Syslog-NG versions 2.0, 3.0, 3.1, 3.2 OSE and PE suffer from information leak, access prevention and possible privilege escalation vulnerabilities.
182c2c5d9650fa3c22f1331dab15f9344255b47637a2dceca52b21aed476a527Oracle Document Capture suffers from an insecure method vulnerability in Actbar2.ocx.
03b34491ba00cddad42d1df6075c24902828638e56eeebc8ded920c1e03e8609Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.
29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7Pivotx version 2.2.0 suffers from cross site scripting and path disclosure vulnerabilities.
3955d4d22a67c983d281640f1e88c83b0453bb1e1cfa3c241e7193174290648bPixelpost version 1.7.3 suffers from cross site scripting, path disclosure, and file content disclosure vulnerabilities.
ba5127fa07cebab40ddd462f88157cef02759b7aa0af5ba5aabbf6c7c60a8d11This document analyzes how current TCP implementations process TCP urgent indications and how the behavior of some widely deployed middleboxes affects how end systems process urgent indications. This document updates the relevant specifications such that they accommodate current practice in processing TCP urgent indications, raises awareness about the reliability of TCP urgent indications in the Internet, and recommends against the use of urgent indications (but provides advice to applications that do).
b464cc05058563fba89abf95ea23d58efab91513859c822b555850550c44806aAB WEB CMS version 1.35 suffers from cross site scripting and remote SQL injection vulnerabilities.
30443437cf899545d3855f387cfdf2dcfb368e4fc6a733c2b83a077c16c0dbc3SAP Crystal Report Server 2008 suffers from a directory traversal vulnerability.
5bebb637d7e51e2a0d9d84df5f7b28a6a33af536f8f0ea29e3bf80b431a7af0aOpera Web Browser version 11.00 suffers from a denial of service vulnerability.
ce028c51926de87c430a7ea4ead9f4dba730628eb764baede9a8d03cb7a3495dSAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.
5bb33dcb865e51328736f78871bcaf01a2e663aac535fd2aa2d1af81cdfe13cdProgress OpenEdge Enterprise RDBMS version 10.2A has some vulnerabilities that make it possible to enumerate UserID and bypass authentication.
94f3ea7ac21edb9e58b5237ff7c2a7826e37b408dbacdbff22fb5468c6bdec38Oracle Document Capture contains ActiveX components that contains insecure methods in empop3.dll.
d17d07c5e57b563c011ed3d0796b9e0b84d6136526dcd7ca890a49dc34f3c55bPligg CMS version 1.1.3 suffers from a path disclosure vulnerability.
6b984ea8f5f5ae5f4016ca41219b784091c63f58ec6723c026db2e3fc3167876The author of this file claims that naming a directory with a .asp extension on IIS 6 will causing all files inside of it to be executed as such.
7d3a817a22ee42fe51d188e334502eb335489a020414bfe1d8e9ebcb14d8ed1fEasyMail ActiveX Control (emsmtp.dll) that included into Oracle Document Capture distrib can be used to read any file in target system. The vulnerable method is "ImportBodyText()".
e0290533ffa0e0be9cb707947d2fe37461961f3b2e54f7eb0baa68b865261ae8LACSEC 2011 Call For Presentations - The 6th Network Security Event for Latin America and the Caribbean will be held in Cancun, Mexico, within the framework of LACNIC's fifteenth annual meeting (LACNIC XV). This is a public call for presentations for that event.
dc5e7f4be00d6fa11b2bc722bb9a644e33ca817b936e23301948332572397b75Ubuntu Security Notice 1048-1 - It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.
89889f3f1ef8e9e23135999eb91d208da047c895f2d4effcebf3741b486acb04Automated Solutions Modbus/TCP OPC server remote heap corruption proof of concept exploit.
7ae800a71fe8daeefaa450bea5c62d13d9d5ab75b738f8589eca89bcfcdeec1fKehorne CMS version 1.0 suffers from a cross site request forgery vulnerability.
7876c6ade34f65bc85f60b867431987f0053357523f0490c265157c3f171eb5aKehorne CMS version 1.0 suffers from a remote SQL injection vulnerability.
6b799053274987d6f5d662823502eb3c04656999929dee3705f0035074fadfd8Crystal Web Solutions suffers from a remote SQL injection vulnerability.
11868ae3fe5e959b787b3f7494e58d05c481ac0f1538d08dfd7838897a686cabweb@all CMS version 1.1 suffers from a reflective cross site scripting vulnerability.
57bd3adca6030bc7c3fc88109e59e2ab1232833c9de24e4bdef53b9da971e6edWordPress Audio plugin version 0.5.1 suffers from a reflective cross site scripting vulnerability.
cd7fa092a8b932ea3319b4ea59b97dd12f6b2f7faef4a74f9b55dcf82c3f14fbWordPress BezahlCode-Generator plugin version 1.0 suffers from a reflective cross site scripting vulnerability.
17d80d447ea4607e8a5da85f1691a6e8bf7afc0b24c47560e4f2f1f5f25e2f22Web Articles suffers from a remote SQL injection vulnerability.
649e8dcfa5b192c8f5efc8e2b94a94251a1cf063d3ea8c823130f623cf5de36b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed