Secunia Security Advisory - A vulnerability with an unknown impact has been reported in ENOVIA.
246822a737b48b1ebe45d0dae70f196a7ffc4966544c2dc74dda2f64d18fc799
Secunia Security Advisory - A vulnerability has been reported in Spring Security, which can be exploited by malicious people to bypass certain security restrictions.
fb238442417e3f801fa28c83cd530b968c76295cb81f418ee0cff10c6a0f1513
Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
92b5309a94ddf61346b3988601145374d77ae4a1fb3ba4b81446bbc40e25568d
Secunia Security Advisory - Fedora has issued an update for subversion. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
ceb2d70ad841c841a44fe9e8b45cf0251acb44b145a82588309df5660d76960f
Secunia Security Advisory - A vulnerability has been reported in n2, which can be exploited by malicious people to bypass certain security restrictions.
54ac8b7a9ab6b54ae19e948af440fc0518f272b03e2f2a77a69b9e1052255142
Secunia Security Advisory - Two vulnerabilities have been discovered in FrontAccounting, which can be exploited by malicious users to conduct SQL injection attacks.
6211195911af10806a64744185982d872609006829ae4ecf728938e462427705
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
f245aa176fd8067bae154cb09d86420cb80ed53c71568c1aea05e9865a88aaa9
Secunia Security Advisory - SUSE has issued an update for glibc. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system.
9ece13180db05c659c9c7f3d74ca6f4d8484d76c27c6968fafaf7cc1b5c96c18
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
2c0e26a446ffc3cccf09d59b3ebeaed8212e66d19301c5f829007e07098cc5bb
Secunia Security Advisory - Jokaim has discovered a vulnerability in TeamSpeak Client, which can be exploited by malicious people to compromise a user's system.
0c39558ee852684080f82204f7c552fc7064e7f51fd89a190e1ebc31b7a8567b
Ubuntu Security Notice 1011-1 - Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
c70c8634f7e5edd3db3ec6d893a08c59c2cd9c43a4e312f5589af964fa419897
Zero Day Initiative Advisory 10-221 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminReportTrendFormRun.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'groupList' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
aa84e124106e38044201acc658964bf70d81a2b24ca030fc5cbbdc9da2d4118a
Zero Day Initiative Advisory 10-220 - This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager. While there is authentication on the main page of the installed IIS extension, many of the pages can be accessed directly. One of these pages, IMAdminScheduleReport.asp, is vulnerable to a SQL injection vulnerability. The ASP code lacks sanity checks on the 'email' parameter. Thus, an attacker can abuse this to inject arbitrary SQL into the backend database.
510fb503338ecbfca13adb7cacbe14f877aeedd8c76b5d0dae0ef34e9387165d
Zero Day Initiative Advisory 10-226 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager interface exposed by the web server which listens by default on TCP port 80. The rdpageimlogic.aspx file does not validate the rdReport variable when parsing requests. It parses SQL statements from the file pointed to by this variable. A remote attacker can abuse this behavior to inject arbitrary SQL into the backend database.
058c945532c10394e1675bf7fa118cedd0dd9ce8e0818c0a089b82aec8d0fbd8
Zero Day Initiative Advisory 10-225 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdPageImlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'DetailReportGroup' an attacker can force the server to load the DetailReportGroup.lgx definition file. This file contains SQL injections within multiple parameters. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
7178e80358422215dfcb5e13ab812b85882bff6721703e9d1f5c9201442d1865
HP Security Bulletin HPSBMA02533 SSRT080049 - A potential vulnerability has been identified with HP LoadRunner Web Tours 9.10. The vulnerability could be remotely exploited to cause a denial of service. Revision 1 of this advisory.
6f8ea974f90e78259b644717319aa41c447d9e985d59bb78a8389a66835866dc
HP Security Bulletin HPSBST02595 SSRT1000303 - A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access. Revision 1 of this advisory.
247defaf78fbdf858b0a98e876cf6fa1de287afed53e79cca915bf413d3f8265
Cisco Security Advisory - CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows contains a vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on a host device with privileges of a system administrator. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. Mitigations that limit the attack surface of this vulnerability are available.
fdf8d2b9d6b7b38b6ff828292a9299be03b20be06e195362eb062ed9f38e657d
ACDSee Photo Manager, FlipAlbum Vista Pro, Internet Download Manager, Nessus Client, Orbit Downloader, Secunia PSI and WinMerge all suffer from an insecure library loading / DLL hijacking vulnerability.
e351ec50286cc84d95d4590ed5d70f3ce2de0cae42c7aa135fc7c39567db4ff9
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream. Successful exploitation may allow execution of arbitrary code. Version 5.581 is affected.
589a067f3f1289bab05e944bfaf2f2cc31e132d0938bcb4b2965adc396c3972b
Zero Day Initiative Advisory 10-224 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'SummaryReportGroup' an attacker can force the server to load the SummaryReportGroup.lgx definition file. This file contains multiple SQL injections within the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
5afe335679de5f033e5e0a1a662607fc21b3e926d2aee1e4691d33b4ad33c86e
HP Security Bulletin HPSBMI02582 SSRT100269 - A potential security vulnerability has been identified with the webOS camera application. This vulnerability could be exploited by a local user on the device to overwrite arbitrary files on the filesystem. Revision 1 of this advisory.
857b99783d1e2835a7b00bc42db477b3536fb55b576566b755a1f166bd5bc70d
Zero Day Initiative Advisory 10-223 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx and rdPage.aspx pages which is exposed through an IIS extension on the default web server port. By setting the 'rdReport' argument to the value 'LoggedInUsers' an attacker can force the server to load the LoggedInUSers.lgx definition file. This file contains multiple SQL injections within the following parameters: 'loginTimeStamp', 'dbo', 'dateDiffParam' and 'whereClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
ceb74fd58c461aa0e284d9ade21196015768b8397e112aefb567c5900c3a68a9
Zero Day Initiative Advisory 10-222 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the default web server port. This page does not properly filter the arguments to the following parameters: 'selclause', 'whereTrendTimeClause', 'TrendTypeForReport', 'whereProtocolClause' and 'groupClause'. An attacker can abuse this to inject arbitrary SQL statements to be evaluated by the back-end database.
68f2d97d3e125f5189468d6de7f56e3cb443df79990296aa6526bb203d2d6aef
HP Security Bulletin HPSBMI02580 SSRT100254 - A potential security vulnerability has been identified with a Palm webOS service API. This vulnerability could be exploited by a local user on the device, who already has gained the ability to issue privileged webOS service calls, to execute arbitrary code. Revision 1 of this advisory.
1d17140c3eb6cc1162e5f385abb54a47406a923d9865f2affbf057a7c421b2a9