Ubuntu Security Notice 1266-1 - It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted LDIF entry containing an empty postalAddress.
58a436e84f42572d8be969878e1cd235c16383652c96df9e01a7b6d8a6848007webERP version 4.05 suffers from cross site scripting, information disclosure and remote SQL injection vulnerabilities.
6527863421172bed1320a1beaaf760e10db2399f57d8d1c408408d39b2fe8524SAP NetWeaver suffers from an authentication bypass vulnerability in the CTC service.
acd1799151dd58a8e541f3f7f81d871ec30f13688f6df45a6dc99cabf056f139Red Hat Security Advisory 2011-1459-01 - Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind97 are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.
e468d1c0fe8f1b1825afe625add5bc7e03909cb44c5e165d121c828409c3447fThe SAP NetWeaver SPML service suffers from a cross site request forgery vulnerability.
322ab3a2b0d5f55c5b57691f980918122aa961043519cd3ac848bdaa88e9ca1bZoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.
11759ad39a70c1b72eb5634f99b277ad6cdfc9e7d8b29555043fd98c549dc901SAP NetWeaver suffers from a command execution vulnerability in the TH_GREP report.
c3dfd70888d86b64249ce6ffaa7d8426a73697ec5490a405e2af35c4743d2370SAP NetWeaver RSTXSCRP Report has a path traversal vulnerability that can lead to an SMB relay attack and full control of the system.
21855c07195fb743d05e10fc4148abc62479e631abbe3e8e1d6b011ef74209dfMandriva Linux Security Advisory 2011-176 - A vulnerability was discovered and corrected in bind. Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1 which is not vulnerable to this issue. Packages provided for Mandriva Enterprise Server 5.2 and Mandriva Linux 2010.2 with the MDVSA-2011:176 advisory had a faulty release number effectively preventing installation without excessive force due to a previous packaging mistake. This advisory provides corrected packages to address the problem.
197ccaed81762b5688aa08d8c25598393a3c9ed56dc71e6aabe506eccc2b58e4SAP NetWeaver BW DOC metadata suffers from a cross site scripting vulnerability.
68d97d678e3c0fdb4545781101c9713cebe198b3b21c2030417b80a51a588341The SAP NetWeaver Virus Scan interface suffers from multiple cross site scripting vulnerabilities.
bb8285b3a50293e1b7955490ff1a6f95c2a536a27d3d98b985e8678a317a3799SAP GUI BAPI Explorer suffers from a stored cross site scripting vulnerability that can lead to code execution.
f6883239887dfc0459693dd45a90be345741e71f87d44c9a5702b07adc70a47bRed Hat Security Advisory 2011-1458 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server, a resolver library, and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.
109068cfe1698152b9d3437fe8f154aa67bc2754de44075ab1266cbef01eb284SAP NetWeaver Mobile Engine suffers from an information disclosure vulnerability that discloses version and username information.
f887bedbaf6328e9e0090370a2ef1d312367550062ad97dcd452fb137b15cb06SAP NetWeaver ABAP suffers from authorization bypass, directory traversal, and SMBRelay vulnerabilities.
0aabc6d28819f80fb0cdcc88f63dbe1fcd8013c3f12b2c36acb808d75c57fb08SAP NetWeaver JavaMailExamples suffers from a cross site scripting vulnerability.
c04b25210d381f661a530f78c0f47f407ef68900b31b985bb2f0f7449bf26cebTiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected.
21ef97d86d440a917b5caedb85996e891e834ea1014f4979355b34a905298c19HP Security Bulletin HPSBOV02470 SSRT080123 2 - A potential security vulnerability has been identified with HP OpenVMS TCP/IP Services running SMTP server. The vulnerability could result in a remote Denial of Service (DoS). Revision 2 of this advisory.
bd809e6d2fb086758c2ca98895cfc16b117c4e67f77134f14d1b8a8f4db6d869The WordPress Flexible Custom Post Type plugin suffers from a cross site scripting vulnerability.
fee1493e19247201bae6078b7248fec39db259065399d0d9db505b56dfe63910PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.
ceb5c22d39fc6f90b7e680e8c9287c121c4d955d426bab53fde7a92a6c51c13fA reflected cross site scripting vulnerability in V-CMS version 1.0 can be exploited to execute arbitrary JavaScript.
c6bd8d414c203e4d7061c79f3542c1b5b217553d5e43319d293458513d863d05A SQL injection vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
df2dee289d5c87f204cf0fee719b33c99baed4a25e2a6f9f88c897389068853fAn arbitrary upload vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
9b9778fc86835a6bdf9f0531d06a9035e7c2a698cfe50ecd0e20362d22be8cd2A directory traversal vulnerability in Herberlin Bremsserver version 3.0 can be exploited to read files outside of the web root.
950c47363f210cdb881bcfb068ccaf7f685f850f0d610b4a2d6acc3361bd64caUbuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.
359ddbd8a20109cf0cd0c50fb699368bbf5e8dbb3241a43302e56fbcca6dbd33
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed