Drupal versions less than or equal to 4.7 attachment mod_mime poc exploit.
2fc9ce589c58c2041d52ea76aaaa377ba30c8a82eb2bd371b292b091cd014bf1[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie Vulnerability
434ab6eb4ebc9f900a530ff7b7e41760a6f5009066236478af3ef28359ac84fciFdate v1.2 suffers from XSS
fa23ee9f5ee87cdf0807d7dfbb1628a659ec1e102fdb5ce1234e8e7c84649d17iFlance suffers from XSS.
7b8ab79ff3ce92e859bd1f612f3fefbb52a07ab252df1745dbe52b2fbe4732c9Bulletin Board Elite-Board v.1.1 suffers from XSS.
463f5f9afce5949c9f46e1ba860e0a25e21c4554c3bdddecbaaac0fbf15e7a09phpBazar versions less than or equal to 2.1.0 Remote File Inclusion Exploit.
baf8f072eff30f192794e7bc5453be62cae5eeb462315bdc5f4387b086e97a9eRealty Pro One is vulnerable to SQL injection and XSS.
b49f5b2cd97e0929d619d756e989558293174efd239327217ac4cccfe469b67aphpWebSite 0.8.3 suffers from SQL injection.
919c66f4755fa67dbedead1beb8f5783be81c22975871fc799ae79f563903b0bChatPat v1.0 is vulnerable to SQL injection and XSS.
3434d4266bd55d6638a1628f378bff2d4577ee000f32cf4cddf748821ea1cce8AZ Photo Album Script Pro is vulnerable to XSS
afaa4b4eaeacf4fb6b3749ac637b7230e7c940788da0fdc0d32a645004063e05phpFoX could allow a malicious person to log in as any user by editing their cookie.
eeb50c5357012c97138995cc8bee7e00955024516aa814216834b45304cb7f8cLocal DOS exploit for portmap.
7c4a20d1a40de51804e9f75274183c6df5afe555a796e5164cd6b82a8f61e201On April 18th, 2006 VSR has identified a stack overflow in the PDF Tools AG PDF Form Filling and Flattening tool. Although this is a traditional command line utility there may be a risk to those users of the application who use it within web application or a network service, particularly when relying on user supplied input to generate the PDF form field name or value pairs.
38dfd256afb7906bed20e3b9b81c69ba8d3f924b9302efa7c4975b0421b4c1e8An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands into the database. The attacks covered here work in any multibyte encoding. Affected versions: PostgreSQL 8.1.0-8.1.3, 8.0.0-8.0.7, 7.4.0-7.4.12, 7.3.0-7.3.14
1f24512224697c2721795629e394e65c7d12647d4fe34a0ce2f1d81d2f134330The WebTool service of PunkBuster is vulnerable to a buffer overflow. POC included.
554910fc9dd17c34fab9b544aaa9b35f0135d0fcc606f7190ed5c132efd82370It is possible to crash netPanzer v0.8 by sending it a specially crafted packet.
5bd15f99d0b0ee065d43422994775a79e39fd02b835ee584083925567219fc2bNucleus CMS versions 3.22 and below arbitrary remote inclusion exploit.
64a5a62dc8fa1e62fa9e2edda6a37ccfeb8d591612217c3d8636c355dcbd4aa5Mambo versions less than or equal to 4.6 suffer from XSS.
2a92e4b2da24b9b0737a34466de761cfd9f30d723b93153b805ecb310a8996b8Publicist v0.95 suffers from full path disclosure, XSS, and SQL injection vulnerabilities.
416a475f3c96faf299d1daa790d2bc8ea03d0f8124783243545c490ba685e6f3Ubuntu Security Notice 286-1: Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user's privileges.
70c3f53db040e96e33fc023709fdc9b68236e172c2ecb75306f846777211886aUbuntu Security Notice 285-1: AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server.
14504300e7de0216f59ee9e2031ac8329fd63f916d3a1ab9093d5c9eb42005f7Hackernetwork Mail suffers from XSS in the search parameter.
2de18c0a41e43b0b6a8216b1e4771d262c88e0aee3f573c66e3d64964bf21e62AlstraSoft Web Host Directory v1.2 suffers from XSS.
76cb5fead72f07546ff6caac350ef52ff98aa9c400a8460f8a5eaa8319e6951dDGbook v1.0 suffers from XSS.
267703a03cb205ea4709ceb1d7e07fae8fcef0405027b2cc13b1ce9199b224b4Alstrasoft Article Manager Pro v1.6 suffers from XSS and full path disclosure vulnerabilities.
89344e990d665b1d82f67ac1c85ff871676e90bc2a1175166ab223b8e8bb3f80
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed