Secunia Security Advisory - Two vulnerabilities have been reported in Cisco Intercompany Media Engine, which can be exploited by malicious people to cause a DoS (Denial of Service).
83a47dafeebd761a5854e93175438b7ba67a4e5dd3d2a63b950e7869d31160b7Cisco Security Advisory - Cisco Unified Communications Manager contains five (5) denial of service (DoS) vulnerabilities. Cisco has released free software updates for affected versions of Cisco Unified Communications Manager to address the vulnerabilities. A workaround exists for the SIP and Packet Capture Service DoS vulnerabilities.
9203ef304f7ca355a829e3b6b8ad4816d3ac1be10947386380d0bea05afe0f5dCisco Security Advisory - Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue.
961ffa1fc976edc98b7f96041bb64493d1fd4b1f388ad4cf6a7191575417a67fCisco Security Advisory - Two denial of service (DoS) vulnerabilities exist in the Cisco Intercompany Media Engine. An unauthenticated attacker could exploit these vulnerabilities by sending crafted Service Advertisement Framework (SAF) packets to an affected device, which may cause the device to reload. Cisco has released free software updates that address these vulnerabilities. There are no available workarounds to mitigate these vulnerabilities.
374bdf9736f97ff2f0eb95efc35d361132fed2c3ba771f777d55e3239280b5c6Apache Wicket version 1.4.x suffers from a cross site scripting vulnerability.
9d87eb45b2ffcd8b3e5d95c70dbb91a574fa76f889edb2004d29a8fbcd9e71bcSecunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
ddb83c791affff491a1f1c4262d763b277fb5c3ead633763d79a54be3cf08e85Secunia Security Advisory - A vulnerability has been reported in CommodityRentals Real Estate Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
a7e11fde4786ae6a831b3bce6715f7c67298983c4b0869f734816f1ff9898465Secunia Security Advisory - A vulnerability has been reported in CommodityRentals Real Estate Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
a7e11fde4786ae6a831b3bce6715f7c67298983c4b0869f734816f1ff9898465Secunia Security Advisory - Red Hat has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
93a6cd2d0772934f2667adfc40e8834e5981c1284fd6c14c18da9f172f25cffbSecunia Security Advisory - Red Hat has issued an update for system-config-printer. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
0a68082b956f556170b95ae206bcac01efe26772a84f0f3762bdfd279a340b41Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to potentially compromise a vulnerable system.
bfbff9d47873a29539d479fc03f34334cbf79000ae5becd18f7394d73ca0116aSecunia Security Advisory - Ubuntu has issued an update for ecryptfs-utils. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
02b8621a22a1175195155bb6aeff5b6fecc55fc13600815f160f923f9a1d71c5Secunia Security Advisory - A vulnerability has been reported in Tourismscripts Hotel Portal Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
683d1c7f6d7061817832e0d07020d45fb4116f8d063e6c2962f02e76819cf698Secunia Security Advisory - Kingcope has discovered a vulnerability in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
71b9eebcf61d04c5330a43520789ea82ee76415ec7c0e2a29eeb5b56eafee71bSecunia Security Advisory - Multiple vulnerabilities have been discovered in ManageEngine ServiceDesk Plus, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
4fcf54e5c577c5146d22a1d1b0f2ad696878b99fb0b393394afbc0c2ea7ba507Secunia Security Advisory - Anil Aphale has reported a vulnerability in the F-Secure Gadget Resource Handler ActiveX Control, which can be exploited by malicious people to compromise a user's system.
6686df81e01fc0e665187fca4c6a1ff9c86f04c469d9f84a154cb13af4158670Secunia Security Advisory - A vulnerability has been discovered in Free Help Desk, which can be exploited by malicious people to conduct cross-site request forgery attacks.
4ca3244621d1ae5edfab2a59c96fb1af5b0d32caac02d34462034b44ac3c60d8Secunia Security Advisory - Eyup CELIK has discovered a vulnerability in Shopzilla Comparison Shopping Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
3c37a5f02af67ab93133ab1285e1ec225557216a00e7aa8129d82894e44bfcf2Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
e08b070091b795f87e546046e1c9d63568234479f3355f09c72d4b6d11889cbdZero Day Initiative Advisory 11-275 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x11 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.
4472d24a47f68f6fe37528e24b7007cab02511745fc6c58a5f52efaa4096cfeeZero Day Initiative Advisory 11-274 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x140 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.
bf080c25cf7ed5223b661feb02b0fbc59089a06d8f53ea2bf8c3aa79a319a20fZero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.
62ad84452673f5980d9432a20873597e7b2dc982e025209bf40e680a5292bfa4Red Hat Security Advisory 2011-1197-01 - Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
31a1e73dbcf9570c1928d4f8c950e9a48bd851927e0dc5d2005acb78fa4abca6Red Hat Security Advisory 2011-1196-01 - Updated system-config-printer packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the privileges of the user running system-config-printer. All users of system-config-printer are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-printer must be restarted for this update to take effect.
b09b720a95fb3cf2be45b8d6a86bb67bcd41aceb22960a30aa54b9aa88ca8f10Red Hat Security Advisory 2011-1189-01 - Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service.
d97ef6720ae8e063983b3824218d93b24db61be0bd9859deee9eb835fea7f6a9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed