Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
a157bef85abd26f723c099109c42adb1bb95c25de6439edfd27bf297b0efe62fMac App Store suffers from a man-in-the-middle vulnerability that allows for remote command execution.
e88209a3e289c622603bd43b938bcfbf92e5160cdf3d50166e1221374865b7e6Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
f206473f38c0933286bdc00fd667750becd015dc4db7e86a307c3b55344dc453Mandriva Linux Security Advisory 2011-149 - Multiple vulnerabilities has been discovered and corrected in cyrus-imapd. Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. Secunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism of the NNTP server, which can be exploited to bypass the authentication process and execute commands intended for authenticated users by sending an AUTHINFO USER command without a following AUTHINFO PASS command.
1191292753cdb7c648b6f3c0d5659116f9b45499232eebda2c0efc795d775ec9WordPress Photo Album Plus versions 4.1.1 and below suffer from a remote SQL injection vulnerability.
bf3ea8918c7de9782e264e2d6b05ec45720b07a5c20144302c4a8eed53b6c5d3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed