Software Alerts Random Feeds
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Thu, 1 Jan 09
fsmi_people
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5800
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Thu, 15 Nov 07
JLMForo System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5954
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 19 May 09
answer_and_question_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1664
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
Sun, 10 Feb 08
GLWorld, HanGamePluginCn18_ActiveX control
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0647
Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information.
Tue, 18 Dec 07
TYPO3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6381
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Fri, 6 Jun 08
Sun Solaris "inet_network()" Off-By-One Vulnerability
http://secunia.com/advisories/30538/
Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Sat, 26 Jan 08
HTTP File Server Multiple Vulnerabilities
http://secunia.com/advisories/28631/
Felipe Aragon and Alec Storm have reported some vulnerabilities and security issues in HTTP File Server, which can be exploited by malicious people to disclose system information, conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, manipulate data, and potentially compromise a vulnerable system.
Thu, 29 Nov 07
JP1 File Transmission Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6145
Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.
Thu, 17 Apr 08
Lasernet CMS "new" SQL Injection Vulnerability
http://secunia.com/advisories/29734/
cO2 has discovered a vulnerability in Lasernet CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Sat, 20 Dec 08
BitDefender Antivirus Scanner for Unices PE File Parsing Integer Overflows
http://secunia.com/Advisories/33240/
Some vulnerabilities have been reported in BitDefender, which potentially can be exploited by malicious people to compromise a vulnerable system.
Wed, 1 Apr 09
webutil
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6555
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.
Tue, 1 Jul 08
Apple Safari Memory Corruption Vulnerability
http://secunia.com/advisories/30801/
A vulnerability has been reported in Apple Safari, which can be exploited by malicious people to compromise a vulnerable system.
Wed, 15 Oct 08
windows_mobile
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4540
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.
Sat, 21 Mar 09
prestashop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6503
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
Wed, 19 Nov 08
myserver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5160
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."