Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the Survey Manger Component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
96c6214858b2872849bb0c546232cac74ccb4d5ff1b534b2575625200e7215d7Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the SportFusion component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
eee46ebd9175f37a2ea3b804d615bf6f35277cfd8260b08db7934b637e1bf1ecSecunia Security Advisory - reza masouri has reported a vulnerability in HBcms, which can be exploited by malicious people to conduct SQL injection attacks.
a7c6d9af15ad34d6d492c9003b2667f63485d022fa938ca526687f270d994b10Secunia Security Advisory - A vulnerability has been reported in Vastal I-Tech Agent Zone, which can be exploited by malicious people to conduct SQL injection attacks.
bacf34900bec90956c3dff4fd48956a0c3ac454ce445ab893437bb50cbdddff3Secunia Security Advisory - Check Point has acknowledged some vulnerabilities in various Check Point products, which can be exploited by malicious people to cause a DoS (Denial of Service).
556b4e6e354415bfe496472f3fb45143de887133292a8811ffc3d67891cc2505Cisco Security Advisory - Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
9e326ad4235077e196ba35b36642b5446a77b16443666083c36c9916f9d78bf5Cisco Security Advisory - Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.
4002d01a35771ade6caa02a688d26d25aebc7170ff471379b3985e35296e1c62Cisco Security Advisory - Cisco IOS Software contains a vulnerability that could allow an attacker to cause a Cisco IOS device to reload by remotely sending a crafted encryption packet.
47fb9886ecf23cc2946737fdbbc5ac24730c9ed39bd65b68920dcc2b3ea83e38Cisco Security Advisory - Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this vulnerability may result in the allocation of all available Phase 1 security associations (SA) and prevent the establishment of new IPsec sessions.
93d087add2aa98f48f99754533defda84b08580dde2959168180d6a433e49f89Cisco Security Advisory - A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated attacker to cause a denial of service (DoS) condition on an affected device when the Cisco Unified Border Element feature is enabled.
065a92c26a6605d9ff9f0e11fdcfaa85bf19fd667cac88187468442d78171de1Cisco Security Advisory - Cisco IOS Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device.
7dcf81a0b70851d07a4f95d21ebd6857527bc394afd37d611315476aa87e1eb6Cisco Security Advisory - Cisco IOS devices that are configured with Cisco IOS Zone-Based Policy Firewall Session Initiation Protocol (SIP) inspection are vulnerable to denial of service (DoS) attacks when processing a specific SIP transit packet. Exploitation of the vulnerability could result in a reload of the affected device.
98453d38f122d517a73239baf333efa68ec75dce025696b1b20815da28f63a23Cisco Security Advisory - The H.323 implementation in Cisco IOS Software contains a vulnerability that can be exploited remotely to cause a device that is running Cisco IOS Software to reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate the vulnerability apart from disabling H.323 if the device that is running Cisco IOS Software does not need to run H.323 for VoIP services.
fef6fe9655ec47690f1d265dbcbb3aaf9639ded34cf31a1756d57b9d3957f567Cisco Security Advisory - Cisco IOS devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.
9f61f0eeb85ad149cf4c19fd8ab49f6492572d1cd08f15fb49460eb1c44b98adCisco Security Advisory - A vulnerability exists in Cisco IOS? software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature.
2cda9babc6ab98cfea35753b08b4e5bd44364d003c1fa20bd5d02df2d405f936Cisco Security Advisory - Cisco Unified Communications Manager, which was formerly Cisco Unified CallManager, contains a denial of service (DoS) vulnerability in the Session Initiation Protocol (SIP) service. An exploit of this vulnerability may cause an interruption in voice services.
d80f694eb047ded890bd9cfbe2f849b7b861c36f747f0c16c3a86f34786a1078DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
bef4666115dc841aa9261669119e5ee6e78da744fd55f10e95aa28b5d07cc1d8Ubuntu Security Notice USN-836-1 - It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program.
1c9bed36021cbb768ac65baaec91d4ccb8ffeca2322f4d7bc8d1f4e47ece30ddOSSIM version 2.1 suffers from remote SQL injection and cross site scripting vulnerabilities.
31590c2bdf308af37cb1e4d83e40a201d400d27d16605f39f61005f27bfd5f6enginx version 0.7.61 suffers from a WebDAV copy/move method directory traversal vulnerability.
7b4a38163573c74eaf582034e58861d28cafc0a15ba48b2128977ec6ff7ac759Cour Supreme suffers from a remote SQL injection vulnerability.
b850d605bbd952e9eb6e5efa3cba3086d3cdca6fdca0cc67644897923553ba8dZero Day Initiative Advisory 09-066 - This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. A specially crafted request can bypass authentication allowing an attacker to upload and execute arbitrary files. Successful exploitation can result in complete system compromise under SYSTEM credentials.
b4bfe8551f748ba77ce6c817e898a70259d1e837a4f4396c5a11a5187a80c79eAvast Antivirus version 4.8.1351.0 suffers from local denial of service and privilege escalation vulnerabilities.
d6451933802d3df89f2a5ce8ca47d3117537e0d2be76920dab7aa891534c3619Debian Security Advisory 1893-1 - It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
7cc84f9d81089816b231888b54423e78094c839d60a333567463949319d07201Debian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
1e397e9152a659f46c090079c2cfa537c94c26a24228f0d5373aa8bb6b50bc9a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed