www.microsoft.com suffers from a cross site scripting vulnerability.
718873ebed4ab7685e9145ba623627afMany different AntiVirus products suffer from various file-parsing evasion vulnerabilities. Some of the affected pieces of software include AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, and Panda 10.0.
cd1fc01e6197724e3a23b2d01055c03dGreenpeace.fr suffers from a cross site scripting vulnerability.
4753a9e11b4cb12238d566896e7eaf01ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.
22b3da91562b5553003f5850ffc6944fRed Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
0b1e438c26717b923003ac698aa0465dRed Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.
3e4d1d8f0f8720becbbd9b1a798952da360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
6e06196547dbe7a2a10ea4e6c7f8ca3bThis is a whitepaper called Pentest: Information Gathering. Written in Spanish.
2ca850ead2557a7defe47affd47c6ce8LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.
427d81acba32c9ed18437de98ddfe7ecDeathcore XP suffers from a remote SQL injection vulnerability.
bbd3561de4f6841842c4a5833a4ad0dbLiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.
cb262a31c03a7f7f3d46981dc687af77HP Security Bulletin HPSBPI02728 SSRT100692 5 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 5 of this advisory.
c32c14989910f7e2c2909b1435615f43Excode suffers from a remote SQL injection vulnerability.
a43cc11362d9de720dc49e517a70ac262X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
1450012685a5458cee5591d5dfd4355b2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.
fb12d3e817e693fc4975826b5c52f488FastWeb2 suffers from a remote SQL injection vulnerability.
dbf5bdf51d08ee4085ae9b44c6fb1f41RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.
6aa738f6130c4494f4e9ed3ec7402720at32 Reverse Proxy version 1.060.310 suffers from multiple HTTP header field denial of service vulnerabilities.
eee32c58673d40981fe29cc143d5dadbZinf Audio Player version 2.2.1 buffer overflow exploit that creates a malicious .m3u file. Written in Python.
38d87bc1976862de944c81e4739cbcf2RelativeLink.sh in Tor browser bundle has a small typo causing debug mode to be always turned on. This, in turn, may log sensitive information like domain names.
fec25cbfe811d5bb5e48fd96a45bfcf2Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.
a2d02263360c404d7ab4417987220b4bUbuntu Security Notice 1401-1 - It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.
fbd9b4226e29978e7c37b0daa2531688Hermesconcept suffers from a remote SQL injection vulnerability.
aec2a5b773e0679833e998c04a84d057Jeux Fille suffers from a remote SQL injection vulnerability.
3bf3575c010b7028d953cbfe401ab27ePCL suffers from a remote SQL injection vulnerability.
03a70715ebb9c8529f2ac774a69b00f9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed