Home FTP Server version 1.0.7 b45 suffers from information disclosure and directory traversal flaws.
7851cce7cc1179707f46cc1835af116df83aa2c4ba71b04748ea12bd45069870Gentoo Linux Security Advisory GLSA 200508-16 - The Diffie-Hellman implementation of Tor fails to verify the cryptographic strength of keys which are used during handshakes. Versions less than 0.1.0.14 are affected.
4b5d4660b0194cc4e782354bcce43a976db6e723ca0a98ee1d3ad51e5e4b0a43Gentoo Linux Security Advisory GLSA 200508-15 - Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Versions less than 2.0.54-r9 are affected.
618c6a160662df7767ded42f4ebc4e2c265973f9bf30e878dfc8187498c1c894QNX inputtrap from QNX RTOS versions 6.3 and 6.1.0 suffers from an arbitrary file read vulnerability.
f5bb3f5978c5bf87593d30ca3d98a914fef593639b7c16be2d448698febb7bf0Foojan PHP Weblog suffers from an injection flaw when trusting an unsanitized HTTP_REFERER payload.
75439af3343c01b0d18d2043b57904f86045439a6c31fb9d2d7216e6b5ffbe31Exploiting well known flaws in DNS services and the way in which hostnames are resolved to IP addresses, Phishers have upped the ante in the cyberwar for control of a customer's online identity for financial gain. A grouping of attack vectors now referred to as "Pharming", affects the fundamental way in which a customer's computer locates and connects to an organizations online offering. This paper, extending the original material of "The Phishing Guide", examines in depth the workings of the name services of which Internet-based customers are dependent upon, and how they can be exploited by Pharmers to conduct identity theft and financial fraud on a massive scale.
679d5ea57d53ee26efe87bf7fb71f51c02755169e19b28514757566b957d3289LeapFTP versions below 2.7.6.612 suffer from a buffer overflow flaw when processing .lsq files.
32ec455c4bb5ce48b9e778645c2fe17108ccb537116bb2ab4c39ba6288277afcPaFileDB 3.1 is susceptible to a SQL injection attack that allows for login bypass.
ef6f4c85332a3b1190a1116ffdb1882091049ad5a815ffc0dd451fce975d20bfMicrosoft Registry Editor for Windows 2000 and XP has a nice design flaw that allows for the hiding of registry information.
c896ffe333e77dd73bc446724ae93cef2d2918ef54a1c493db3c3ec04bf68e02BEA WebLogic versions 8.1 SP4 and below suffer from a cross site scripting flaw in the Administration console.
cc1ead976d71ba856423d2033f5c4d1c22ae5b972914ad6a077d117cc08fd030In nearly all browsers you can overwrite the window location in the 'onunload' event. This has been tested against Firefox, Opera, and Internet Explorer.
d481cdf32ce6a1395ff88f928628dc082bc153bb84ec099a432703fb7b5344ceGentoo Linux Security Advisory GLSA 200508-14 - The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Versions less than 1.8.5-r2 are affected.
9acf45a11c434f9e4b49e43cdefa777308170e253b8f78d7f744be25888a81dfSecunia Security Advisory - A vulnerability has been discovered in vBulletin, which can be exploited by malicious users to conduct cross-site request forgery attacks.
9c1099d3e971a759e8ea8f0436980584e16ac4f31799909ea8b92f814275adb5Secunia Security Advisory - A security issue has been reported in pam_ldap, which can be exploited by malicious people to bypass certain security restrictions.
756588c481156ce8f9890a1bde65cae69a76d158735a29fc08de6976994f3836Secunia Security Advisory - A vulnerability has been reported in Solaris, which can be exploited by malicious people to compromise a vulnerable system.
ba80317acf61549fa1ba000763d23a0b403e62a851d7b8982c39e7b4813ade85Secunia Security Advisory - Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks.
1ad053470b349dca87c34c886082a6857433975098d4c7f2896b06ee6da88f8aSecunia Security Advisory - Kozan has discovered a security issue in ZipTorrent, which can be exploited by malicious, local users to disclose certain sensitive information.
4d48c1e0c6bda910f36c4a4f4538715c96741e8f9e61abf28ba30f4eecb14098Secunia Security Advisory - Gentoo has issued an update for PEAR-XML_RPC / phpxmlrpc. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
c68ae5c73bb3484b7d9a6f3d08949b59a5b64664207be7b60d3c6fd83f8d4c33Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Ventrilo Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
3a6a5f37464a1d1adb76953ca8d0ace59ac4b5ce50b67a2d15eaef0f1f41c098Secunia Security Advisory - Sowhat has reported a vulnerability in LeapFTP, which potentially can be exploited by malicious people to compromise a vulnerable system.
40c69fba7968cfedf6c107d143706e5d036148efe09574b77c7b9b0bc0fe851cSecunia Security Advisory - Josh Bressers has reported a security issue in cvs, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
a6fb98cdc04d87513dd38a94e07cfc54b32a41c483aa656414252fbdaa67bf8aSecunia Security Advisory - Fedora has issued an update for cvs. This fixes a security issue, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
605564b0003d332ce1331e5784014d8ae937568029ad6fe3ac5d1bc08d44a5e3Secunia Security Advisory - Igor Franchuk has discovered a weakness in Microsoft Windows, which can be exploited to hide certain information.
81b756e68c6cc1b3f60c7a0ba5571b9b6c6b822b2fb3bc6c998c068642f8f83a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed