Secunia Security Advisory - A vulnerability has been reported in Sun GlassFish Enterprise Server and Java System Application Server, which can be exploited by malicious, local users to manipulate or disclose certain data.
145eb52a4799c0a95d8f1674427088f8da0ad0d33bb972225cbfc4050015fff3Secunia Security Advisory - Multiple vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious, local users to manipulate or disclose certain data and cause a DoS (Denial of Service), by malicious users to cause a DoS, and by malicious people to conduct cross-site request forgery attacks, cause a DoS, or to compromise a vulnerable system.
bfd947a8098a77dac5684b952f4d97e3b3c4f8ea5ea7ba8f1b689606bd2f35edSecunia Security Advisory - Fedora has issued an update for qt. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.
5dff9eb9e1a44f4b0fc5b2c713a7e7def47e2971ed3342b2ecebc00ec7a7f7a8Secunia Security Advisory - A vulnerability has been reported in I2P, which can be exploited by malicious people to disclose potentially sensitive information.
2b9046434e4a29264c4cf0db1d8f582890fb0fa4bdce3fdfe4f9e0e86a9eae58Secunia Security Advisory - A vulnerability has been reported in OlyKit eBay Clone Script 2010, which can be exploited by malicious people to conduct SQL injection attacks.
ff949c9fe3a10a15c5d4424d9502a8ee1eaa7fcd640bae6a106a5845cedd8071Secunia Security Advisory - Some vulnerabilities have been discovered in Mortgage and Amortization Calculator Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
2c5fb3cd2cd274b639a7af55ed8109fc69f589e38f1a69ecfbdef86fd4147003Secunia Security Advisory - A vulnerability has been reported in 2daybiz Custom Business Card Script, which can be exploited by malicious people to conduct SQL injection attacks.
ef06d97be93e122446f81e853aaf55710e50e9776204b692f98c634ad76e6062Secunia Security Advisory - Oracle has acknowledge a vulnerability in RealPlayer, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
668a9fe13ca28e02b9f92932b216801b98415f946a11b5a361314b091fca6e03Secunia Security Advisory - Oracle has acknowledge a vulnerability in Sun Solaris, which can be exploited by malicious people to compromise an application using the affected library.
de7cc1675c8ee2e99f6a38a0681b744f5e7504a67c415c7a6d16e53e40a8a2faSecunia Security Advisory - Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
f13fb1602cacd20209f7400f95d487444768ab9194876eab54e2210ce2c3555bSecunia Security Advisory - Ubuntu has issued an update for ghostscript. This fixes multiple vulnerabilities which can be exploited by malicious people to compromise a user's system.
3f9a8f84cea48760244ca91070f3a82a0b3b302bf519e40ec9f445cd91119178Secunia Security Advisory - A vulnerability has been discovered in Campsite, which can be exploited by malicious people to conduct cross-site scripting attacks.
e9ff24860ec16780e5fbcec629b8f97b1514a7852a8cf22560f4433d545ba0b1Zero Day Initiative Advisory 10-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the solid.exe process which listens by default on TCP port 1315. The code responsible for parsing the first handshake packet does not properly validate the length of the username field. By crafting an overly long value in the request an attacker can exploit this to execute arbitrary code under the context of the SYSTEM user.
09a594428fe5144b5d55c44a064d4fd3f3446333fdced8903b468d07f28a9aa3Zero Day Initiative Advisory 10-124 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
f3eb8b93e738858b3c6e2a5e1d54e8b3d36f41f83639ca0370ec81c55f379812HP Security Bulletin - A potential security vulnerability has been identified with HP OpenVMS Auditing. The vulnerability could result in a local disclosure of information or elevation of privilege. In addition, a potential vulnerability has been identified with HP OpenVMS on Itanium platforms. This vulnerability could be exploited locally resulting in a Denial of Service (DoS).
39c0d11da89787baaf3c0b0dac7b12f69810b7a422b6fbe96bac6ceb6c5154b0Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.
5d7636d4025d8667dd9edaf1762d3650f321ba8bf02999b83dd50d2261a56effTechnical Cyber Security Alert 2010-194B - A large amount of Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
5d39915f295318f0c13ddb691bc6cb2e44b7ba729140fe7a42d65b94d3861c77There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability can be triggered by creating a fake database (.rec file) on the system and calling remote procedure 7 of ToolTalk database server pointing to this database, leading to a heap overflow.
d52652680c2282a365582b370699c7a5d7ea1fad7ca3f74abec30bf475ffe69dSecunia Security Advisory - A vulnerability has been reported in Sun Java System Web Proxy Server, which can be exploited by malicious people to disclose potentially sensitive information or manipulate certain data.
9e38ee7821a9e97f8ea435a18129da2d9107e23fd62c488d8c4f8ba1b999d99bHP Security Bulletin - A potential vulnerability has been identified with HP Client Automation Enterprise Infrastructure (Radia). The default configuration allows remote disclosure of information.
3b5831b3d034e6ac87804180979c6933c321dabfa21793949265ae24a6fbd436VUPEN Vulnerability Research Team discovered multiple vulnerabilities in Winamp. These issues are caused by integer and buffer overflow errors within the "vp6.w5s" component when parsing malformed Flash Video data, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted FLV file. Versions 5.572 and below are affected.
8fbaac671d34798bc99f557cfffe222926f9d45cd0c0e2cf9cd4975d2e5732d4This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials.
b97beb4e58e46d6a4719bd8417540a0d0f63bac1d2dbac31e1272e615cc3a6b5Arora Browser version 0.10.0-1 remote denial of service exploit.
464a693b68d3103f918fcc7e499c7c5254f3704fc1386ad5554d93f7f6e7452dDiferior CMS version 8.01 suffers from multiple cross site request forgery vulnerabilities.
68862d8b3ca0cb1db27ff9190373f9678f4390b26c98b6114cd729d40e073a6dZero Day Initiative Advisory 10-123 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials.
1b6cb7c2d8ebbfb8aa18f8b3517e80976924e54abe93a72aade5cc60697221de
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed