Secunia Security Advisory - BalaBit has acknowledged multiple vulnerabilities in syslog-ng Premium Edition, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a vulnerable system.
7993f2a607d002e6ccf07ad8f9f6e0207845ea5c871b7cfc770decd83712482e
Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in phpWebSite, which can be exploited by malicious people to conduct cross-site scripting attacks.
2efa0549d990f8f13ec5e74083d04ff48a7cfc69b625e95c2d21dfc10d6c65d5
Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose certain system and potentially sensitive information, bypass certain security restrictions, and gain escalated privileges and by malicious people to cause a DoS.
dbb42094392c6f95f4649e3f9db193f2ab142410c5729f89783e4b84a49811f4
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system.
a852bcfb308125485c156bff3e4476cbf41210d21dd2b508ccc48c29d2ea6e5f
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and to disclose system information and by malicious people to cause a DoS.
09856abba8616780365b4bd3436d2c2edb9bb134efd83927d4817aeee15da10f
Secunia Security Advisory - Ubuntu has issued an update for linux and linux-ec2. This fixes multiple weaknesses, a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose certain system and potentially sensitive information, bypass certain security restrictions, and gain escalated privileges and by malicious people to cause a DoS.
ae65e9fbe16f23f548aa76d0842ff3cad347dd7e2376a084cdc1afcb157e0e57
Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
b08ab0a2877d63aebe81c8bb14e83f96302877424acd78391e2a8da8a94e0919
Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
fd56abb4d0f01b0a6d992e3724732bfbd7c41349acd776384f7bca0298d87710
Secunia Security Advisory - Multiple vulnerabilities have been reported in Moodle, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to disclose certain sensitive information and conduct cross-site scripting or cross-site request forgery attacks.
7f830be82d4d1b8761d1db641b044a54c387f5a2b4e61dc85147f3d26256d14b
Secunia Security Advisory - A vulnerability has been reported in Alcatel-Lucent OmniPCX Enterprise, which can be exploited by malicious people to compromise a vulnerable system.
46a709ba3f91b7476cfc861dade775b8b6cbaf4e8bb4089a2db8193a89776015
Secunia Security Advisory - A vulnerability has been discovered in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7063cca7aa1f553c5e08dea0aaf68461ca0efc3d40d7846fbed9ae58aa6cb904
Secunia Security Advisory - Debian has issued an update for pango1.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
333f0efa6b347682ae22b82d4f85491d15777bdf00d554c179fb19f352c69c07
Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
6376172b2996ac84b4a0c6c03e4cfe91602744d9d05a1924c2c1901a0f29dea5
Secunia Security Advisory - A vulnerability has been reported in MediaScripts Social Media, which can be exploited by malicious people to disclose sensitive information.
4e04b51a26e0d3ede9bdf9ca282cd9838ab036c4ee7b9cbb8fa0c33fe33a4a23
Secunia Security Advisory - Fedora has issued an update for postfix. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
630c57d691c4fd95539872730181b23452d306ca4cb22cd3e557b4d506c9e205
Secunia Security Advisory - Fedora has issued an update for mhonarc. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
5044b0154d027e59ef1f9904f815c7f0dd062722218057171d05ddb6ca78eb6c
Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
3344d2419ac8862b10c20a2a353489b7fce69763a6fdcd0c72ccdc1e84b8f519
Secunia Security Advisory - A vulnerability has been reported in Nokia E75, which can be exploited by malicious people with physical access to bypass certain security restrictions.
8f2d7953c19b746d7c6d3b05ebeb019ced668196eb33514ac48651d128c171de
Secunia Security Advisory - Ruben Santamarta has discovered a vulnerability in Advantech WebAccess, which can be exploited by malicious people to compromise a vulnerable system.
b7317c597d465b2c5262d28485401d3aab3352b384a3b0bc5368774e37f88266
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Domino, which can be exploited by malicious people to bypass certain security restrictions.
5f194793da5838c13cda14c60dac03bdaee2aa04f5bf8711fc0d485ed2e70be5
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code is within the option parsing function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. Reaching the vulnerable code requires a 'POST' request with an 'arg' parameter that, when combined with a some static text, exceeds 10240 bytes. The parameter must begin with a dash. It is important to note that this vulnerability must be exploited by overwriting SEH. This is since overflowing the buffer with controllable data always triggers an access violation when attempting to write static text beyond the end of the stack. Exploiting this issue is a bit tricky due to a restrictive character set. In order to accomplish arbitrary code execution, a double-backward jump is used in combination with the Alpha2 encoder.
776b4fe0d9851d0c1cbfd43336360be9b50d1f85d6ab691a9d9e621ecb22aa34
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. It is interesting to note that this vulnerability cannot be exploited by overwriting SEH, since attempting to would trigger CVE-2010-1964. The vulnerable code is within a sub-function called from "main" within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. This function contains a 256 byte stack buffer which is passed to the "getProxiedStorageAddress" function within ovutil.dll. When processing the address results in an error, the buffer is overflowed in a call to sprintf_new. There are no stack cookies present, so exploitation is easily achieved by overwriting the saved return address. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.
5582013e7dde303149edfe7da48c08313b51ded046619d9bfba33ef02981baa8
This Metasploit module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM_01203. By specifying a long 'arg' parameter when executing the 'jovgraph.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. This vulnerability is triggerable via either a GET or POST request. The buffer being written to is 1024 bytes in size. It is important to note that this vulnerability must be exploited by overwriting SEH. Otherwise, CVE-2010-1961 is triggered! The vulnerable code is within the "main" function within "ovwebsnmpsrv.exe" with a timestamp prior to April 7th, 2010. There are no stack cookies, so exploitation is easily achieved by overwriting SEH structures. There exists some unreliability when running this exploit. It is not completely clear why at this time, but may be related to OVWDB or session management. Also, on some attempts OV NNM may report invalid characters in the URL. It is not clear what is causing this either.
6b4d95471d68cca9d3ef11a5eae191b4a98a078054233598f568e7012765400b
This Metasploit module exploits NNM's nnmRptConfig.exe. Similar to other NNM CGI bugs, the overflow occurs during a ov.sprintf_new() call, which allows an attacker to overwrite data on the stack, and gain arbitrary code execution.
afac3550398fcdd4661e55f613d7be338e41b1ddad70329e7911c3925f72091a
This Metasploit module exploits a buffer overflow in HP OpenView Network Node Manager 7.50/7.53. By sending specially crafted ICount parameter to the getnnmdata.exe CGI, an attacker may be able to execute arbitrary code.
4c22f86bdf3b46260576ea5cf66c91a1e70361023d657dd8cabdade506e19c3c