iDefense Security Advisory 01.17.06 - Remote exploitation of a input validation vulnerability in Cisco Systems, Inc.'s IOS 11 HTML package can allow attackers to execute arbitrary scripting code.
15d83441eb0f4eca8a5f6e181b29e10704aa00bd1be6c0248814846fe57036e6Phpclanwebsite is vulnerable to XSS in the img tag.
24e50536a0de45843ca0bca1d841e4ae3573c8c09acaaa8735d434ddeea71d2aTZO-012006 - Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()
ddfa7039151f9be7a466fc3ee6130bce6ca4b3302873a8f391f1cfe7ff9151f2The event 10053 is storing the masterkey of Oracle Transparent Data Encryption unencrypted in a trace-file. A skilled attacker or non-security DBA could set this special event to get the plaintext masterkey for the TDE encryption.
f4ca69910f6b6bd84af219a014b2bd03ffa45c23b0ba4521dcb398e9865c28a3The Oracle Reports parameter desformat can read any file by using an absolute or relative file name. Parts of the file content are displayed in the Reports error message.
71bda64001af5d5de9c3ae98cca97149f55cf7d9152db5019ba1564dcdd1c929By specifing a special value for the parameter desname Oracle Reports can overwrite any file on the application server. On Windows systems an attacker can overwrite any files (e.g. boot.ini) on the application server. On UNIX system an attacker can overwrite all files (e.g. opmn.xml) which belongs to the Oracle Application Server user. This attack can be done with a simple URL.
100bcb12928b2140f513bf2498d97f32bac11ba0f7d933420a1441a525169dcdThe Oracle Reports parameter customize can read any file by using an absolute or relative file name. Parts of the file content are displayed in the Reports error message
f0314d4bf413e9fae79071434d7822edcb24e11ed4940e67ecba30ac5acd510fThe Oracle security feature "Transparent Data Encryption" is storing the masterkey unencrypted in the SGA. A skilled attacker or non-security DBA can retrieve the plaintext masterkey.
53734153442fd7cb77962aa30534146324550a2e0a0680fe77b1bc8e91a0d592Secunia Security Advisory - Steve Kemp has reported a vulnerability in Linley's Dungeon Crawl, which potentially can be exploited by malicious, local users to gain escalated privileges.
db5c85247c37a74c545928e817b9284f3b1d249e6db293d653c47f03d3110cf9Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
f4d2360a664c2fdd37e4ce66aca94c8678fa644ca0b213a0e59199eff008b049Secunia Security Advisory - Debian has issued an update for trac. This fixes two vulnerabilities, which can be exploited by malicious people to conduct script insertion and SQL injection attacks.
b20b1b2b3bea1a4cb937323d6bf0ec78c7c5899ec0d6b539e0da7ed748002fb4Secunia Security Advisory - SUSE has issued an update for kdelibs3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
b58bf38c8e7ebb890d1f3fd0a54304819d2a711c25b1b36a4aa5c5aa6071ac9cSecunia Security Advisory - Debian has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
6af7af9e8c8d862e260ea78a6711ecc1e17f5ba6aa0d78e2ac573c93a3c4bc1aSecunia Security Advisory - A vulnerability has been reported in LSH, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information or to cause a DoS (Denial of Service).
e8f760c15f05425c05b71044e28117520c9c73a67fdb0a17b0e5434116dc482cSecunia Security Advisory - Roozbeh Afrasiabi has reported two vulnerabilities in AZ Bulletin Board, which can be exploited by malicious people to conduct cross-site scripting attacks.
ef2f98178e2bb83efff68d01e0c4ee8b7e6f18d995b2367f835a053519a47326Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a security issue in Note-A-Day Weblog, which can be exploited by malicious people to disclose sensitive information.
512c912818e6df80b4fb1dcc67bdbcd1bfdc0e6acb96bac90cad3735aced3b0fSecunia Security Advisory - Aliaksandr Hartsuyeu has discovered some vulnerabilities in e-moBLOG, which can be exploited by malicious people to conduct SQL injection attacks.
323e7661b7fa2e81b1b7224f4c409dab1d6232359d5294eeae742251f0e9d7feSecunia Security Advisory - Debian has issued an update for libapache-auth-ldap. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
15b4da301aafa199d55103be0602bd93159774c2ad81677a156b56af0a28ce2fSecunia Security Advisory - Avaya has acknowledged a vulnerability in Predictive Dialing System (PDS), which can be exploited by malicious people to cause a DoS (Denial of Service).
2c036b8952be26504830e8fbe3158dddba41f1e7f6656304b8e5ce404287b3e0Secunia Security Advisory - Gentoo has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
bbf48c884ebbf1bfde1b03e3c9b4856d4843e5957006aed88592b2483cf0ea9cSecunia Security Advisory - A vulnerability has been reported in Fetchmail, which can be exploited by malicious people to cause a DoS (Denial of Service).
4586198307ce457f067bff33a3a63513bab72e1ea59ca87ad9527f753de80ddeSecunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in Pixelpost, which can be exploited by malicious people to conduct script insertion attacks.
d4dfd4ea10896f3d85efde55937f180ff2df469c753ca24cad1c36209166168eSecunia Security Advisory - Debian has issued an update for crawl. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
85d820c1e3f7640f07556640d7d089b030d22e9338042a9b43837bf301720afbSecunia Security Advisory - Andy Staudacher has reported a vulnerability in ADOdb, which potentially can be exploited by malicious people to conduct SQL injection attacks.
02f37addc544fd4386242c27ca40e20c45095880c4725d2c7e27a6cc01bf5c6aSecunia Security Advisory - Lasse Overlier and Paul Syverson have reported a weakness in Tor, which can be exploited by malicious people to disclose certain sensitive information.
4c6e098c7f026c8c19dd9ba2da7010d1fa76727722e458164ee17311b50c6b16
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed