Cisco Security Advisory - A vulnerability in the WIL-A module of Cisco TelePresence VX Clinical Assistant could allow an unauthenticated, remote attacker to log in as the admin user of the device using a blank password. The vulnerability is due to a coding error that resets the password for the admin user to a blank password on every reboot. An attacker could exploit this vulnerability by logging in to the administrative interface as the admin user with a blank password.
60fa59a80b7a72f93348b49a001a6edf91f256faa453042459058d5f9bcc86b9
Drupal Node Access Keys third party module version 7.x suffers from an access bypass vulnerability.
a3fed5b523d8f02bbf636bf04beed087b4946cb8000f77be7a9ce199e6c00213
Ubuntu Security Notice 2012-1 - Christian Prim discovered that Light Display Manager incorrectly applied the AppArmor security profile when the Guest account is used. A local attacker could use this issue to possibly gain access to sensitive information.
a1eace9b209a86a694d9d45f5aa107b41d0e9e4f9eb2a754bcd076b2b2a83d35
appRain version 3.0.2 suffers from a remote SQL injection vulnerability.
c9b7309b9491bac7d77ccf7c949a6825fbdcd06cedb8d1445051efe18501f410
Cisco Security Advisory - A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or cause memory leaks that may result in system instabilities. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerability.
83bb534a6196cdbd74e1bc7f15e0aed238494ea1c65d7a8c58259d47c7ca8e40
Cisco Security Advisory - Cisco Wide Area Application Services (WAAS) Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services (IIS) web server.
96ddb161ad541229aad9a7990e38b2a379b12b25fde53f838de30e114656167f
Drupal Secure Pages third party module version 6.x fails to encrypt sensitive data.
a1e9e2a1733818ef172b625bc6c3b7764cdd748082c7567c92283c6abcef157a
Open-Xchange AppSuite versions prior to 7.4.0 fail to properly neutralize script code embedded within SVG files and also suffer from an information exposure vulnerability.
39e0180e7166549e3f32416ad6dcba8d15a526692b1b27889998d45ebd1eefe2
OsiriX suffers from a private key disclosure vulnerability. All versions up to and including 5.7.1/2.7-MD are affected. The fix was introduced in version 5.8 and 2.8-MD.
a1aaad73f338f3e2622bef5fd13f44a5546ecc0c57fad091ab344b8aef7bfd21
Drupal Payment for Webform third party module version 7.x suffers from an access bypass vulnerability.
dc61a578f7c0a8c0295bec23650648b2e31d56095c94f9a31ba67a54dbf428bb
WordPress Gallery Bank version 2.0.19 suffers from a cross site scripting vulnerability.
7de5d08259d25035978dbd898d7d844341683cc5a63d38f48f076be8ca15f5f9
Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
d1e6bb7765fbf76bbfa51bc6ec0a0cd61ad692ffa88ff946fa3d506fdea03c21
OWASP Java Encoder suffers from a cross site scripting bypass vulnerability when it comes to the use of backticks.
e201eb39628f1a3e446bebe36150d242b93041dab9381b0f61668518f32cf0d3
Microweber version 0.905 suffers from an error-based remote SQL injection vulnerability.
52e11895bc07d1fbe5d493f3a953386b7fe7f8290972228f52209cc12528f9ee
Flatpress version 1.0 remote code execution exploit that leverages a comment loaded through a directory traversal vulnerability.
8cbb0d3675b2bd21358cd41f0015f77833c3b74c965121dd98e9e879bf4160dc
Webers CMS suffers from cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.
c6438759ebe51d229ccf375aaf894cf618a11b2819b1b4ac091a7c1839f9b19d