The Archin WordPress theme suffers from cross site scripting and various handling vulnerabilities.
79feda0b7bd00e685a77a7bcc11ae8076e0fd00fde04b69a0ff51a66722cf77eThis Metasploit module exploits a vulnerability within the XGO.ocx ActiveX Control installed with the HP Application Lifecycle Manager Client. The vulnerability exists in the SetShapeNodeType method, which allows the user to specify memory that will be used as an object, through the node parameter. It allows to control the dereference and use of a function pointer. This Metasploit module has been successfully tested with HP Application Lifecycle Manager 11.50 and requires JRE 6 in order to bypass DEP and ASLR.
ec3a92a54d30ec8115475aa2f9d8a0f18702ad62a555db9aaf6b1450a030cadaThis Metasploit module exploits a vulnerability found in Auxilium RateMyPet's. The site banner uploading feature can be abused to upload an arbitrary file to the web server, which is accessible in the 'banner' directory, thus allowing remote code execution.
a7035c9bcda8b50beee473cbedd67c5154d287ee3c5a962c820f3de3648682e5Gentoo Linux Security Advisory 201209-10 - A buffer overflow vulnerability in Calligra could result in the execution of arbitrary code. Versions less than 2.4.3-r1 are affected.
5decd8ff65fe8a1b1527e651245de456fed8b6ea20110d38879f7fc56c0aa012Gentoo Linux Security Advisory 201209-9 - A vulnerability has been found in Atheme which may lead to Denial of Service or a bypass of security restrictions. Versions less than 6.0.10 are affected.
d094346e88952898b40a9e5b3d85bc12e1ea79a3936694eb8cf26a2d4330cf5eThomson SpeedTouch ST780, by design, has mixed content in the DOM during an SSL encapsulated session.
9f6490ea623fbe7b601d57d1e4cd0577e84849f09b056198d080aee040e37ad6Sites powered by Stoneast suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
fcb9049bb0be6dc14b6d0be1d5698d8cd3d24bbc7d027d589fba10bef8c93e78Security Explorations has announced that they have discovered yet another sandbox bypass of Oracle Java and have reported little in the way of details until the vendor fixes the issue. It currently affects all versions of Java. It's probably best to just keep Java off in your browser for now.
37fdc8d80a0b4d0df3960ac7a955595a2cb6e9d1152e90d378fc9a7f71ec1745Gentoo Linux Security Advisory 201209-8 - A vulnerability in SquidClamav may result in Denial of Service. Versions less than 6.8 are affected.
d70186bbdef09eaafa4a75996caa16abe3d0c445446747c67f8c21eb0c635815Gentoo Linux Security Advisory 201209-7 - A buffer overflow in International Components for Unicode could result in execution of arbitrary code or Denial of Service. Versions less than 49.1.1-r1 are affected.
a45c6de5880ee15eff807430f6579a8aebaf0bd37de177fb9d6c72f4d547f743Wordpress Plugin Token Manager suffers from a cross site scripting vulnerability.
d8b5aa91136d87d8690e965cca7c9c14444d8e47d614e655c71097afeb5cbc46Secunia Security Advisory - Red Hat has issued an update for multiple JBoss Enterprise products. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.
535960c7b95e78e7ce146861226ffa571fb5584f5da0faffbfd3bca1409f7246Apple Security Advisory 2012-09-24-1 - Apple TV 5.1 is now available and addresses issues relating to malicious media loading, memory corruption, and more.
8b08f2840773bcd43aa00f4439e1687a278652e1b463a125bb95947245e9cf9bGuacamole 0.6.0 contains a trivial buffer overflow vulnerability that allows connected users to execute code with the privileges of the guacd daemon. In the Debian distribution the guacd 0.6.0-1 daemon runs as root and allows connections from unauthenticated users. However, it fortunately only listens on localhost by default. Proof of concept code included.
21c45827b31f9112a4a0c027ff900505880422add95028ba0827c3398244682fThe current version of Dell's Data Protection | Access (DDPA) software for Windows (Build 2.2.00003.008 from 2012-06-14, released August 2012) contains and installs several outdated, superfluous and vulnerable Windows system components as well as outdated and vulnerable 3rd party components and drivers.
94bd37cd29972c65c66ecaa5cf64277fc3f8e5d39650d0466b7af17303cc6c54Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Wireshark included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
bda25736ef19cf31a54f54b391b42af64b1f84498418942a94914304663d0217Secunia Security Advisory - Oracle has acknowledged a vulnerability in International Components for Unicode (ICU) included in Solaris, which potentially can be exploited by malicious people to compromise an application using the library.
80d2909cffe4a158eaa917aa5cbc60bb2ade2a63b03fd1afe5708ef191939a85Secunia Security Advisory - Oracle has acknowledged a vulnerability in libsoup included in Solaris, which can be exploited by malicious people to disclose potentially sensitive information.
0ce9066620e9b3156f034b9383526917417dab10c65d096571d7b71a9e9d214eSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere MQ, which can be exploited by malicious people to cause a DoS (Denial of Service).
e3d7705bf5418baa802f1577042e5b174e7608145ce8363d26ec6ab3e57a42fcSecunia Security Advisory - A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system.
64f282fcce247d168cf43523c6e7c462cbb7b203bcd1547e4e78eb506e8232e4Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious, local users to bypass certain security restrictions.
b21495aedd182388696fad75cd22ac29210eba1b3d2bcea72c4aeacf8a72a14eSecunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Firefox included in Solaris, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, and compromise a user's system.
36834c0fdca6793cdd8e4649a5a1364317cc09979309f7f5b1f2cd7f66feba30Secunia Security Advisory - Oracle has acknowledged a vulnerability in libexpat included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
41e964a3f2cc18859e3d2a8aab15cb4e77853837ed3435717c99d46092578187Secunia Security Advisory - Two vulnerabilities have been discovered in the Token Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
d762a6b55ccb1a967e5c90dd8e9f2c5c7aa0762ffb20d8c585f2fc1052ba770cSecunia Security Advisory - Oracle has acknowledged multiple weaknesses, security issues, and vulnerabilities in Apache Tomcat included in Solaris, which can be exploited by malicious, local users to bypass certain security restrictions and disclose sensitive information and by malicious people to bypass certain security restrictions, manipulate certain data, disclose sensitive information, and cause a DoS (Denial of Service).
3a486de1a735397008b4787464f6a4e4b6dde3461853de96773875c75e28fcbe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed