CA Technologies support is alerting customers to multiple security risks with CA Arcot WebFort Versatile Authentication Server. Two vulnerabilities exist that can allow a remote attacker to potentially compromise web user security. The first set of vulnerabilities occur due to insufficient handling of request parameters sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can potentially conduct cross-site scripting attacks. The second vulnerability occurs due to insufficient filtering of a request parameter sent to the Arcot Administrative Console. An attacker, who can convince a user to follow a URL or view a webpage, can use redirection to potentially carry out additional web based attacks.
b7f2426e298629c164af95d01b3886396dbdea3a03957d1a67ef5c0aac369b16
PHPDirector version 0.30 suffers from an insecure cookie handling vulnerability that allows for privilege escalation.
7602308b2836f9720c4e4130f269ad8f2a067e36ac6e61aedb1949bfcdcc9d78
67 bytes small activate guest account shellcode for Win32/XP SP3.
5eb9e5a59cb9205dcfa21e15cf1832cb98df3ec64bbd499193aa321ce059954b
Cpanel X3 version 11.28.87 suffers from a cross site scripting vulnerability.
668b877429a09753fc0687182acb6df487a2b9db0ecabdd3f2936732861f677c
ConnectPlatform version 0.30 suffers from a remote SQL injection vulnerability in blog.cgi.
37bdcf8e4441542a78ef20c4bcf339293400fbaed028ef02e74f6b8ee9befa9a
phpwcms version 1.4.7 add administrator cross site request forgery exploit.
704bf06ac1515e2eb1ca1b482d400efceeedf4be19db3f0fc4522173e85c5c2d
Plum Design Studio suffers from a remote blind SQL injection vulnerability.
36b7ad08d84276e198f38e009a15639629647f3253a30a76774f4eff224057c0
Secunia Security Advisory - A security issue has been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions.
a6be87a905b2573daa159b8b88957275d59c69405af5f5d6fe85a6ad594533dd
Secunia Security Advisory - Some vulnerabilities have been reported in openSUSE Build Service, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
9a103cd17d37f21824cfbdf4dd90fa9ee8e5bc0c33fc4fd9cf4b92820fabd1dc
Secunia Security Advisory - A vulnerability has been reported in openSUSE Build Service, which can be exploited by malicious people to bypass certain security restrictions.
f2590947096af849c99567becd5cb42454656154d5c05c2d12371b6eba579481
Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.
17c0e508710bb4f00f1f179e385b3d378527bd4b35827d30da710e418db26947
52 bytes small Microsoft Paint shellcode for Win32/XP SP3.
6cce3b104986cba0ba0f7a38893069b2dce9092a964b0fa5c9993637147ddc78
Secunia Security Advisory - Two vulnerabilities have been reported in Videcon Viola DVR VIO-4/1000, which can be exploited by malicious people to disclose sensitive information.
572461b87df68f531f4bb03e9e345de61f7aa87136626d8bfdf04cf1fd1ac534
Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges.
11cc3ef33852b29fdabe838c757706245d0fb726331366bd295ed3ce280c420f
Secunia Security Advisory - A vulnerability has been reported in phpMiniAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b261ba0807f9d417a3726a48fd2c05fc1b2e1f0a05cb54bba34b428c6186781c
Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in the WP Ajax Recent Posts plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
1c0083bc38f5dcbc9d0bba9f575169c0e1e12f0231401d4da5807401d3e1f4ed
Secunia Security Advisory - A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to cause a DoS (Denial of Service).
0287578e1fa7efb9eaee0c818f1994a312a06b390a2571602e41b83c2fbc5e65
Secunia Security Advisory - Two vulnerabilities have been reported in Spree, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system.
96e3458e571c827da29079c9ccedf7f238acda2e931956253692217547458ec7
Secunia Security Advisory - John Leitch has discovered a vulnerability in webERP, which can be exploited by malicious people to conduct cross-site scripting attacks.
a8f9b49d002afdd0f7c986f8ed7e30f88d9dbea8293b4f4fed696e3ae615ab06
Secunia Security Advisory - A vulnerability has been reported in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service).
25d745fddc520801daa3e5ab68d60d405e52b5d89e206ef28fbedd76a1bcf55f
Secunia Security Advisory - Digital Security Research Group has reported two vulnerabilities in SMSGATE.4, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
c77538b6f910d5574c527d3e039fc0c4e8146183bae78e128d2a065294875e5e
Debian Linux Security Advisory 2226-1 - M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.
023f4c3e1f5ae24e46ffdffd22372a8260f34728a5f7bee9289c67f0e4ed5694
ShelTec suffers from a remote SQL injection vulnerability.
b2101eff0bc8dc7009284e9716908417930b776af679accdef3e45a622bf458f
Debian Linux Security Advisory 2225-1 - Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit.
bd5456aa88bf9875926ee1fefd31e522da42c5cce7535683847404db3202ada9
The WP-Ajax-Recent-Posts WordPress plugin version 1.0.1 suffers from a cross site scripting vulnerability.
143ab7232d96035a56c57a2557f859393291780632f5e08611e1e895b810720a