Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by arbitrary program execution and local privilege escalation vulnerabilities. There are no workarounds for the vulnerabilities described in this advisory.
b6f62c24ad600052d82c60490ef64ffb9b47d1a6b4fbb76139a5453a3b92aadfEasy FTP Server version 1.7.0.2 post authentication buffer overflow exploit.
2a6596bad306c2f92f31a99a5af952a2ecb1fa44c6c4f1578665dd5c22713689Mandriva Linux Security Advisory 2011-105 - This advisory updates wireshark to the latest version. A large/infinite loop exists in the DICOM dissector. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark.
2f38c38e6d308c7c93fb99b72c981e9702b7cee1649aa9258e4d92c6c5b9ac01Icinga versions 1.3.0 and 1.4.0 suffer from a cross site scripting vulnerability.
0f2fcc0f2a5004f0756b8053320d1d9036538af9cf5fd71f737e368eb0f56a37Cisco Security Advisory - Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.
a9b9f6b84efd5f5410ccfdf9fc190f25c02e24a757639b8c1c38c6f42d3997fdVibrant Creations suffers from multiple remote SQL injection vulnerabilities.
21a32b3c8444e9da7647764ff7da708c99fe8429fdbf2caee691fc400498df72MediaCluster (mcCMS) suffers from a shell upload vulnerability.
06d93cc6955871384b4f90c0f60d2c884f75c514a2d5fd549c9b5b121b8fd2e7Netgear WNDAP350 versions 2.0.1 and 2.0.9 suffers from a remote root password and WPA2 key disclosure vulnerability.
cb5e3cabb4d54afcb646e5bcc9fe38768fc1bdbdea54fd02f0c0b642142df4c3Nagios version 3.2.3 suffers from a cross site scripting vulnerability.
a056b66c21311b190b7d847ea2b1659d52af13a17ea0e33a820d155730122899Cisco Security Advisory - Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
a5da1041cf885eced48a7af3b7acdb0686e61e90f3ff3a0f850f27a77b7a7177Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
6c73501b3f4ee218038777f46b6592c27d8398fe0ea571b5943f57bb082bc5a3Mandriva Linux Security Advisory 2011-104 - Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service via a negative response containing large RRSIG RRsets.
508ee1aa8ffd4f27a9758171dac332d4d481de68724feca7f6f389471dc75d4cA Really Simple Chat (ARSC) version 3.3-rc2 suffers from cross site scripting and remote SQL injection vulnerabilities.
249904eba1bb0a21fd20acb8fdb72e6d7161acae6fb1b1e2924b0fd886fc5e27Innovative Web suffers from a remote SQL injection vulnerability.
2617b117c0d794f9db284cf8cd1804c0c06743144af640c952c8fb51e06f0067Post Revolution version 0.8.0c suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
c326ab8cc2255d5e582a5a5c103cc9b9e6e64ac1effb215d3c8e08c05d0b1799The Cherokee server admin configuration web interface suffers from a cross site request forgery vulnerability.
586c995fad51dc5bd0787f10314d084e145efaa7e2f61ce7bc8aa7c1bf5970d3The VALID 2011 Call For Papers has been announced. This conference will be held in Barcelona, Spain from October 23rd through the 28th, 2011.
41576e3a99041238e6564d80dbda242c65c6cc165b2ca56696674b2f3d0bc356CodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.
37b2d92023e5ba909975303fa7fb686f9e8f69afae90052f86672f0c13a993ccDebian Linux Security Advisory 2250-1 - Wouter Coekaerts discovered that the jabber server component of citadel, a complete and feature-rich groupware server, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
0f0e08b40a952cc7e46f5001f5c290c85367e3af53eb2c045331c0fa34fa926fDebian Linux Security Advisory 2249-1 - Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
a991672c4d34580ef442852169e167e37d426325361127f31153c7141950080fDebian Linux Security Advisory 2248-1 - Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
de1900df9f3c9ee82372dc03eef9a63db5a89024f5837f7f77fe44f4b9d4e27bSecunia Security Advisory - A vulnerability has been reported in SecureSphere Web Application Firewall, which can be exploited by malicious people to conduct script insertion attacks.
8a05dd7d363bab7a969f9f78a5ffd7ce694af4ec1bd403cdee37f087a82a512dSecunia Security Advisory - Debian has issued an update for ejabberd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
416cc993727e0d1cb7f187e732f831942c207e6d0d78711736624bcd6b67a98fSecunia Security Advisory - SUSE has issued an update for gdm. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
81b430b2401177c84af1f31faf7a31a37276151469150f0bc56185a7c5470013Secunia Security Advisory - Georg Fritsch has reported a vulnerability in Wyse ThinOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
4ddbda0f1acb2346bd9b032e11411db32a486be77699d2474aec09fb48af53cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed