Secunia Security Advisory - A vulnerability with an unknown impact has been reported in ENOVIA.
246822a737b48b1ebe45d0dae70f196a7ffc4966544c2dc74dda2f64d18fc799Secunia Security Advisory - A vulnerability has been reported in Spring Security, which can be exploited by malicious people to bypass certain security restrictions.
fb238442417e3f801fa28c83cd530b968c76295cb81f418ee0cff10c6a0f1513Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
92b5309a94ddf61346b3988601145374d77ae4a1fb3ba4b81446bbc40e25568dSecunia Security Advisory - Fedora has issued an update for subversion. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
ceb2d70ad841c841a44fe9e8b45cf0251acb44b145a82588309df5660d76960fSecunia Security Advisory - A vulnerability has been reported in n2, which can be exploited by malicious people to bypass certain security restrictions.
54ac8b7a9ab6b54ae19e948af440fc0518f272b03e2f2a77a69b9e1052255142Secunia Security Advisory - Two vulnerabilities have been discovered in FrontAccounting, which can be exploited by malicious users to conduct SQL injection attacks.
6211195911af10806a64744185982d872609006829ae4ecf728938e462427705Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
f245aa176fd8067bae154cb09d86420cb80ed53c71568c1aea05e9865a88aaa9Secunia Security Advisory - SUSE has issued an update for glibc. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system.
9ece13180db05c659c9c7f3d74ca6f4d8484d76c27c6968fafaf7cc1b5c96c18Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
2c0e26a446ffc3cccf09d59b3ebeaed8212e66d19301c5f829007e07098cc5bbSecunia Security Advisory - Jokaim has discovered a vulnerability in TeamSpeak Client, which can be exploited by malicious people to compromise a user's system.
0c39558ee852684080f82204f7c552fc7064e7f51fd89a190e1ebc31b7a8567bUbuntu Security Notice 1011-1 - Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
c70c8634f7e5edd3db3ec6d893a08c59c2cd9c43a4e312f5589af964fa419897Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
aa84e124106e38044201acc658964bf70d81a2b24ca030fc5cbbdc9da2d4118aZero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
510fb503338ecbfca13adb7cacbe14f877aeedd8c76b5d0dae0ef34e9387165dZero Day Initiative Advisory 10-226 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager interface exposed by the web server which listens by default on TCP port 80. The rdpageimlogic.aspx file does not validate the rdReport variable when parsing requests. It parses SQL statements from the file pointed to by this variable. A remote attacker can abuse this behavior to inject arbitrary SQL into the backend database.
058c945532c10394e1675bf7fa118cedd0dd9ce8e0818c0a089b82aec8d0fbd8Zero Day Initiative Advisory 10-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdPageImlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'DetailReportGroup' an attacker can force the server to load the DetailReportGroup.lgx definition file. This file contains SQL injections within multiple parameters. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
7178e80358422215dfcb5e13ab812b85882bff6721703e9d1f5c9201442d1865HP Security Bulletin HPSBMA02533 SSRT080049 - A potential vulnerability has been identified with HP LoadRunner Web Tours 9.10. The vulnerability could be remotely exploited to cause a denial of service. Revision 1 of this advisory.
6f8ea974f90e78259b644717319aa41c447d9e985d59bb78a8389a66835866dcHP Security Bulletin HPSBST02595 SSRT1000303 - A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access. Revision 1 of this advisory.
247defaf78fbdf858b0a98e876cf6fa1de287afed53e79cca915bf413d3f8265Cisco Security Advisory - CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows contains a vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on a host device with privileges of a system administrator. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. Mitigations that limit the attack surface of this vulnerability are available.
fdf8d2b9d6b7b38b6ff828292a9299be03b20be06e195362eb062ed9f38e657dACDSee Photo Manager, FlipAlbum Vista Pro, Internet Download Manager, Nessus Client, Orbit Downloader, Secunia PSI and WinMerge all suffer from an insecure library loading / DLL hijacking vulnerability.
e351ec50286cc84d95d4590ed5d70f3ce2de0cae42c7aa135fc7c39567db4ff9Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream. Successful exploitation may allow execution of arbitrary code. Version 5.581 is affected.
589a067f3f1289bab05e944bfaf2f2cc31e132d0938bcb4b2965adc396c3972bZero Day Initiative Advisory 10-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'SummaryReportGroup' an attacker can force the server to load the SummaryReportGroup.lgx definition file. This file contains multiple SQL injections within the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
5afe335679de5f033e5e0a1a662607fc21b3e926d2aee1e4691d33b4ad33c86eHP Security Bulletin HPSBMI02582 SSRT100269 - A potential security vulnerability has been identified with the webOS camera application. This vulnerability could be exploited by a local user on the device to overwrite arbitrary files on the filesystem. Revision 1 of this advisory.
857b99783d1e2835a7b00bc42db477b3536fb55b576566b755a1f166bd5bc70dZero Day Initiative Advisory 10-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx and rdPage.aspx pages which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'LoggedInUsers' an attacker can force the server to load the LoggedInUSers.lgx definition file. This file contains multiple SQL injections within the following parameters: 'loginTimeStamp', 'dbo', 'dateDiffParam' and 'whereClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
ceb74fd58c461aa0e284d9ade21196015768b8397e112aefb567c5900c3a68a9Zero Day Initiative Advisory 10-222 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. This page does not properly filter the arguments to the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
68f2d97d3e125f5189468d6de7f56e3cb443df79990296aa6526bb203d2d6aefHP Security Bulletin HPSBMI02580 SSRT100254 - A potential security vulnerability has been identified with a Palm webOS service API. This vulnerability could be exploited by a local user on the device, who already has gained the ability to issue privileged webOS service calls, to execute arbitrary code. Revision 1 of this advisory.
1d17140c3eb6cc1162e5f385abb54a47406a923d9865f2affbf057a7c421b2a9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed