Zero Day Initiative Advisory 11-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. This value can be signed allowing the NULL byte to be written at an arbitrary address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
6ff956732b5f7f5743b6b55d69eb36425aa86fc4836dc1a32c8a0cabd05749ea
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco TelePresence Manager. These issues include SOAP authentication bypass, RMI command injection, and remote code execution vulnerabilities.
2279b02e90cd86dbc13becc622a5ef57fcba430ff6c4d1c352b719594dc541a3
Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. Devices are affected when SCCP inspection is enabled. Cisco has released free software updates that address this vulnerability.
2d3c304b1169c0947fbea1a762b1e12011ff5021a0b46976a1ef04bb54325ee7
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances are affected by a transparent firewall packet buffer exhaustion vulnerability, a SCCP denial of service vulnerability, a RIP denial of service vulnerability, and an unauthorized file system access vulnerability.
e76421e954aaa07cd6bf59eee71ec3dfe95a934bc32fb56fe6edae8a2ff01ed9
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco TelePresence solution. These issues include command injection, unauthenticated access, malicious IP address injection, and more.
97ae824371ddb74da2c469bdef6be6241f1177feac903333ba85b638323a3686
Ubuntu Security Notice 1070-1 - It was discovered that Bind incorrectly handled IXFR transfers and dynamic updates while under heavy load when used as an authoritative server. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
f3ee93eff5dd43e96835d6ac34baaa23b2dd16a87b9fde94a2ca80d1281683ed
Cisco Security Advisory - Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. These issues include unauthenticated java servlet access, command injection, file upload, denial of service and more.
61c7ea617941a186f5b3f36418eecc50bb5d47f751232a507474c95dee05d970
Cisco Security Advisory - Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. These issues range from unauthenticated java servlet access to denial of service conditions.
52bb50cf3d384bc587235c2c5aa3a2ff5fe913f2c1d20077463786e39a6067e9
Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.
ea5c67f8416addc10d7426c9a007de08e8c3a2a7563158dfc18282c74b813aa4
PRE-CERT Security Advisory - Both the 2.4 and 2.6 Linux kernels have multiple vulnerabilities. A buffer overflow bug in mac_partition in fs/partitions/mac.c (for MAC partition tables) allows for a denial-of-service (kernel panic) condition via a corrupted MAC partition table. A division-by-zero bug in ldm_get_vblks in fs/partitions/ldm.c (for LDM partition tables) allows a denial-of-service (kernel oops) condition via a corrupted LDM partition table. A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow escalation of privileges or disclosure of sensitive information via a corrupted LDM partition table.
ab0fe6ff6bc31bbaf5cc7f9b68d64070079062a5c296c403ff5d0954e13058cc
Debian Linux Security Advisory 2172-1 - Several vulnerabilities have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.
267dc10fad0c03e578ad3123414ea64b6e23736b2369d3414a6709c24c575ada
Ubuntu Security Notice 1069-1 - It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
fdba9a23075e131a564baf3270fe1ab05ec54aef3f93be54371d55937b4d212a
Ubuntu Security Notice 1068-1 - Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary files.
f936186c43ebc1ba3469742c7385b9e594e2d6a9049351c7ba02874a13de402a
Mandriva Linux Security Advisory 2011-035 - The tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. The updated packages have been patched to correct this issue.
bc3061e7437994cfa1e698306aec56aba5922b6fc005b13d7fec917c016f2077
Asterisk Project Security Advisory - When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable.
9b947dd4fce8b8d4d6dc7c6bc47a02bc75f6c9d8097ebaa822eda51e67ad2705
Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system.
02b775a4fb6312840e9cc1b7e1f935b68a715beb81dec606f7c73d85f1841f85
Secunia Security Advisory - A vulnerability has been discovered in TYPO3, which can be exploited by malicious people to conduct cross-site request forgery attacks.
66bdf4c247dc1c7cec7bdcc6171b63bb16ed45d1c26c8aa8ffe09b104448070b
Secunia Security Advisory - Debian has issued an update for python-django. This fixes two vulnerabilities, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.
061a8cd981a20ef0bf3a8411fad87fd020ae9dc68c1a6f0521ad078a8a8c021d
Secunia Security Advisory - A vulnerability has been discovered in phpMyBitTorrent, which can be exploited by malicious people to conduct SQL injection attacks.
23b239f6b150e7295a6f22dfe2c5dc0b47cadddb041ac948a9a1a28daa8471c5
Secunia Security Advisory - Red Matter Inc. has discovered a vulnerability in the Kunena component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
ea5e3d4b9260ac0241d49f31c5f62bf925fe36dcc9612d247f8c61109ebd7cca
Secunia Security Advisory - Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data.
a38271d16d09bb2e0ecfeae229f7820cfc4e4efbf52f30502819dc64a21ede01
Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM OS/400, which can be exploited by malicious people to cause a DoS (Denial of Service).
3e2be18544f72480af1f3ae92b8211116d469ae1c7838a58d70474118641f787
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-openjdk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
475e244e964ec73d526b9a17797de0916190f4368c48c8286ed04b45f1b58d51
Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
cf36d24fd43a44b8ac8f1e020edbd40e63d8b0aea455149579c97bb7223fc131
Secunia Security Advisory - Fedora has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
d8cc2c303863caffb0b3233d5b3d07f08f5f2e53975f36636e54a578328551af