Gramophone version 0.01b1 suffers from a cross site scripting vulnerability.
9a5b7f1d75d39c8243db9196336bba6a28809e6f294600da4c464d019c5081b3Allscripts Homecare client versions 6.1.0 and 7.0.1 suffer from a local memory corruption vulnerability.
e61dd63f1038ddb7e663470bfe50f0750075133ada0a3baaf17a8d05dad3e126WordPress Easy Webinar plugin suffers from a remote blind SQL injection vulnerability.
884e037eaaa98050d5cebdeb809fb4c19fbe143bc3984a65c51407480dd6f4e2The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
553cb435fb55599355ceae80210dcc60509e0f1a51cae7259ce1394e8ef9ac7bUbuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
01b5a462284182fc91534e669d352b638efb552e7d0ebbc4836b839b09d8b4eeUbuntu Security Notice 1620-1 - Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.
dda37aac7e4f09cf08bbf332ed3e4ea5af41338c9b0d4844e593b51407a8855eDebian Linux Security Advisory 2568-1 - IT was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.
9adcac62f75ed2cb43a6178756a2a6591f34492c0a947b3c737340c90a27cb2dDebian Linux Security Advisory 2567-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
fe75ccba30dc437622f4300ae97b720f84a232cc4b02fbbf0e8325a67254945eWAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.
1550bffec9e3d6456c3b17a48dc90408f06301e18f7cfd1ef8ca41662b56f587The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from an SQL Injection vulnerabilities when input is passed to the 'product_id' and 'grade' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.0 is affected.
e1146a5b942521c7537f27d1e9e6daf8576dafc19293f31ca192b5c83d4684a8The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from a reflected cross site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 1.0 is affected.
a8958302bb602beff4ebb5517ad18454b487ae666d4353e85526aec09144e0a6Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.
4574d497f5b7de99ddcba37f9338d21972b688102da3b115f156e7604e82c00bLayton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.
3827c1464b24bc29ab3e651ff29501dbfd6b5cd47b535b390f6cad47d2082994Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.
16ee66d4cbd6d224b10fa5f95bc298defb75ded84f60334c0975efd6f7d244e2Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.
84e000e3e44575e7d56f64a765baeb3ba0680194d10cef458af3c321b7470c55Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.
ffb1e252d827f52f414c14552b658fe20322ca6da03f2bccb5d2f3d6fa1aa597Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.
65c129f2aa3caef6fbe2d3cbf9480e7a26059454a9f06e7eb3c1a9a695199165Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.
8d734fa89fe9433ad116e55adc6c356d0f247f3c345dfda0b0958a1e8896b8d4Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.
6c5cc1580cd23e491855f8f601ab13345165ca92e85aa068fc7ba33c894be7fcInventory version 1.0 suffers from multiple cross site scripting vulnerabilities.
1292d00cbc8131c9d80118a786712087616de0bf11a88f616f6a7005190143b5Inventory version 1.0 suffers from multiple remote SQL injection vulnerabilities.
befb2b4b941cc0e1fb457e807d5670f439ed489fe807f04ff00438accba64deeThe Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.
9a55abf480664665e35217155ae1a22dc463dfe106da40a050d4ea0d36c8c45eDebian Linux Security Advisory 2566-1 - It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code.
db45c689499a88f8489df5e20ca7f2308465812b000bd38146acd009a2dd42a1Ubuntu Security Notice 1618-1 - It was discovered that Exim incorrectly handled DKIM DNS decoding. This flaw could allow a remote attacker to execute arbitrary code.
1aa6092f2eedee2d304f571946cd33139c425f5a72ba8acf5eae714670a9a625HP Security Bulletin HPSBHF02819 SSRT100920 2 - Potential security vulnerabilities have been identified with HP, 3COM, and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information. Revision 2 of this advisory.
2f87c33b828e020cdb66b95f0a1edc648b9834e9463fc9faa3800051d0ebb479
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed