Filer Lite version 2.1.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
417181ee090d1136ece6f7d559f43621f79a2b21d74ece66f574607edf73d160
Air Files version 2.6 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
f9ca960901d7fbfb17004be3a2a7568d910d02bc12a3b78bfb0c0f6a7d1f9e3e
CBTArchitects.com suffers from a remote SQL injection vulnerability.
ca9a49eebee71c476041cbf434b4fc95088fbef23fddb14c26cc3b96c5f96699
Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
0225620ac45d2c989d5b7c60785c597870130a1c9beb75e8bb6bb8a1d2bd2c7e
Zero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.
eb25312dad566f7764a802e61affbdeb92e4335282d676ffca797a2babe8c223
Zero Day Initiative Advisory 11-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The vulnerable Cisco-signed ActiveX control verifies the signing authority names in the certificate chain but fails to properly verify the digital signature of an executable file that is downloaded and executed by the Cisco Secure Desktop installation process. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
aa42da94f61aa15c9fbe1d3b89ebac14865a9cc7a35d7077701ed758089765f6
Zero Day Initiative Advisory 11-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. This value can be signed allowing the NULL byte to be written at an arbitrary address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
6ff956732b5f7f5743b6b55d69eb36425aa86fc4836dc1a32c8a0cabd05749ea
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco TelePresence Manager. These issues include SOAP authentication bypass, RMI command injection, and remote code execution vulnerabilities.
2279b02e90cd86dbc13becc622a5ef57fcba430ff6c4d1c352b719594dc541a3
Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. Devices are affected when SCCP inspection is enabled. Cisco has released free software updates that address this vulnerability.
2d3c304b1169c0947fbea1a762b1e12011ff5021a0b46976a1ef04bb54325ee7
Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances are affected by a transparent firewall packet buffer exhaustion vulnerability, a SCCP denial of service vulnerability, a RIP denial of service vulnerability, and an unauthorized file system access vulnerability.
e76421e954aaa07cd6bf59eee71ec3dfe95a934bc32fb56fe6edae8a2ff01ed9
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco TelePresence solution. These issues include command injection, unauthenticated access, malicious IP address injection, and more.
97ae824371ddb74da2c469bdef6be6241f1177feac903333ba85b638323a3686
Ubuntu Security Notice 1070-1 - It was discovered that Bind incorrectly handled IXFR transfers and dynamic updates while under heavy load when used as an authoritative server. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
f3ee93eff5dd43e96835d6ac34baaa23b2dd16a87b9fde94a2ca80d1281683ed
Cisco Security Advisory - Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. These issues include unauthenticated java servlet access, command injection, file upload, denial of service and more.
61c7ea617941a186f5b3f36418eecc50bb5d47f751232a507474c95dee05d970
Cisco Security Advisory - Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. These issues range from unauthenticated java servlet access to denial of service conditions.
52bb50cf3d384bc587235c2c5aa3a2ff5fe913f2c1d20077463786e39a6067e9
The Joomla Client component suffers from a remote SQL injection vulnerability.
f201cf4a46add82624b99dfdcd829d70905544d06a21ed002e05d9b54dcf6bd1
Hyena Cart suffers from a remote SQL injection vulnerability.
1d19fc2ca059ef46ba3fe0b2bcb9161de8714c4f1ee76a693631139fb688245d
tplSoccerStats suffers from a remote SQL injection vulnerability.
29bbbb06aace402b7764cbb1e8d6af83f7550140b179cd35397141cd903ba14e
Bitweaver version 2.8.1 suffers from a persistent cross site scripting vulnerability.
b8d10653759763c8643a2d24761308b1f630fe72e826280945ff8a06f8bbabba
VidiScript suffers from a remote SQL injection vulnerability.
be2014ca480b62130f81e807ecf3f88212835f39ec3c3bac1dd2e2e9f19b11e5
Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.
ea5c67f8416addc10d7426c9a007de08e8c3a2a7563158dfc18282c74b813aa4
PRE-CERT Security Advisory - Both the 2.4 and 2.6 Linux kernels have multiple vulnerabilities. A buffer overflow bug in mac_partition in fs/partitions/mac.c (for MAC partition tables) allows for a denial-of-service (kernel panic) condition via a corrupted MAC partition table. A division-by-zero bug in ldm_get_vblks in fs/partitions/ldm.c (for LDM partition tables) allows a denial-of-service (kernel oops) condition via a corrupted LDM partition table. A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow escalation of privileges or disclosure of sensitive information via a corrupted LDM partition table.
ab0fe6ff6bc31bbaf5cc7f9b68d64070079062a5c296c403ff5d0954e13058cc
MyBB version 1.6.2 suffers from a stored cross site scripting vulnerability.
ebac2632393b8d0b78b1d9d0f0b46a78dded2852e45d084f72872dea5916c1f5
Parsclick Portal suffers from a remote SQL injection vulnerability.
31f3e4b0406c073c47cb63cac3f20e7eda763e324a04f25e5508ef19407be1e0
The seunshare setuid root utility from policycore-utils as distributed by Red Hat Enterprise Linux and Fedora can be manipulated to perform privilege escalation attacks.
28d6af0b315f7b0dff8e67157c86ac312cb258841d84361eeea4cbe9621362b2
Debian Linux Security Advisory 2172-1 - Several vulnerabilities have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.
267dc10fad0c03e578ad3123414ea64b6e23736b2369d3414a6709c24c575ada