Citrix License Server version 11.6.1 build 10007 suffers from cross site request forgery and denial of service vulnerabilities.
2b9104ba28bdb97b62d26b0a430b574efb2a5eae5fd46f35c16cc5d5c118453bnSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
1287538d9d82e32529c0d747e336f8c5ebf4984b6eb88af17ffa07e9b262328dnSense Vulnerability Research Security Advisory - The coreservice.exe process in Procyon core server versions 1.06 and below contains a remotely exploitable memory corruption flaw which allows for remote code execution. The affected component is coreservice.exe, which listens on port 23, running as SYSTEM. Sending a long string will trigger the overflow.
922acef938ae8deb176229f5e0792d09103f2de6f8e5b7312b17de91b92ff373nSense Vulnerability Research Security Advisory - The default configuration in Azeotech DAQFactory allows network connections towards the HMI without authentication. This allows an attacker on the network to shut down the machine running the HMI software by sending a simple packet.
8a08b9d43fbf3ae9966c1c2359f63e48b085f95564403cf9d414af76d275d1b5nSense Vulnerability Research Security Advisory - Adobe Flash Media Servers (FMS) versions 3.5.6 and below and 4.0.2 and below suffer from a denial of service vulnerability.
7e626c6eab58c87b89031859246abce098102e446fc040aa85a6e11b9a71fbc7nSense Vulnerability Research Security Advisory - It is possible to cause a denial of service in Novell's LDAP-SSL daemon due to the system blindly allocating a user-specified amount of memory. Exploiting the issue on a Netware system will cause a system-wide DoS condition.
972238c95111a6fb64022b85c2982b7c92402fed540695e47f81e34f5d96e993Sybase Afaria version 6.0 suffers from cross site request forgery vulnerabilities.
0fdfab6c5149f5c8a24dc2ddf5111eb22b65af7ff7790df17a9f9cb42a592af4nSense Vulnerability Research Security Advisory - Cisco Unified Communications Manager contains a setuid binary which fails to validate command line arguments. A local user can leverage this vulnerability to gain root access by supplying suitable arguments to the binary.
7753a39b108bbf87882e557edf6889f7527b71f82f2ad3c34860d2be9f3bdf91nSense Vulnerability Research Security Advisory - Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected.
be0006662c3db8dd0bb9877ae4a9ce05a5bb18b964135f696d2609daf428de1a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed