Cisco Security Advisory - Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
c1019fa92a864c1cbf24264cb9ca2fdf792bbb2c1479a80d171478dcc51e4c80
Cisco Security Advisory - A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service (DoS) condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP). A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process. A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP). Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
45f87c7e6014bc5afcef7ed267b5ae0ea102b514f3ed6999a6a0c8350cffd0b7
Cisco Security Advisory - Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
da2cea29710b2e959d5d2cd57fab10f9c9b38bbdcd25d51d872e894c1efea2fd
Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible. Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
3e51714231b9499727494ed2f3a1c00199e2047f111996d612a81df59e0cbdf8
Cisco Security Advisory - The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.
25877787ab0cf62e446a4b927d9ae03879ae2628238ae18324c0e9422996d18c
Cisco Security Advisory - Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.
b8f96eb691d8e27b3cdc488d448cf6e46064ce022436739699ded820e784f3c5
Cisco Security Advisory - A malformed Internet Key Exchange (IKE) packet may cause a device running Cisco IOS Software to reload. Only Cisco 7200 Series and Cisco 7301 routers running Cisco IOS software with a VPN Acceleration Module 2+ (VAM2+) installed are affected. Cisco has released free software updates that address this vulnerability.
46283fd36b172576f35ca10b12a4f9724b2802a1bf8a6862267b3d021f024946
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by people to compromise a vulnerable system. An error within includes/login.php in the handling of failed login attempts can be exploited to store content in an arbitrary file within the web root. This e.g. allows executing arbitrary PHP code via a specially crafted request. Successful exploitation requires that "register_globals" is enabled.
7d72f52e14d3e1978ae72f73f313631c8265d2d019934dc7e4afc066f96c448d
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to manipulate certain data. Input passed via the "f" parameter to delete.php is not properly sanitized before deleting files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal attacks. Successful exploitation requires authentication.
7450fd8e62d2065d4bee6409cb1e2e3c46e4a4ad0a47d7eae22b538cda229e64
Secunia Research has discovered a vulnerability in Pulse CMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "filename" and "block" parameters to view.php is not properly sanitized before being used to write to a file. This can be exploited to write arbitrary content to an arbitrary file via a specially crafted POST request and allows executing arbitrary PHP code. Successful exploitation requires authentication.
40307d5c43ea3eab74e5803b290ea245c236721a099a25f9d6231058a5d34a33
libdvbcsa is a free implementation of the DVB Common Scrambling Algorithm with encryption and decryption capabilities. It comes in two flavors: a classical single packet implementation and a faster parallel bitslice implementation. The parallel implementation can take advantages of MMX, SSE, or Altivec instruction sets. The parallel implementation can process MPEG TS packets at 300Mbps or more on recent processors. It has been successfully tested on processors with different word widths and endianess.
0a57f0373a1ae1cf2dd565f26041f20a99332860e1833636a651fc4c9f1cfa68
The Joomla Wallpapers component suffers from a remote SQL injection vulnerability.
b22df1973fbd6637ed90c5b4821e92a704c435d5d58cffffa1f9c27c4f0a2230
Multiple Lexmark laser printers suffer from a denial of service vulnerability.
841ee8594d3134ad52863f80eadc2624517a74d49b50c5a701b129085d46e979
Ubuntu Security Notice 918-1 - It was discovered the Samba handled symlinks in an unexpected way when both "wide links" and "UNIX extensions" were enabled, which is the default. A remote attacker could create symlinks and access arbitrary files from the server.
bd283a2db41d2217a96503c0a4190247aaf02a865407552ee662cacd6848654e
Ubuntu Security Notice 917-1 - It was discovered that Puppet did not drop supplementary groups when being run as a different user. A local user may be able to use this flaw to bypass security restrictions and gain access to restricted files. It was discovered that Puppet did not correctly handle temporary files. A local user can exploit this flaw to bypass security restrictions and overwrite arbitrary files.
17eef93c81a5147eefd3cd3d1872dce9264982cb263d0d7ea0bd857a79f2feda
The OpenCMS OAMP Comments module version 1.0.0 suffers from a cross site scripting vulnerability.
0d91df4096bf129abbfd8fab3373b7979734af8faebdf3e59f3016941a842367
E-PHP CMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.
ac461835697dcd871e38b1b875eeaba53e4c4935d12044eb156cfefdc89993c6
The Joomla Universal component suffers from a remote file inclusion vulnerability.
ca9e7d286bd71f282850add302faa64f1eef2bd18dc99a41128fa3543cce6c00
JITed egg-hunter stage-0 shellcode (permanent DEP bypass).
c0457bd37fa64a3dd66bfe32d6241af964f283e3fe7bec27a59d2d87f5a45c82
Smart PC Recorder version 4.8 local crash exploit that creates a malicious .mp3 file.
f0f3d82b9a011cc28d798bb4e70f9c80faa595d9bd4ca88872f0d543e1e48607
Easy-Clanpage version 2.0 remote profile page blind SQL injection exploit.
87200a679d787cd2b2601b8d404592020627476c183198633f1aaf7178ea22fb
OpenSSL Security Advisory 20100324 - In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL.
3cf5a241a759df02e4d637d7771edfa021c95951c620577159d5cc0dd584eb6a
Secunia Security Advisory - A vulnerability has been discovered in the Real Estate Property component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information.
1af3a7cddff85558719942f4eeff734cdcc30b89221edf92f903b20ef320d1db
Secunia Security Advisory - Red Hat has issued an update for kernel-rt. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service) and potentially gain escalated privileges.
e3ca26d8e7fa975a4fe34d3519166e5b5e2ddc23371dc353fd9e78a64c364cf4
Secunia Security Advisory - Ubuntu has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
0857374575c9ceceec47fb20e4c007151584aba3f97452733f80148b771938e9