Cisco Security Advisory - Cisco Unity Connection suffers from privilege escalation and denial of service vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
d92d9b14e9a4b27d2110450fc1e22d5c701454277099f0a6e84388632eb60a92Mandriva Linux Security Advisory 2012-026 - Multiple vulnerabilities has been discovered and corrected in postgresql. Permissions on a function called by a trigger are not properly checked. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities. Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
58823cceba466692ad13c21cdfd598a07b7adba85c277925ad3952248d6683a2Netmechanica NetDecision HTTP Server version 4.5.1 suffers from a denial of service vulnerability. Proof of concept included.
ca7ef23ba9cddc766da91fa094b455ac195767a04b5de95766cd28f60896aac8Cisco Security Advisory - Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding. Devices running Cius Software Versions prior to 9.2(1) SR2 are vulnerable. A remote, unauthenticated attacker could exploit this vulnerability by sending malicious network traffic to affected devices. Cisco has released free software updates that address this vulnerability.
fd010e4e40e30827b02ebca240977bc17896e8c204fb1121463994ac1d278c59Dotclear version 2.4.1.2 suffers from multiple cross site scripting vulnerabilities.
1633e6f76281da7b22a07b63915222b61722ccb291e2995dfcf8a370d633aeccNetmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
4f4a2b5632ea55b2d28166670eeaf8ab65b35106db8518ff6257c36d4a0c1575ZipCart version 6.x suffers from an access bypass vulnerability.
0e9f709682d4ce2cc90cfcee885a9245af53e3bf08a6c86a5d9e2949587d7bc2Cool Aid version 6.x suffers from access bypass and cross site scripting vulnerabilities.
ceaebd230146d69ac1a7302356242e64c1ac00d8647db62d251525c7328404fdYealink VOIP Phone suffers from a persistent cross site scripting vulnerability.
1c5d7a80bb2cf3d1f660ade3a9a696b35ca2ec64015f60892c18290b1f7c608cThis Metasploit module exploits a vulnerability found in ASUS Net4Switch's ipswcom.dll ActiveX control. A buffer overflow condition is possible in multiple places all because of the poor use of the CxDbgPrint() function, which allows remote attackers to gain arbitrary code execution under the context of the user.
5a0d5660197cc09bd3b197a510a2691b26d23e0b9efcd8f318ca25b4b430ea47This Metasploit module exploits a stack-based buffer overflow vulnerability in IBM Personal Communications I-Series. The issue affects file parsing in which data copied to a location in memory exceeds the size of the reserved destination area. The buffer is located on the runtime program stack. Versions tested: IBM System i Access for Windows V6R1M0 version 06.01.0001.0000a which bundles pcsws.exe version 5090.27271.709.
466e2459c3b7c7835607910609c5997d620ec132852f11a98e5e4ee4f42e0214AliveChat suffers from a cross site scripting vulnerability.
3ba907a2a1ddde8f9eeafe44610f701ec4c866da849c021d82239b377383029dWebfolioCMS versions 1.1.4 and below suffer from a cross site request forgery vulnerability.
0849389ad4d6fe3af34e505d20e49d82b9c9e5c38b3487cb54bffc1e05aee6f1Netmechanica NetDecision 4.5.1 Dashboard Server version 1.0 is prone to an information disclosure vulnerability. Proof of concept exploit included.
9e78999e2f80125d161a1e724c61cc2d21074ece71a296f2bd0eb7164fdb24ceThis is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
31cef28f3ae91f47c652ada6f2b786f3ba4d464050c6d2c3cfd46b5a0f99df82Ubuntu Security Notice 1378-1 - It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32 characters, this issue could be exploited by an attacker to spoof the SSL certificate. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
15354f617687e5b1aa22fb70189dc40c214e0a0db7ca57569398efa37eb20a24Red Hat Security Advisory 2012-0343-01 - The IBM 1.4.2 SR13-FP11 Java release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
016430a2d87fdded37d3c1af086eef2cd6dd0762d89388c1ddf19287ce40fc47Ubuntu Security Notice 1380-1 - The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Various other issues were also addressed.
75b2e946d5ac4bde2cd9ccb2f923e5ac56c71eccf01382aa1830ca8d92bf01c6Ubuntu Security Notice 1379-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. Various other issues were also addressed.
d97988a146bf536d15292678f886a31e40031833fe724ea17074beea34a4a56aDebian Linux Security Advisory 2420-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
fa1b83bdce1c8a57ecb30bfd91b17d3c396d3e17e373a4a5a9bbff32d14720f2BrewBlogger version 2.3.2 suffers from cross site request forgery, shell upload, and remote SQL injection vulnerabilities.
674b26c64d971b9a144e02536d38c471153b34e1b24f8b7e3dc3d6f7ef29a66bOracle Live Help On Demand Webcare suffers from a cross site scripting vulnerability.
7e4f2111017c66130c9ae165a74c12a728cbd0c8a2ff74c16cbbac908f8ac1a3European Central Bank suffers from a remote SQL injection vulnerability.
10f0d549cf310d858a1b2e73ce8e57e3f013bbc82d4cf188d703935ff27417d3MediaFront versions 6.x / 7.x suffer from a cross site scripting vulnerability.
a63b9fbc20dc44405b79e7f717e234f5e14aec187385aa611dc39a17d0ed1753Bravenet Web Services suffers from a cross site scripting vulnerability.
13e0082063b74510016efa214322429d1ea204a41d51404d33e56e83e8b7b8b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed