A remote code execution vulnerability exists in the way that Microsoft Excel 2007 SP2 handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This is the same vulnerability that is referenced in MS11-021. Proof of concept exploit code included.
9a5d1f96fbe02680c7966f213409b939e32dceb7cdd048b0e6ab2e26c9aed2cfCisco Security Advisory - Cisco Small Business SRP500 Series Services Ready Platforms contain an operating system command injection vulnerability. The vulnerability can be exploited via a remote session to the Services Ready Platform Configuration Utility web interface. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
0778862bf9fa19104435b1722feca5da37fb341ae1519f5ec6815b4acba36416SetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.
2c7d6fde362078986308ded7ffb7656180b3a2a54c0736c861bf3fe6f0c9453cIt was discovered that a local attacker can send a malformed USB hub class descriptor via a malicious USB device and trigger a kernel stack overflow in Solaris versions 8, 9, 10, and 11 Express.
a80d1f9f52f13b9e8415d9d58079861c76c46a4c8467e2a7cfa25f5c7369fe03Google Maps suffers from an open redirect vulnerability.
aee1da50d87ec097baea750b5d4f0d6957a5a88360a5a737ab62d26afcd11f9fThe NATO Research and Technology Organisation (RTO) service (Organisation pour la Recherche et la Technologie OTAN in French) suffers from a local file inclusion vulnerability.
ddc802549714d9973c40c51236b45d28ad3274b4723797e32a1a7adb5e57cd5aCitibank CitiDirect Online Banking software is forcing the use of a vulnerable version of the Java Runtime Environment, again.
10db1585f570c0c0436c5668ad5955bf1a4e6b12f877810cf62870beabcefb0dThis is a basic TCP SYN scanner that is multi-threaded.
05a84a886d1c59a2eb79d1ef37a2e76d8540fbc184e6059c4dbc8ef23136fb77Efront version 3.6.10 build 11944 suffers from cross site scripting and remote SQL injection vulnerabilities.
3278059d1102def6193bc6a5a50c9ac3e596bb1a775fbbf9d7af34f53340e4dbMandriva Linux Security Advisory 2011-164 - This advisory updates wireshark to the latest version (1.6.3), fixing several security issues. An uninitialized variable in the CSN.1 dissector could cause a crash. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.
db68935e03bc26d480a3863e093cf87d2a9d9d664061a92252578d30c1c013c0Mandriva Linux Security Advisory 2011-163 - Multiple vulnerabilities was discovered and corrected in phpldapadmin. Input appended to the URL in cmd.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Input passed to the orderby parameter in cmd.php is not properly sanitised in lib/functions.php before being used in a create_function() function call. This can be exploited to inject and execute arbitrary PHP code. The updated packages have been upgraded to the latest version which is not vulnerable to these issues.
6a8eb2c9e6fc20b6430bd1ef4c22501633d729e8da1461de60a868adcbc1ea75An exploitable integer overflow in Apache allows a remote attacker to crash the process or perform execution of arbitrary code as the user running Apache. To exploit the vulnerability, a crafted .htaccess file has to be placed on the server.
de93709165ae3da045b8b7cd8bcaa006e9c80ce8ed576e25755ced04b4c304ffphpMyAdmin suffers from a remote arbitrary file reading vulnerability when using a simplexml_load_string function meant to read xml from user input.
e9107c1ea9ecd076a0b594c54978d18ecaa5e210966639afd6ab79b6715853a9BestShopPro suffers from cross site scripting and remote SQL injection vulnerabilities.
540a1e2899f1eeb5b42cd9faa97a86991ef8385ac014a8a49b99929f96f955f1Calibre E-Book Reader local root exploit that leverages PATH manipulation and a suid mount helper.
e5fa170d241da03c918fe3a8ffb3e7a7364e4e4825c16fc83ac7bd17e8ee6b78Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Sunway ForceControl and Sunway pNetPower, which can be exploited by malicious people to disclose system information and compromise a user's system.
bc54e8e45cbb92b2ad5a93e790fa46a5117048116d354fb03e5f44a424d7c813Secunia Security Advisory - A security issue has been reported in Dolphin Browser HD for Android, which can be exploited by malicious people to bypass certain security features.
6e0a51185511bc7efe2f02a467490327e464ecea93b3406acdc24b7681794ac7Secunia Security Advisory - A security issue has been reported in PHP, which potentially can be exploited by malicious people to compromise a vulnerable system.
a13ce4cf55e804f1fd5b68ae77508fba6d60191ed633351a698b3da3964e3f25Secunia Security Advisory - Fedora has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
50b00562c9f468f6d79f1e0020853c15efb8d6ea3599ed26213040cf48a2ba5aSecunia Security Advisory - Multiple vulnerabilities have been discovered in JAKCMS, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system.
b309ae08119745205af18bb27ee9e53d53278ab05bbc62f1602b1622c60e718fSecunia Security Advisory - Multiple vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system.
75acfa20e6de8a7da821d28f9237e1c136d38d2a6f4a7c22724ae437dc1e6280Secunia Security Advisory - Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
8f2efa6baa1dd4ef499fa3ff006d93aa0f85850f1e3a3176e9aa038583cb8e94Secunia Security Advisory - Attachmate has acknowledged a vulnerability in Attachmate Reflection for the Web, which can be exploited by malicious people to cause a DoS (Denial of Service).
cf104de270512b47811c1c203afcd79e531d56aacafbb4b84ed60f4f7d840e7aSecunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.
8da9bdf1a06c4f9ad271e187805f984b5686a23c370ecc2550b6e9be4c2992c0Secunia Security Advisory - A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks.
d0a802f61456e731fc7e9c76326b74ba8a365f29eb649dbfbed48322681967b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed