Cisco Security Advisory - Cisco Unity Connection suffers from privilege escalation and denial of service vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
68c27023223083fc31438df0d9cc12dbMandriva Linux Security Advisory 2012-026 - Multiple vulnerabilities has been discovered and corrected in postgresql. Permissions on a function called by a trigger are not properly checked. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities. Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
f728f35a754010929427e9f14844f505Netmechanica NetDecision HTTP Server version 4.5.1 suffers from a denial of service vulnerability. Proof of concept included.
e1a7c744b61abe4bd2cd106ed702b736Cisco Security Advisory - Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding. Devices running Cius Software Versions prior to 9.2(1) SR2 are vulnerable. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious network traffic to affected devices. Cisco has released free software updates that address this vulnerability.
bc1eae254a9dc2bf95dea9809ed50608Dotclear version 2.4.1.2 suffers from multiple cross site scripting vulnerabilities.
f4e4d73faf5476faa61daefc13fadf36Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
9e94fa153cbc3f17e41f22a8b4bd0966ZipCart version 6.x suffers from an access bypass vulnerability.
da0051d73b9160d001bdaafb0d37a99cCool Aid version 6.x suffers from access bypass and cross site scripting vulnerabilities.
0c69121ff538ea7479ed4ea4da7aca8aYealink VOIP Phone suffers from a persistent cross site scripting vulnerability.
1356c22c62ef3603d02f11bd45485604This Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
89e2542c604e3e6e89bba3b879832ab3This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.
2d5f9b10f02a872dad2c7339ae14ed2aAliveChat suffers from a cross site scripting vulnerability.
4a395ee410d43709cec872a5936ab543WebfolioCMS versions 1.1.4 and below suffer from a cross site request forgery vulnerability.
4fdfba972fcd4fb5dec78d96ddf38872Netmechanica NetDecision 4.5.1 Dashboard Server version 1.0 is prone to an information disclosure vulnerability. Proof of concept exploit included.
aab2e7fe9ae81bf198f8ce01cfd7ac3bThis is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
019b8a52cdfa45c64282b47a5068cc29Ubuntu Security Notice 1378-1 - It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32 characters, this issue could be exploited by an attacker to spoof the SSL certificate. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
c6d497732c221a6c0a60ff2a9ac24a31Red Hat Security Advisory 2012-0343-01 - The IBM 1.4.2 SR13-FP11 Java release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
f9b74c4612832103615d8a6046b22b51Ubuntu Security Notice 1380-1 - The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Various other issues were also addressed.
cbf670852c7d33349683932e7de814a5Ubuntu Security Notice 1379-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. Various other issues were also addressed.
ce143cf8b1b8cc8e8cc1bb38636b82a1Debian Linux Security Advisory 2420-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
84ac30183d557321f669490dc38a7881BrewBlogger version 2.3.2 suffers from cross site request forgery, shell upload, and remote SQL injection vulnerabilities.
24481cc19b1eeff4a7f132784f17fc27Oracle Live Help On Demand Webcare suffers from a cross site scripting vulnerability.
6ee4e4cbe3c323e5762d508dcd67164eEuropean Central Bank suffers from a remote SQL injection vulnerability.
e38cfcf643b17354b7bf7339863df310MediaFront versions 6.x / 7.x suffer from a cross site scripting vulnerability.
83c1c9fec0d359bcc14efea81dfd02f2Bravenet Web Services suffers from a cross site scripting vulnerability.
309469266cd79bad7f78e411ed1953d9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed