Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via an overly long "CSEC" HTTP response header. Successful exploitation allows execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.
88190841a21f5703514230e00d059f52693aa6867752ab05cf5658926bb7ec55
Secunia Research has discovered a vulnerability in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the nsepacom ActiveX control (nsepa.exe) when processing HTTP responses based on the request via the "StartEpa()" method. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Content-Length" HTTP response header. Successful exploitation may allow execution of arbitrary code. Citrix Access Gateway Plug-in for Windows version 9.3.49.5 is affected.
e3fca65bdb01a3b7b24ef54cae23d5e08cd0034667d410d5364cab845d4fe8a7
WordPress G-Lock Double Opt-in Manager plugin versions 2.6.2 and below suffer from a remote SQL injection vulnerability.
9b809a742da2c1d3b8cbdd4435983f048a1f070e4be8d8392cfd842d006b75ac
Debian Linux Security Advisory 2518-1 - Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.
c345c3a09eb83c7948689c2f863b0f6c17f32c2ddaaa2bf52d96090953f5df04
This is an anonymously written exploit that takes advantage of an Nvidia Linux driver vulnerability.
f7a37659c829209a18831e8b225b98e700c02613884ed687eade603d37da27ad
Digital Whisper Electronic Magazine issue 34. Written in Hebrew.
9d3515e953c4fea19a70d738a22dbbd64a0cfd2cadab8627a7b72a65fc6c77e5
Tekno.Portal version 0.1b suffers from a remote blind SQL injection vulnerability in link.php. This version was already known to have issues with SQL injection since 2010.
c71eed1836a67943fa03e0218fb566e5956562284ee6c837a7ec26e30d887446
A patch introduced a signedness bug causing any program compiled against the vulnerable version of eglibc and using optimized functions such as memcpy_ssse3 and memcpy-ssse3-back to be potentially vulnerable to unexpected code execution.
25b911fe8b4f2b91e78c752029493fa3f38d85cdc1a956089b72d784bc277137
Joomla Nice Ajax Poll component versions 1.3.0 and below suffer from a remote SQL injection vulnerability.
eb9f2498b2712b4c06f0df8709124960b7e70c6252b6b88c6df54785b9ebade9
Secunia Security Advisory - Red Hat has issued an update for xen. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
16b896cbbe66157888a3edebc1e084120e692c90e8dd0c2b51fb1bbe93b5845d
Secunia Security Advisory - SUSE has issued an update for libjpeg-turbo. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
e61418e5967b3edd01241839e1f9cc6553ea1522152ba7b2471601bae83c9944
Kaspersky Password Manager versions 5.0.0.164 and below suffer from script insertion and bypass vulnerabilities.
53e355d0fc50a9fec7ebf2047e20c8a7c1b599148c4bace69f48f443828c2401
ME Mobile Application Manager version 10 suffers from multiple remote SQL injection vulnerabilities.
ae7411ed882c229087606de45e1e4abc5acb2314bb4b5b6cb39bf6e3342837d1
Distimo Monitor version 6.0 suffers from multiple cross site scripting vulnerabilities.
8997d4bbe63b34cb1da238ba0f409d0e3cab0dbc64082cb95fb7bcf37f7dc08a
ME Application Manager 10 suffers from cross site scripting and remote SQL injection vulnerabilities.
a50989d261f748ee4f62122c4e43b2584d1fea5712f0797d462f4216c3837550
GunBound suffers from a denial of service vulnerability.
bf859e66462c1f387fd3f2dabafdc1b0339855e90aac393aac3e89a00a44b503
The Barracuda SSL VPN 680 suffers from a cross site scripting vulnerability.
c641f9ef4a8a30e7fdaac2382361b13880f98192355001d16a27c808e5239125
Barracuda Appliances suffer from a validation filter bypass vulnerability.
c222b5b36db2aca926df6332261353a3202eb98ce3597706a147c11aa1a06dae
Secunia Security Advisory - A vulnerability has been reported in libvirt, which can be exploited by malicious people to cause a DoS (Denial of Service).
9f2e8ca5a89f2c5d501fdea49f43da353011985d62cf01de905b1351c414f622
Secunia Security Advisory - Two vulnerabilities have been reported in Kerberos, which can be exploited by malicious people to potentially compromise a vulnerable system.
c9568499744a750e661d48164f746125e9161356c30e1c647a275b5c3228c26c
Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
8adae9f5fd18c590cb0789a875db24555e185bcf15abe3005135bf346b3241e4
Secunia Security Advisory - Debian has issued an update for krb5. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system.
e9049718a584c4502c3d5b97db8e540690fd872108152b1a36c0c80e46c0f411
Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service).
0b8185dd9007da0da65f2831d65d1f08f5e146db7dccb14083cf8198240ddf3b
Secunia Security Advisory - Two vulnerabilities have been reported in the RSGallery2 component for Joomla!, which can be exploited by malicious users to conduct script insertions attacks and by malicious people to conduct SQL injection attacks.
8f68a8b8ad0d3199333c07c436a3cd3930236a451b8673e1559d8fd15c48fc03
Secunia Security Advisory - Oliver Karow has reported a vulnerability in Dr.Web Enterprise Server, which can be exploited by malicious people to conduct script insertion attacks.
3b188db5b0899dec36da8130b99004bd387ed3311bf6ac0e994df56bf0bad7a9