Filer Lite version 2.1.0 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
417181ee090d1136ece6f7d559f43621f79a2b21d74ece66f574607edf73d160Air Files version 2.6 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
f9ca960901d7fbfb17004be3a2a7568d910d02bc12a3b78bfb0c0f6a7d1f9e3eCBTArchitects.com suffers from a remote SQL injection vulnerability.
ca9a49eebee71c476041cbf434b4fc95088fbef23fddb14c26cc3b96c5f96699Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
0225620ac45d2c989d5b7c60785c597870130a1c9beb75e8bb6bb8a1d2bd2c7eZero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.
eb25312dad566f7764a802e61affbdeb92e4335282d676ffca797a2babe8c223Zero Day Initiative Advisory 11-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The vulnerable Cisco-signed ActiveX control verifies the signing authority names in the certificate chain but fails to properly verify the digital signature of an executable file that is downloaded and executed by the Cisco Secure Desktop installation process. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
aa42da94f61aa15c9fbe1d3b89ebac14865a9cc7a35d7077701ed758089765f6Zero Day Initiative Advisory 11-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. This value can be signed allowing the NULL byte to be written at an arbitrary address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
6ff956732b5f7f5743b6b55d69eb36425aa86fc4836dc1a32c8a0cabd05749eaCisco Security Advisory - Multiple vulnerabilities exist in the Cisco TelePresence Manager. These issues include SOAP authentication bypass, RMI command injection, and remote code execution vulnerabilities.
2279b02e90cd86dbc13becc622a5ef57fcba430ff6c4d1c352b719594dc541a3Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. Devices are affected when SCCP inspection is enabled. Cisco has released free software updates that address this vulnerability.
2d3c304b1169c0947fbea1a762b1e12011ff5021a0b46976a1ef04bb54325ee7Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances are affected by a transparent firewall packet buffer exhaustion vulnerability, a SCCP denial of service vulnerability, a RIP denial of service vulnerability, and an unauthorized file system access vulnerability.
e76421e954aaa07cd6bf59eee71ec3dfe95a934bc32fb56fe6edae8a2ff01ed9Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco TelePresence solution. These issues include command injection, unauthenticated access, malicious IP address injection, and more.
97ae824371ddb74da2c469bdef6be6241f1177feac903333ba85b638323a3686Ubuntu Security Notice 1070-1 - It was discovered that Bind incorrectly handled IXFR transfers and dynamic updates while under heavy load when used as an authoritative server. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
f3ee93eff5dd43e96835d6ac34baaa23b2dd16a87b9fde94a2ca80d1281683edCisco Security Advisory - Multiple vulnerabilities exist within the Cisco TelePresence Recording Server. These issues include unauthenticated java servlet access, command injection, file upload, denial of service and more.
61c7ea617941a186f5b3f36418eecc50bb5d47f751232a507474c95dee05d970Cisco Security Advisory - Multiple vulnerabilities exist within the Cisco TelePresence Multipoint Switch. These issues range from unauthenticated java servlet access to denial of service conditions.
52bb50cf3d384bc587235c2c5aa3a2ff5fe913f2c1d20077463786e39a6067e9The Joomla Client component suffers from a remote SQL injection vulnerability.
f201cf4a46add82624b99dfdcd829d70905544d06a21ed002e05d9b54dcf6bd1Hyena Cart suffers from a remote SQL injection vulnerability.
1d19fc2ca059ef46ba3fe0b2bcb9161de8714c4f1ee76a693631139fb688245dtplSoccerStats suffers from a remote SQL injection vulnerability.
29bbbb06aace402b7764cbb1e8d6af83f7550140b179cd35397141cd903ba14eBitweaver version 2.8.1 suffers from a persistent cross site scripting vulnerability.
b8d10653759763c8643a2d24761308b1f630fe72e826280945ff8a06f8bbabbaVidiScript suffers from a remote SQL injection vulnerability.
be2014ca480b62130f81e807ecf3f88212835f39ec3c3bac1dd2e2e9f19b11e5Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.
ea5c67f8416addc10d7426c9a007de08e8c3a2a7563158dfc18282c74b813aa4PRE-CERT Security Advisory - Both the 2.4 and 2.6 Linux kernels have multiple vulnerabilities. A buffer overflow bug in mac_partition in fs/partitions/mac.c (for MAC partition tables) allows for a denial-of-service (kernel panic) condition via a corrupted MAC partition table. A division-by-zero bug in ldm_get_vblks in fs/partitions/ldm.c (for LDM partition tables) allows a denial-of-service (kernel oops) condition via a corrupted LDM partition table. A buffer overflow bug in ldm_frag_add in fs/partitions/ldm.c (for LDM partition tables) may allow escalation of privileges or disclosure of sensitive information via a corrupted LDM partition table.
ab0fe6ff6bc31bbaf5cc7f9b68d64070079062a5c296c403ff5d0954e13058ccMyBB version 1.6.2 suffers from a stored cross site scripting vulnerability.
ebac2632393b8d0b78b1d9d0f0b46a78dded2852e45d084f72872dea5916c1f5Parsclick Portal suffers from a remote SQL injection vulnerability.
31f3e4b0406c073c47cb63cac3f20e7eda763e324a04f25e5508ef19407be1e0The seunshare setuid root utility from policycore-utils as distributed by Red Hat Enterprise Linux and Fedora can be manipulated to perform privilege escalation attacks.
28d6af0b315f7b0dff8e67157c86ac312cb258841d84361eeea4cbe9621362b2Debian Linux Security Advisory 2172-1 - Several vulnerabilities have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.
267dc10fad0c03e578ad3123414ea64b6e23736b2369d3414a6709c24c575ada
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed