[ Register | Login ]

Home PHP Scripts Contact News Articles RSS Readers Donations

Software Vulnerability

	Enter your search terms Submit search form
	Web www.amigura.co.uk

Main

Software Alerts

Software and Script Bug Exploits
Software Vulnerability
Random Feeds

Archives

| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |

Sat, 31 Jul 10
citi_mobile
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2913
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.

Sat, 31 Jul 10
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2755
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.

Sat, 31 Jul 10
firefox, thunderbird, seamonkey
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2754
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

Sat, 31 Jul 10
pidgin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2528
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.

Sat, 31 Jul 10
itunes
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1777
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

Thu, 29 Jul 10
totalcalendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4974
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.

Thu, 29 Jul 10
totalcalendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

Thu, 29 Jul 10
simpleid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4972
Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Thu, 29 Jul 10
vjchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4971
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
t3m_affiliate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4970
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
sbanner
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4969
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
event_registr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4968
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
car
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4967
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
ast_addresszipsearch
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4966
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
air_lexicon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4965
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
ksp_sound_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4964
Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.

Thu, 29 Jul 10
commerce_extension
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4963
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Thu, 29 Jul 10
fat_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4962
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.

Thu, 29 Jul 10
lanai-core
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4961
Lanai Core 0.6 allows remote attackers to obtain configuration information via a direct request to info.php, which calls the phpinfo function.

Thu, 29 Jul 10
lanai-core
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4960
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

Thu, 29 Jul 10
t3m
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4959
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Thu, 29 Jul 10
emo_breeder_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4958
SQL injection vulnerability in video.php in EMO Breader Manager allows remote attackers to execute arbitrary SQL commands via the idd parameter.

Thu, 29 Jul 10
openview_network_node_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2704
Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long HTTP request to nnmrptconfig.exe.

Thu, 29 Jul 10
openview_network_node_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2703
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.

Thu, 29 Jul 10
openttd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2534
The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.

Thu, 29 Jul 10
iputils
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2529
Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.

Thu, 29 Jul 10
federated_identity_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2337
Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.

Thu, 29 Jul 10
content_delivery_system, internet_streamer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1577
Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.

Thu, 29 Jul 10
likewise_open, likewise_cifs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0833
The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build 8046, and 6.0 before build 8234, uses "SetPassword logic" when running as part of a root service, which allows remote attackers to bypass authentication for a Likewise Security Authority (lsassd) account whose password is marked as expired.

Thu, 29 Jul 10
bind
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0213
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.

Thu, 29 Jul 10
openldap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0212
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.

Thu, 29 Jul 10
openldap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Wed, 28 Jul 10
simpnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2859
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.

Wed, 28 Jul 10
simpnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2858
Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.

Wed, 28 Jul 10
com_music
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2857
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.

Wed, 28 Jul 10
oscss
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2856
Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Wed, 28 Jul 10
event_horizon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2855
Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Wed, 28 Jul 10
event_horizon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2854
Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.

Wed, 28 Jul 10
visualcaster
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2853
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

Wed, 28 Jul 10
runcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2852
Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Wed, 28 Jul 10
com_booklibrary
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2851
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Wed, 28 Jul 10
nubuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2850
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.

Wed, 28 Jul 10
nubuilder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2849
Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.

Wed, 28 Jul 10
com_artforms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2848
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.

Wed, 28 Jul 10
com_artforms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2847
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.

Wed, 28 Jul 10
com_artforms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2846
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.

Wed, 28 Jul 10
com_quickfaq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2845
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.

Wed, 28 Jul 10
newsoffice
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2844
Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter.

Fri, 16 Jul 10
insight_software_installer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1971
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968.

Fri, 16 Jul 10
insight_software_installer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1970
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors.

Fri, 16 Jul 10
insight_software_installer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1968
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1971.

Fri, 16 Jul 10
insight_software_installer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1967
Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors.

Fri, 16 Jul 10
insight_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1966
Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors.

Fri, 16 Jul 10
insight_orchestration
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1965
Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.

Fri, 16 Jul 10
access
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1881
The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."

Fri, 16 Jul 10
access
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0814
The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."

Fri, 16 Jul 10
outlook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0266
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."

Wed, 14 Jul 10
cruxpa
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2718
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.

Wed, 14 Jul 10
cruxcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2717
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter.

Wed, 14 Jul 10
psnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2716
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.

Wed, 14 Jul 10
tcw_php_album
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2715
Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

Wed, 14 Jul 10
tcw_php_album
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2714
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.

Wed, 14 Jul 10
umip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2523
Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet.

Wed, 14 Jul 10
umip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2522
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message.

Wed, 14 Jul 10
tomcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2227
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."

Tue, 13 Jul 10
redshop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2694
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.

Tue, 13 Jul 10
znc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2448
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

Tue, 13 Jul 10
ubuntu_linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0832
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.

Tue, 13 Jul 10
custom_t-shirt_design_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2692
Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment.

Tue, 13 Jul 10
custom_t-shirt_design_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2691
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.

Tue, 13 Jul 10
com_gamesbox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2690
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.

Tue, 13 Jul 10
webdm_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2689
SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter.

Tue, 13 Jul 10
boat_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2688
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Tue, 13 Jul 10
boat_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2687
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.

Tue, 13 Jul 10
olk_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2686
Multiple SQL injection vulnerabilities in clientes.asp in TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information.

Tue, 13 Jul 10
pagedirector_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2685
siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attacks to bypass intended restrictions and add administrative users via a direct request.

Tue, 13 Jul 10
pagedirector_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2684
SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

Tue, 13 Jul 10
pagedirector_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2683
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter.

Tue, 13 Jul 10
com_realtyna
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2682
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Tue, 13 Jul 10
com_sef
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2681
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.

Tue, 13 Jul 10
com_jesectionfinder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2680
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.

Tue, 13 Jul 10
ruby
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2489
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.

Tue, 13 Jul 10
online_guestbook_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4935
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.

Tue, 13 Jul 10
online_photo_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4934
Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

Tue, 13 Jul 10
ezwebitor
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4933
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.

Tue, 13 Jul 10
1by1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4932
Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.

Tue, 13 Jul 10
groovy_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4931
Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.

Tue, 13 Jul 10
banner_student
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4930
Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field.

Tue, 13 Jul 10
totalcalendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4928
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.

Tue, 13 Jul 10
wbnews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4927
WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1.

Tue, 13 Jul 10
online_contact_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4926
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.

Tue, 13 Jul 10
creasito_e-commerce_content_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4925
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.

Fri, 9 Jul 10
CVE-2010-2221
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2221
Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an i...

Fri, 9 Jul 10
ios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1574
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2666
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2665
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2664
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2663
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2662
Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2661
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2660
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2659
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2658
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.

Fri, 9 Jul 10
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2657
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.

Fri, 9 Jul 10
advanced_management_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2656
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.

Fri, 9 Jul 10
advanced_management_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2655
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.

Fri, 9 Jul 10
advanced_management_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2654
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to...

Fri, 9 Jul 10
freeciv
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2445
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

Fri, 9 Jul 10
avahi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2244
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.

Wed, 7 Jul 10
libtiff
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2481
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.

Wed, 7 Jul 10
lftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2251
The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

Wed, 7 Jul 10
content_services_switch_11500, ace_4710
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1576
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers,...

Wed, 7 Jul 10
content_services_switch_11500
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1575
The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690.

Wed, 7 Jul 10
tornadostore
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1328
Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit paramete...

Wed, 7 Jul 10
tornadostore
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.

Sat, 3 Jul 10
python-cjson
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1666
Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

Sat, 3 Jul 10
adapcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2618
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

Sat, 3 Jul 10
php_bible_search
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2617
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.

Sat, 3 Jul 10
php_bible_search
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2616
SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.

Sat, 3 Jul 10
grafik_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2615
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.

Sat, 3 Jul 10
grafik_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2614
SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action.

Sat, 3 Jul 10
com_awd_song
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2613
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.

Sat, 3 Jul 10
openvms, openvms_for_integrity_servers
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2612
Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.

Sat, 3 Jul 10
job_search_engine_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2611
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

Sat, 3 Jul 10
job_site_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2610
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.

Sat, 3 Jul 10
job_search_engine_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2609
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

Sat, 3 Jul 10
enterprise_linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2598
LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."

Sat, 3 Jul 10
libtiff
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2597
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error.

Sat, 3 Jul 10
libtiff
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2596
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."

Sat, 3 Jul 10
libtiff
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2595
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."

Sat, 3 Jul 10
snare_agent, snare_epilog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2594
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the l...

Sat, 3 Jul 10
libtiff
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2233
tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

Sat, 3 Jul 10
com_booklibrary
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1522
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.

 

Home | Contact | PHP Scripts | Sitemap | News | Articles | Advertise | Jobs | RSS Readers | Donations | Api Projects

© amigura.co.uk All Rights Reserved.