Zero Day Initiative Advisory 11-150 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed omniiaputil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
5cae608b4f061f0bdeac095e6b52bf8be9df614690be9309a49f69f71b8cbdf3
Zero Day Initiative Advisory 11-149 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed HPFGConfig message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
17b36d9a153ba25eb0f48fa2727ebd386363cc4c2c096bf2e33a91233b975eae
Zero Day Initiative Advisory 11-148 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed stutil message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
14ad6b33b2133aa33a41f1b429593d7a750571285a3866cfc02b76ba1486de4f
A potential cross site scripting vulnerability due to improper input validation that could be exploited in certain situations has been identified in RSA DLP Enterprise Manager versions 8.x.
38cd844b80979478bd8aa20e4c0f59b355da0733e4ab4803455be0aa2f29a4f0
HP Security Bulletin HPSBMA02668 SSRT100474 - Potential security vulnerabilities have been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
9c6b87ea5a51d78a49db66ccdad31b9b08c6d84e9f30b33bad4401cde966ee15
Zero Day Initiative Advisory 11-147 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
f659da60986105d1ea92fed5ce5fbcb2bdd152491092cabd7115a457e3ac66df
Zero Day Initiative Advisory 11-146 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_SCRIPT message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
2a4c0b62ef746b84a16567288fb88b57249195bc7c85abb96758824c31b89e12
Zero Day Initiative Advisory 11-145 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed GET_FILE message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
fd833be83b009804f062058c2b0dd9fb78f7a2fc22faa3a3a6071d050d5dd951
Zero Day Initiative Advisory 11-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_BAR message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
6bee93a2fbb29c75cb6a138aa635508bdafbcda530ba4894b6930385c8a568e2
Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
bfe06d6b1b784c1c4bdfb25a05e8298f5ac717f5c05d83692ad45d3a1a061e3f
Secunia Security Advisory - Alberto Ortega has discovered a vulnerability in eyeOS, which can be exploited by malicious users to conduct script insertion attacks.
3197bde0e8770671d93e6ab53acd785c3b4358072758d90a538ac11024fdf75e
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in Data Dynamics ActiveBar ActiveX Control, which can be exploited by malicious people to compromise a user's system.
49ba6957afe21a48b8b773ed89ac05afe62bf9844ca0f293ebbdf00c06782188
Secunia Security Advisory - A weakness has been reported in udisks, which can be exploited by malicious, local users to bypass certain security restrictions.
3c4c6054194ae6803a247de08f590bb13fe4c5f825401029a463f6dc50e79f2d
VMware Security Advisory 2011-0007 - VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities.
5f83afe772b762282a93600a631d74790ef776e16da02e857f1d10bca8105619
Zero Day Initiative Advisory 11-143 - This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.
fa308914464bf01926e9a4d4ac3410d95c29f7cd0ee2f39af6da943a997c5e67
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
1c6787b2aad7dcc287b2e748379d1a9ab2ccbab299c5b0152f0272de2a7c8f3e
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
1c6787b2aad7dcc287b2e748379d1a9ab2ccbab299c5b0152f0272de2a7c8f3e
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted packet is sent to the JDENet service, and access violation is raised. As the process fails to process this exception, this results in a crash that would render the system unavailable.
fb00b7dfd1a4bfaaa317b021b77e77953255278969e2ee8cefab09d76246d5df
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted UDP packet is sent to the JDENet port, the JDENET service creates a TCP connection to the provided IP and PORT parameters. This connection could be used to access the JDENET and all ERP functionality provided through that callback connection.
0c98a162b3edfa493fb0a51d4bc92e4a10f6c96764005f2ec2eaeeb63450c32e
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a packet of a specific size is sent to the JDENet Service, a heap based buffer overflow condition is raised.
76921f4b4c1e91a19323ad91b682d4affa71e1a792efd459b4fefd21fe6aa43e
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. Several ways remotely deactivate the kernel processes logging have been detected. If specifically crafted messages are sent to the JDENET Service, the JDENET Kernel will stop logging for the kernel processes activities.
6c0cc09e84bd9e005ca7c9ae97cdf041b999375c2808d37a4e86b78a4569c0fd
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. It is possible for a remote and unauthenticated attacker to retrieve passwords of users that are allowed to login to the SAW Kernel (System Administration Workbench Kernel) in default installations of JD Edwards EnterpriseOne servers. As SAW users are allowed to, among other things, remotely execute commands on the server, the exploitation of this vulnerability leads to a full compromise of the server.
f5e070e8139c15730f71e2ea443c613b4a3d3b03b82fa0971259148856bc1535
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially crafted message is sent to the JD Edwards server, running processes of XMLCallObject Kernel, then arbitrary commands can be executed through the JD Edwards CallObject Kernel process.
34c7ee07435c2ddc8c251c76a97e1bc8cc1efd0ab34980d34fa7d069d940abff
Onapsis Security Advisory - JDENet is a network communication middleware that performs network communications workstation-to-server and server-to-server. It is used to call remote functions, to authenticate users and transmit information between hosts in a JD Edwards environment. If a specially-crafted message is sent to the JDENET Service, the JDENET Kernel performs a shutdown of the service.
495c315fad1554eb899346d39c9206a1fa99d8f13c9027b4c25f296d62c0b440
Insomnia Security Vulnerability Advisory - The ODBC service component of IGSS listens on port 20222/tcp by default. The application layer protocol runs over TCP and reads an initial packet that specifies the amount of data to follow. A second read then takes place and the data is copied into a variable length buffer. Next the data is parsed and during this process a buffer overflow occurs on the stack. At minimum this vulnerability leads to denial of service though remote code execution may be possible.
9b00196dabcaf93182f5a536e6c2c63ee2b1c359b79ac0f8472802f7bb57d00f