EarthStation 5, aka ES5 or ESV, is a P2P application that has been poorly designed in that it will allow any remote attacker to delete any shared file on a victim's system.
f0515fcc25c2d6cddf08643062f26639e1bed49f3b3c65587b3c4ecec347344aSCO Security Advisory CSSA-2003-SCO.27 - OpenServer 5.0.5 insecurely creates files in /tmp which can lead to a system compromise.
725b4ca1608142e558c4a0f6e0af7773a4026376e70cfc6b6c4619a5460d1ad4MyClassifieds SQL Versions below 2.13 are vulnerable to a SQL injection attack. The problem is due to improper sanitization of user input for the email variable. A remote attacker could insert arbitrary SQL code in the email variable. The passwords of the users can be written into a file and made world readable.
04c3f8142c6f5e430a1e163f919eff03fe8721fc45a531812584a2ec6b4a31caMac OS X v10.3 Build 7B85 contains a vulnerability in the screen lock which allows malicious local users to use the computer for a short amount of time, until the authentication window is displayed. Exploit information included.
ef57f472ad9ea7e8279fc7e6035e71ddc0f6360fbdae55b2422ed2fa30258365Thttpd v2.2.1 through 2.23b1 contain a remotely exploitable buffer overflow in defang() which can allow remote code execution. Fix available here.
49b0a9d6196d61e74ed7eb1273e385487a96371557543a1e9a566551756bb100InfronTech's J2EE Web Application Server, WebTide v7.04 and below has a directory traversal vulnerability.
ed3724d201f6106bff77d5b92d7fc95bbdfb5df88fa576432260612cd3f19c2cSiteKiosk v4.x and 5.x contain vulnerabilities which allow users to bypass URL restrictions and/or browse for free because the software fails to check if the supplied URL contains a wildcard DNS entry.
47dff8e13deba387ab3498641097b00700a232599411910947ded0a5dd09786bLibnids v1.17 and below contains memory corruption vulnerabilities in the TCP stream reassembly code. Applications such as dsniff which are linked with libnids can be remotely exploited by sending overly long, specially crafted TCP packets. Fix available here.
fb5edefbf4ddd44e195c518d2f20fc7a815a6c6f1699e73b57c10278c89efd11Wu-ftpd v2.6.2 contains a remote root vulnerability if SKEY support has been enabled. Patch included.
40a0ce3539a007074bcdc02b3be11b15fc0feb8fb09046d9beabf48081bace89Mod_security v1.7RC1 to 1.7.1 (Apache 2 version) contains a remotely exploitable buffer overflow. Fix available <a href="http://www.modsecurity.org"here.</a>
003069cb86b78286889e651e8a8ad4e60ff0d92b3ab2ea794aad4c87d8b011edNovell iChain prior to v2.2 SP2 beta contains multiple remote vulnerabilities which allow user session hijacking, denial of service, and possibly system compromise.
42d46c7a7fbdcf02338f099cde864377864379a43e501bd4158132aba1fa01dcAOL Instant Messenger prior to v5.5.3415 contains a buffer overflow in the CCertsByUserName::Cleanup() function which can lead to remote code execution. Can be exploited via HTML web pages or email via long aim: URIs. Fix available here.
658bc232448de8aa479f016c69377dec0c4df2e3dc1edc3e917f281631ca4178RealOne Player v1, v2, Enterprise Desktop, and Desktop Manager, and RealOne for OS X all contain tempfile vulnerabilities allowing malicious local users to escalate their privileges by manipulating URLs or embedding scripts when RealOne launches the default browser. More information available here.
09826df6449dbec705262c498b3ea583bd519f6074f2fe41812f7380fc5249aeGeeklog v1.3.8 and below contains a SQL injection vulnerability allowing malicious users to change passwords on arbitrary users. Fix available here.
f4ee9373590cb6d8633e3248d2a3a4fc32f197cea472b03b6dc1968bd6294f8dcpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Fix available here.
38a5f115f7ff25fa54a8cbaece68467108a84c1f858b98478337d930a03652d9Bytehoard prior to version 0.7 contains a remote directory traversal vulnerability which allows file access. Fix available here.
760815350b650ce7eb514ab12b531b4c537b4bedcea9a916151c97bbdecab0deFetchmail v6.24 and below contains a remote denial of service vulnerability which can be exploited by sending a specially crafted email. Fix available here.
e79612b16d2c2e8069f5a46e09f2cbb86dd22b2c2310ff8597675222ee5ca969Under some circumstances, it seems that when some code is added into a Microsoft Word document and then spell checked, the application will crash.
b3ae1023eb8bb7fc1504b78ead52b1dd1ca967aea41d061f9279d8d88b423b9aA cross site scripting vulnerability in Microsoft Hotmail allows access to mailboxes via malicious Javascript in conjunction with cookie hijacking.
8c363ce3f59df1c9afd05297d48999353d73fd24fdf58a30707f45ba78d08d9aSecurity Advisory detailing original research from the Microsoft Local Troubleshooter ActiveX control buffer overflow that affects all versions of Microsoft Windows 2000.
3123057a0e33003e32d0c1dcbd81e7c68fe2683392807470c9f4cf6b670e203bOriginal research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.
afe2bc49b17ee13959bb70c510b9169e409491f6f6bef971239d00a18a2e3d4fSCO Security Advisory - SCO OpenServer 5.0.5, 5.0.6, and 5.0.7 has had multiple vulnerabilities discovered in Xsco. One matches the command line parameter -co hole discovered in Xsun and another allows any local user with X access to gain read/write access to a shared memory segment.
ea73d1607ecb515aa8682e89e65246b5b258aa25a485244028e85ae2567906aeCERT Advisory CA-2003-27 - A number of vulnerabilities in both Microsoft Windows and Microsoft Exchange have been discovered with multiple bugs giving privilege escalation and remote command execution.
ff6a783884bf7c388fa7d2f7cad1b147a397dc5ac7727f0a5675739263ee03f6A cross site scripting vulnerability still exists in the newest Bajie HTTP server release even though the vendor had previously been notified of the problem.
afd73509b2de1d74bbb351c867f4a67c715af98358cb09eecca456e2cef6a03eNGSSoftware Insight Security Research Advisory - Several vectors exist that can be used by attackers to make use of a stack based buffer overflow in the PCHealth system of Microsoft Windows 2003 Server and Windows XP.
c81ad70663b2e59cb57828827eb771305b054a927731a366ef5652bb7951ced6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed