Call For Papers for the Hackers to Hackers Conference - 6th Edition. It will take place in Sao Paulo, Brazil from November 28th through the 29th, 2009.
469ae3fe29af2c91dd66d41da6e7fb6c1dc937e12ff729ef5fed2063e86a4e9fBrief whitepaper discussing SQL injection in MySQL. Written in Indonesian.
19938f7e92bbeb6464cfd177e05a082c218aaa070c80f9de4fbf08073411fca5The Tupinambis component for Joomla and Mambo suffers from a remote SQL injection vulnerability.
8f9c47b107ef570f6821b127b73431516d3c15a9c8dc08abffedd56918eb7599The Joomla Facebook component suffers from a remote SQL injection vulnerability.
3026069aa6ec898323f8e84927c491d17895b18a68998a3280e9c5fd4ae6e6c9Share Zone suffers from a remote blind SQL injection vulnerability in view_news.php.
386564f5996ff3a932fe3e634d35316e3125da0b59c9fdbda69641e3db52dd41Mandriva Linux Security Advisory 2009-242-1 - Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. This update provides a solution to this vulnerability. Packages for Enterprise 5 i586 were missing with the previous update. This update corrects this.
3ff703ae3b6e20dd33a5d12e7051dc9c952cc03eb15b2ecbb3c0c5bfeb7bb118Toner Cart suffers from a remote blind SQL injection vulnerability.
2276d4722de39dbf5101ef6b72c84ccc1dbc8ea818fcefee966a073d818a95fcCosmetics Zone suffers from a remote blind SQL injection vulnerability in view_products.php.
6df3f0628264641eeb879dae8555e2e94085cf17c72e227208c389ecf45f8d17Mandriva Linux Security Advisory 2009-242 - Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. This update provides a solution to this vulnerability.
80f351c6a3b26822c8b61e57555dc19e23273967fdd3cb21f93b646faea72c11HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Role-Based Access Control (RBAC). The vulnerability could be exploited locally to gain unauthorized access.
019989b49ce6e9db761784d54b631a10f8a2210a5c016c8697fe794a05e9f05aMS-SQL injection tutorial written in Albanian.
8ef07e5e29143b5b33639b6747fb8fc4954afc7a82ec26965349ba787f70a703Mandriva Linux Security Advisory 2009-241 - The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability.
623eaf0006230b0c85b75973d1611fb7bca874c479e83596a0129baf497e83cbMandriva Linux Security Advisory 2009-240 - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. This update provides a solution to these vulnerabilities.
0b99eeb4e7b9d6cf93ee6299bc687952ecf00f5bed79960082460b9c5160e084BPLawyerCaseDocument version 1.0 suffers from a remote SQL injection vulnerability.
391bff34f543720222ec7510bdd4a27098efdd94f2cae7a0e058fceb593ef480MMORPG Zone suffers from remote blind SQL injection vulnerabilities in view_news.php and game.php.
8e0578735d3bf7170d6e5f72a11adb0894967917d283555e2f7e02418aa86593DVD Zone suffers from remote blind SQL injection and cross site scripting vulnerabilities in view_mag.php.
0e9c99001e1b92819b3915f76dae3c93a5b8537b8b45263456c1584c048efadbJoomla Sport Fusion component versions 0.2.2 through 0.2.3 suffer from a remote SQL injection vulnerability.
820419e882fb63ce348cd32d832f13ea2aeba73056bf466dfab4e5939cb6413bAlibaba Clone version 3.0 suffers from remote blind SQL injection vulnerabilities.
199f65b87150b54348f0224b21c1b67478eead489ebf73ecf7ea9b059cb4f90dGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
fd668294add7e92f0178994cd6b27f09d6fabef89a1daf7529eb87bd31f18a0aMaxWebPortal suffers from a remote SQL injection vulnerability.
b708f460c07569f194cdec1a8415bb9900a06fea299f8919599c9247ab7e6730Mandriva Linux Security Advisory 2009-239 - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws the scope of this issue is currently limited because the amount of computation required is still large. This update provides a solution to these vulnerabilities.
93d724150f498b44ab15ee712c7c6741e7048e4a11d86450fd84461bd468cda1The Real Estate Script for Realtors suffers from a blind SQL injection vulnerability in view_listing.php.
e3a5e2640e350cebea66c868f62a169cb9da91196389648db8766b5e9b82f162HB CMS version 1.7 suffers from a remote SQL injection vulnerability.
da268a8b9eaf5e7dcb12e250b564ac5e73451561cfacc11fa511335ad352de4fBPMusic version 1.0 suffers from blind SQL injection vulnerabilities.
06122095d935d51585628722bf6a4659ea02c077d1ad3a816b81d5928f1e1a22BPStudent version 1.0 suffers from blind SQL injection vulnerabilities.
37d2996ae18203d76573c4494295a36e4ab31f8ed3b038fb44fd3e9f145c1e4e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed