Technical Cyber Security Alert 2010-194A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.
99a9c8eeec835f953c8577416f59faa96dfeaa0405662a82678e3b47b9361d29
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF), cross site scripting (XSS), and unauthorized access to data.
d8dafbbea8549b769795f7069358f102168b2a1861c06cd84b8985bfe9768e20
Ubuntu Security Notice 961-1 - David Srbecky discovered that Ghostscript incorrectly handled debug logging. It was discovered that Ghostscript incorrectly handled certain malformed files. Dan Rosenberg discovered that Ghostscript incorrectly handled certain recursive Postscript files. Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript incorrectly handled certain malformed Postscript files.
fc3e534dc69b0ee865fdb2519e7623cba43d1b89824c7c118c7d038004559fd7
Zero Day Initiative Advisory 10-122 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
93a62185ef8d18e9a29cfd9b57696ef14f36acaa2101b02cf3b5a2fb86c0cff8
Zero Day Initiative Advisory 10-121 - This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'selector[0]' variable to the script index.php used in the administration server running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service.
48b582d620ae4d20b1dc5efd5459042a2efe4806e63f5df7d7a53cd406c9eb73
HP Security Bulletin - A potential security vulnerability has been identified with HP Virtual Connect Enterprise Manager for Windows . The vulnerability could be exploited to allow remote cross site scripting (XSS).
51d7e13a4ccd3dbf7273cd65a07356af1c6d1930554bb2a062c96116437ec228
Struts2/XWork suffers from a remote command execution vulnerability.
4bfaf1025cecb689d125b743ac0333bad9a7f8606514866a6849cf570bfdb557
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
b1bae7a97e7a904bf620f285aa0d62ebc1fd3b54b671fbca125405036f949e80
The Joomla QContacts component suffers from a remote SQL injection vulnerability.
8b01faff09ed91c8743362570cd562871681a3389f4f6871e08d74fe72146dc2
AJ Article suffers from a persistent cross site scripting vulnerability.
80aca8fbffb9bcc611ac8352f122fd4d82ff736db91dfe73f921f41927ec663d
CustomCMS suffers from a persistent cross site scripting vulnerability.
6e13567f08da3121cc7314e41a267b999d68edac6a13a024930725ef40317a83
ASX to MP3 Converter version 3.1.2.1 SEH exploit with DEP and ASLR bypass for multiple OSes.
ce61ba7b398470428b6cefbcf780bb472a2833827ac8ad45ffa4bdf04cd89f32
Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp". Due to an error in validation of input to hcp:// combined with a local cross site scripting vulnerability and a specialized mechanism to launch the XSS trigger, arbitrary command execution can be achieved. On IE7 on XP SP2 or SP3, code execution is automatic. If WMP9 is installed, it can be used to launch the exploit automatically. If IE8 and WMP11, either can be used to launch the attack, but both pop dialog boxes asking the user if execution should continue. This exploit detects if non-intrusive mechanisms are available and will use one if possible. In the case of both IE8 and WMP11, the exploit defaults to using an iframe on IE8, but is configurable by setting the DIALOGMECH option to "none" or "player".
07c1cc154c365b6b6fe8ed04e2065a13f163682327a94dc589df58c765512b0d
Diem version 5.1.2 suffers from multiple cross site scripting vulnerabilities.
b882a5a79583536f69c157f2384d2c88cf2b67758b1af9e8bdd94c2cf2d41c93
Zero Day Initiative Advisory 10-120 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.
61f830c320fdec0772ce945d9ce3be52e3fec38c4da37fd3e68022a304d2bf32
Zero Day Initiative Advisory 10-119 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability. The specific flaw exists in the handling of variables to the property_box.php script located on the Oracle Secure Backup administration server. Due to the lack of filtering on special characters it is possible to specify arbitrary commands to the command line being executed by the administration server. Successful exploitation of this can lead to remote compromise under the credentials of the web server.
97fed0676d2071c69c2c9f377c677e4efb75bb0ed4ea9ead9a0d07709bd5bbcb
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF).
9dafbefd4473d84b90d2b6ee70f37fe46ab09dd617df0c63cf5b3f6469c34fcc
HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Control power management for Windows . The vulnerability could be exploited locally to allow unauthorized access to data and Denial of Service (DoS).
6f3974f8b32e30cc857b5387dcab9b80f67a2d81c709eae73687d00e30811de2
Zero Day Initiative Advisory 10-118 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of user input to the uname variable of the login.php script running on the administration page of Oracle Secure Backup. Do to the lack of proper shell metacharacter filtering it is possible to bypass the login check. Successful exploitation of this vulnerability allows the attacker to access sensitive information running on the administration server without proper credentials.
a84daf45f55774169b51adedbd1ae06c4420baede8def2a3b970b7bb38d2066a
Zero Day Initiative Advisory 10-117 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required in that a user must browse to a malicious website. The specific flaws exists in the instantiation of three specific ActiveX controls. The combination of loading all three controls in a particular order results in a transfer of control to unallocated memory which can be leveraged by remote attackers to execute arbitrary code under the context of the currently logged in user.
2df2850b9ccf6c84c116a1112d822637a0afc32cb493717b88134c82b546c945
HP Security Bulletin - A potential security vulnerability has been identified with HP Insight Orchestration for Windows . The vulnerability could be exploited remotely to allow unauthorized access.
5503e0eb2b385aee7cbd841f7ed19b5c5de4d53c0dc51c2b3136c57e588525cc
HP Security Bulletin - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits.
27420ba971df7b22139b1f921417d90f92bfe900d17874fa4918c86891833e39
CMSQLite suffers from cross site scripting and remote SQL injection vulnerabilities.
855f2e4388d8bc6e4a4b1ed91638bd498dad6498f46499bf53b0e539bf6a8a88
Campsite CMS suffers from a cross site scripting vulnerability.
9b30a39213b3f27e38514196c6e71099dfc8a38104e2b949ac13dd90627e8382
VMware Security Advisory - VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.
0db53c597e93d42d1dc1c70847ad8b7ad162e5bfd7ee81e6fd69c060ab801465