Cisco routers running IOS version 15.0 suffer from a SNMP related denial of service vulnerability.
17e45d3b463c814c1f9c18bf5ae368a469fe9a2ce8b5098243d3ea2c979cf166
Cisco routers running IOS version 15.0 suffer from a UDP related denial of service vulnerability.
be3f1d34085d4559d36ca0e6b71def96c993a77facaa44e46f0852f5c6860f48
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
8defad4d02f660546967baa7b7b63f3f8397e4455648ecf74cdc60a36d52467f
ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.
3c3b7741d67dfb8732fd6d0430e8b65afec081b0c019357960986f8df29478dd
ZyXEL ZyWALL USG appliances suffer from an arbitrary file read/write vulnerability that allows for system compromise.
a79275261085696d0102bdf6c611df7de8b6388dbd1c16f1dcfe29f1632051fc
ICONICS Genesis32 is a suite of OPC, SNMP, BACnet and Web-enabled HMI and SCADA applications. A stack overflow was found in an ActiveX control required by the WebHMI interface. This condition can be used to gain command execution. The affected control is 'GenVersion.dll' and has the ClassID of {CEFF5F48-BD2E-4D10-BAE5-AF729975E223}. This control is marked safe for scripting.
e2cc945e05990c73d34e1f078184b4608dc08dbcc60fbcdef0908d92ab249b3f
Tempest Security Intelligence Advisory 01/2011 - SIPDroid Agent versions 1.6.1 beta, 2.0.1 beta, and 2.2 beta suffer from a remote user enumeration vulnerability. Proof of concept code is included.
2a9a14332bbabe64cde8fa7d58e894abdd8adde6ffef50edeb7bb7748ae94b40
73 bytes small Win32/XP SP3 force kill explorer.exe process shellcode.
00fb87a0bc2ea17d8178eaae6412a78770e35ef5025b8b4c6385bcfb9b6aa7ef
DeepSec 2011 Call For Papers - For the fifth time the DeepSec In-Depth Security Conference invites security researchers and professionals to submit suggestions for talks and workshops for their conference which will take place in November, 2011 in Vienna.
31e98e850f6d0f83bb57a720a50d6dbe290b341f3592a6af613dfb5cdee27847
Ubuntu Security Notice 1129-1 - It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. It was discovered that the CGI.pm Perl module incorrectly handled newline characters. It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input.
d9b1c961a1a1802599f059cb53ed30cf4056e452151be196e148d2b3c967d09f
YaPiG version 0.95 suffers from multiple cross site scripting vulnerabilities.
dab6da7a8cce27676005cb38e64380f1a52ddd39055890b911f8dc8f6c2a8c60
SelectaPix Image Gallery version 1.4.1 suffers from a cross site request forgery vulnerability.
249e8d5ff3bf5ec9d078adc3e8f0f17303a2725de76bc7137d3a991ee1ae79ed
SelectaPix Image Gallery version 1.4.1 suffers from a cross site scripting vulnerability.
c1d106970998c23a36b3a256de0e6f7b5e890edfe1f6da89ed1e050036d04bf2
(e)2 Interactive Photo Gallery version 0.9 suffers from a cross site scripting vulnerability.
8dddc629f37fd3f04c9667722be5ddcb9f66eb820259ed50abe1e334f1a2dce7
The 44Con 2011 call for papers has been announced. 44Con is the UK's largest combined security conference and training event, with the conference taking place on the 1st and 2nd of September, 2011 at a five star hotel near Tower Bridge and the Tower of London.
57d9eb3d2e5cdff0169d1e98f96488a579aa689a3b71ba638b49b5cd1f3d5944
HP Security Bulletin HPSBMA02661 SSRT100408 2 - Potential security vulnerabilities have been identified with HP Proliant Support Pack running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), URL redirection, and information disclosure. Revision 2 of this advisory.
1ae9f771720bc04820d09d7394e0f6486771daa686bc302f58d764e929a60887
44 bytes small Linux/x86 remote download and execute file shellcode.
c2ab73aea3bb05ad4186f5859cef4882d7fded0c371c68009d408c9df6e0ef6c
Proofpoint Protection Server version 5.5.5 suffers from a cross site scripting vulnerability.
412f53f289503ca09e6bb76b8fe8c5f67ba8e41e4c5e459c8514b9e1b2603ba2
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
e5a1c821dd8dc33a94c445290956d52e03b3c450f9cd448b96d92317fd4cce42
OpenSSH Security Advisory - Portable OpenSSH prior to version 5.8p2 only on platforms that are configured to use ssh-rand-helper for entropy collection. ssh-rand-helper is enabled at configure time when it is detected that OpenSSL does not have a built-in source of randomness, and only used at runtime if this condition remains. Platforms that support /dev/random or otherwise configure OpenSSL with a random number provider are not vulnerable. Version 5.8p2 fixes this issue.
486207ec2f9fb1f7152210c018051c0a98ac5a4908b2ab16da056d78f48c5319
Magazeen theme version 1.0 for WordPress and Dotclear suffers from a cross site scripting vulnerability.
9e1279300ac5f76d0b6725e54d3abd554b6b664d9dd441e1e078f9adebdb376f
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
3483fc2011e8a9d2614a93a9dbf7eabf405044df3566f29144fe2d1dd37a35f5
Sothink DHTML Menu suffers from a remote SQL injection vulnerability.
2c1863d838a006d219912eb313b00d701537f93ada051fa8cbf4ad8185462bce
Horizon Web Builder suffers from a remote SQL injection vulnerability.
9fed6e080a4670065cd80ad7ff55aec248a57f586bbc66ac56c5df390f274dd0
DynPG versions 4.2.1 and below suffer from local file inclusion, remote file inclusion, shell upload, and remote SQL injection vulnerabilities. Some of these issues were priorly discovered in earlier versions and never fixed.
b1c13883931cf20f8d4bdb7ce2c5349036e23667a171ae1a724b68aeda422126