4f98b167fcd8fHi5 brute forcing utility that takes in a wordlist and is written in Python.
20cf2a5a5f41c4cfd2d4f019909b942f71a216d787588a10944ce5e0148869ddMandriva Linux Security Advisory 2009-127 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
c129ddafc8e6adbe84ce0db1d2f64f157d4c61e4660c21d8942f61dda334aa16Host Directory PRO version 2.1.0 suffers from a remote database backup vulnerability.
9beccfca8c42efaf654629c3ab2885f8113bfc7bcb0a2869a1ff1e64447165e0Web Directory PRO remote administrative password changing exploit.
80efc67a1160daadcd68665b6cc47b7f81964b51fcd626416d0a485b4dbe2464SuperCali PHP Event Calendar suffers from an arbitrary administrative password changing vulnerability.
3543c371e4b08076a96b7c4c00f1fc20ad7565f2528db074f9698e8c326b67f2Apache Tomcat suffers from a XML parser replacement related information disclosure vulnerability. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
c2b64deb31914b487990416282c15bcbf60ade318ae9adeff66567f4a45f4d69If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
c1222adcdce7d85aa41a91cfdf45704103468dc97af6d891ef3a467ed12ed3c9Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
23d04996953f18e735ec39419f21aa830d1507afe0c131cb6125bc7e54f441baUbuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
959ae8eddaf8e4c73e6210d8d6f03aa37f29790fab59d7fbeb81aa87e655ad3aMovie PHP Script version 2.0 suffers from a code execution vulnerability in init.php.
f18ca171de35377a0fdf8414f8372a7319110fff283e784fb5f9e0be9a6c919eUbuntu Security Notice USN-781-1 - It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
edcd25ea3a9efa771fd79ad6546263ae682ec7ea24fb292898ff40eeb7c0ca27Supernews version 2.6 suffers from a remote SQL injection vulnerability in index.php.
a0c52c7bab931b128694918d4bf8ec6f26e1a56f209a0132c79f96b61923e0f5Ubuntu Security Notice USN-780-1 - Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service.
5ed9ac751e35b04551ce6bc0ee95dbc2274f8e92c18f6df536d88f1d108fb5c0OCS Inventory NG version 1.02 suffers from a remote file disclosure vulnerability.
73e8f91b83749f97a33d287b830b4b07522b83f9752bb37c0cef2b5558ba9243The Joomla Momres component suffers from a remote SQL injection vulnerability.
ddb3d060e4123f70575be5914ad331d2744597b1644cf4af22071af941ece535The Joomla Omilen Photo Gallery version 0.5b suffers from a local file inclusion vulnerability.
49a904680d67c59f46864154010b14131a9886c1049a11a5555e2c3e3ff79f2fJoomla Seminar component version 1.28 remote blind SQL injection exploit.
fb819b7d311c21bcde83b9f137aa4832ad3f06db9a58f3e627c62658efcc292cEgyPlus 7ml versions 1.0.1 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
c1cd71478a82dfaaf4acc3a16083350fc73a77351a3bbd57fd0c2b5c6bf80edcPodcast Generator versions 1.2 and below unauthorized CMS re-installation exploit.
47c54be78e45cbd7ca5dd7d6030665ce4149d9c12697df96113124dd02545514Blue Collar Productions iGallery version 4.1 Plus suffers from an arbitrary file download vulnerability.
ac77c07cffc3f662f1b46014ede8f9f819102ed1760a4750576a5df09aeb699bMy Mini Bill suffers from a remote SQL injection vulnerability in my_orders.php.
2605700b82f8e1dd97d56df6670ee22784a7870d30580db4dd641594186d570bVOIP Dashboard suffers from a remote SQL injection vulnerability that allows for authentication bypass.
73cf82122fabacafd807e8ae6df54bc560d7dc8292e58f616714461b16136199
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed