IOActive Security Advisory - A vulnerability exists within AscoServer.exe of SIEMENS SiPass during the handling of RPC messages over the ethernet bus. Insufficient sanity checking allows remote and unauthenticated attackers to corrupt a heap-allocated structure and then dereference an arbitrary pointer. This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where the vulnerable versions of SIEMENS SiPass Integrated are installed. More advanced payloads could modify the behavior of the application’s internal controllers to unlock doors, control specific hardware, or expose businesses to other security risks. SIEMENS SiPass Integrated versions MP2.6 and earlier are affected.
6c360fd7a497194cefa22ee03fee415561bb9f756de284b4f7fa3b2eae5e5953Drupal Password Policy third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.
4f166deab0186f97644f13236a2f760abbe59ed8082944d698f4cbd95cb7eb4eCisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability.
2f82b42df8ccd88fb4ed8096916f6700e1ff0b044532fae2f1f4d025164daad8Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities.
e553338547e8f9516a41ca14cb1fb5ac3c1728638db05b0a8e2505e5ba2cfb72Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
2ee2db415b12689d6f8289e311590b5173458b14e6d21c07db0d0e896dfa554fSlackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
c6a10f7c783f25af980baa9677e29d3844b6b8d66aa84bd550ece405e4b4753aCisco Security Advisory - Cisco Unified MeetingPlace Web Conferencing is affected by remote SQL injection and buffer overrun vulnerabilities. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
c8372cfbc399ee23d63927afafe27e610a6548cdd057c146f8b92cfb306c4d46bloofoxCMS version 0.3.5 suffers from multiple cross site scripting vulnerabilities.
7f0652486b0b291eaf4ebee1cf69d8a112da0619edd1c1b47c453d40da74eb4aUMPlayer version 0.98 suffers from a dll hijacking vulnerability.
0346a1414dcfdb72c89580ced7c9e21057d21993cac2959f40ba81ffa39dc871Sites powered by 4ColorDesign suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
8451d79734a9041baa396067cef45b7d89b3387d7a743f011734c5ab2f20e5f5This is a python script that scans webservers looking for administrative directories, php shells, and more.
ff7251ea44de62a616b371d565e92e2f876c702145c837892f6b213ac06e1b31Sites built by VICOM STUDIO suffer from local file inclusion and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
be47a7fcb6978ccd66bcb0aa815c774e9705f375b723c1fa20793fb2813c0aafSites designed by Keshav Infotech suffer from SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.
05e33709bf75e4ca9c8b145bd1ae0133f69517c6eb0d6523941dcc3bde6eea38Sites powered by DATA Estudio suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
fb6fe9d8b4db47ed8317afc07acf2199e7f10925c700f42c0852b807ac4038d3Sites designed by 2Point Solutions suffer from cross site scripting, remote SQL injection, and local file inclusion vulnerabilities. Note that this finding houses site-specific data.
b3e51a3c2727df62feacdf264759aa35468da518c44c7cc4c7ee9e0466b16224Sites created and hosted by SIGMA COMPUTERS suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2b579827db4c76e68f3ab7495217d701009afb5c8e916aada451d84dab1ac930Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
c1f24152c07bbe030f65ae410ca73ada753142bb342f4bf1e84856e3c485d160Secunia Security Advisory - Nth Dimension has reported multiple vulnerabilities in KDE, which can be exploited by malicious people to compromise a user's system.
615cb20c766e3b95577f337031c8c86bc7c2cfa5e0d88bba9b439ed158fba109Secunia Security Advisory - A vulnerability has been reported in Grails, which can be exploited by malicious users to bypass certain security restrictions.
f7b3129c3e719a4cf3b0d28e4b09d5fd3ef7f0bfe36fba531338ef2bda03db2fSecunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
3945bcc7b1916024c53e6a43b335fd80972b6f29cc98268ff7df0ca10ef63ef8Secunia Security Advisory - A vulnerability has been reported in SolarWinds IP Address Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
d07a648a1af347f2cec4e3cc4994eb0ad1b4de7bd7ea4deb86a4aa16a6c5a574Secunia Security Advisory - Kelvin Tan has discovered two vulnerabilities in World of Phaos, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
0542f82e7d5b0a3ac00dcf6858e2ec9f49adaa10479508628d35852a4d884d83Secunia Security Advisory - Three vulnerabilities have been discovered in AXIGEN Mail Server, which can be exploited by malicious users to disclose certain sensitive information and manipulate certain data.
e3493e9a83ade16ebff8ed3c78c585333284d5dd8ec066961dbc8b96a8334005Secunia Security Advisory - Security Effect has discovered two vulnerabilities in NetCat, which can be exploited by malicious people to conduct cross-site scripting attacks.
3fc2bf6238aa22b0d31e311940df2a80ed8772f8da9b956c1f3a46d9af7376bdSecunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in the FoxyPress plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks.
d969045d08b0021eaeba7ba909c739efe0641c5ba0c7df4354c5e3a435873ba6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed