The 2008 Workshop on Security and High Performance Computing Systems Call For Papers is now open. It will be held from June 3 through 6, 2008 in Nicosia, Cyprus.
372e388add5bb10e7dbfaa1be01afa6bdbd6d5a58b5919322be3668d8e99a51cGentoo Linux Security Advisory GLSA 200712-10 - Alin Rad Pop (Secunia Research) discovered a boundary checking error in the send_mailslot() function which could lead to a stack-based buffer overflow. Versions less than 3.0.28 are affected.
94623d4d3b5647510d5c2dff1138a5a24a7ca00eefbe3ac8bb703e421f09e664Gentoo Linux Security Advisory GLSA 200712-09 - Chris Rohlf discovered that the Gtk::MessageDialog.new() method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the message parameter before passing it to the gtk_message_dialog_new() function. Versions less than 0.16.0-r2 are affected.
ffb2936b579cd2aa8178252e8e6b3874b6fbaa928e8a4e53931190abf2b4a7d8Gentoo Linux Security Advisory GLSA 200712-08 - The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28). Versions less than 20071114-r2 are affected.
efcacd31b460a14ade8855e2ab710df48dc9b1abcf3e64ec1882886b010ace7eGentoo Linux Security Advisory GLSA 200712-07 - Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporary files correctly. Versions less than 1.4.1 are affected.
5f7cb713a3fbbc2b1c7488d556632ec59111b14e899b4e07aa1fecbc4bd97578Gentoo Linux Security Advisory GLSA 200712-06 - Adriano Lima and Ramon de Carvalho Valle reported that functions isc_attach_database() and isc_create_database() do not perform proper boundary checking when processing their input. Versions less than 2.0.3.12981.0-r2 are affected.
0b7ea8ad84bc0e75542d3d2139e32ea8135717813156e44fb1ab75918a59caa1Gentoo Linux Security Advisory GLSA 200712-05 - priyadi discovered that the request to store a URL string as a LOB is treated as a request to retrieve and store the contents of the URL. Versions less than 2.5.0_alpha1 are affected.
af7e8ac751447253f97fbac8cc35930d48fe0fbfe0bebf2ca0cda71f88b9903dGentoo Linux Security Advisory GLSA 200712-04 - Multiple integer overflows were reported, one of which Peter Valchev (Google Security) found to be leading to a heap-based buffer overflow in the cairo_image_surface_create_from_png() function that processes PNG images. Versions less than 1.4.12 are affected.
2cb7fca04ba943dd95a43c33f07cc3ad6dcecc421b8106a051f76518de162641Gentoo Linux Security Advisory GLSA 200712-03 - Drake Wilson reported that the hack-local-variables() function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based buffer overflow in the format function when handling values with high precision (CVE-2007-6109). Versions less than 22.1-r3 are affected.
edd9e083b7d0b8553e48ce34609b874d047a20ca14aabaa98c9459486244286fBitweaver is susceptible to multiple cross site scripting and SQL injection vulnerabilities.
e28189875e0d96173f9cb6e40eb1770320d4313e43c588b297941994f990d55aE-XOOPS suffers from multiple SQL injection vulnerabilities. Versions 1.05 Revisions 1 through 3 and version 1.08 are affected.
a6aad278b4cec3428d52992c7b26e3d4a857cc5786b47e996bb8a343c5d5715eProof of concept exploit for Roundcube webmail that demonstrates cross site scripting issues.
d00b7e13f833039a92b08ef1378623811397b7f0ed11d7c802cd37fd0547d0fbRoundcube webmail does not sanitize payloads allowing for cross site scripting attacks to occur when used in conjunction with Microsoft Internet Explorer.
c514bf2d0203e08d52a83ae70c6057b6b34aa94e6ae734ad3ea9440554fa18edDemonstration proof of concept exploit for the SquirrelMail GPG plugin which suffers from an unsanitized javascript display vulnerability.
62d0fdf0af0e63eb0a6572e40725aa88e01bacd77800ea9c1b3fb83df45ecdefThe SquirrelMail GPG plugin suffers from arbitrary file deletion and unsanitized javascript display vulnerabilities.
f5046e1f7205ce370f1e9ad1b9542accefa1ad2e3a12cc8c7c96b40b5d79baf6GestDown version 1.00Beta suffers from possible SQL injection vulnerabilities.
92e91f1034ac0faa46a837bcf5056a25553db1a984cfd733bde31478da39ef23bttlxeForum suffers from multiple SQL injection and cross site scripting vulnerabilities.
58dc54430c7f2a9280769bbaf8ea03196ee2cda79f62e8ba332cfe37c0245068Simple IPv4 and IPv6 banner grabbing scripts.
57db79dc569f940f827eb9c541e6be8c77ec7cfd6f76c6ae864e6b3ed60a4ceewebSPELL version 4.01.02 suffers from cross site scripting vulnerabilities in calendar.php and usergallery.php.
791793881706cf6bc3762e47c4281f337a8bcb8e5aa422cb00382ddbbd92e10eSambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
f080548939c756b572d90221a984e026776f38496e613223baa587ce31fd4150Falcon CMS version 1.4.3 suffers from cross site scripting and remote file inclusion vulnerabilities.
fc5d94465b9c463eea6dc29909f7ec7b2124c15ff28de1d966d9da6423486042The Falt4 CMS version RC4 10.9.2007 suffers from multiple vulnerabilities including blind SQL injection and cross site scripting issues.
944fbdb7e98ca80e90de15982480925302c61c5965cf4bbb3140296e3b64eb9cThe Lotfian.com Database Driven Travel Site suffers from a SQL injection vulnerability.
cd0c6d06b52fa03772b28e2f9bdad6910e4d3b644783cfd52eec50b2e4858fc5SH-News version 3.0 suffers from a remote SQL injection vulnerability in comments.php.
20ee425a806daa62b495d16f060bf6ff26fcf9a931b38b9d2c1ccac340036944The Ace Image Hosting Script suffers from a remote SQL injection vulnerability.
67bef6711db7fd031bb1e11cf21fe4d59755a80cd106babb07b1f46696206903
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed