Secunia Security Advisory - Some vulnerabilities have been reported in IBM Lotus Notes, which can be exploited by malicious people to compromise a user's system.
24d75a35bd99792c5bb5f6c42f555c400b7c615f4dcd4e062acc0239c006a87dSecunia Security Advisory - A vulnerability has been reported in Sybase EAServer, which can be exploited by malicious people to disclose sensitive information.
9fdebd8da410072bf3051645d1ff1f0650b65933c715cd625b37ad8a0a3a41aeVUPEN Vulnerability Research Team discovered a critical vulnerability in 7T Interactive Graphical SCADA System (IGSS). The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used, leading to an exploitable condition. Versions prior to 9.0.0.11143 are affected.
6e3832447425985a6f696ebb91be8820ba8801500741d4b2775eba9c6ee8f8c7ExtCalendar version 2.0b2 suffers from a remote SQL injection vulnerability.
a974fb64b525dccafa700ae21ce599ff3b55f0bc16632feaf5ecc4351c58d005Ubuntu Security Notice 1133-1 - Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl.
f80525e1f6c53abd390c72048278ff14463feb1c085eae156af3756b8d02500aMandriva Linux Security Advisory 2011-100 - The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a plaintext command injection attack, a similar issue to CVE-2011-0411.
dcd2c353c81c889d6b3ed40ee816336b07c372c37a756dfb0601d4a306195143The Joomla Shop component suffers from a remote SQL injection vulnerability.
5c1c7436095eb4f29d0aa7816ab894e560cc003e2fd802174240f3410ba875fcGadu Gadu suffers from code execution and cross site scripting vulnerabilities.
612de9e01fb3921205f432c253275a1342b0c96c78cbdfaa821e87c81d36a69eMidiCMS-WB 2011 suffers from shell upload and local file inclusion vulnerabilities.
208ae1ecbeafba74477bec78c0fe421408df5ffb73b5d5c458d19fba8d13b108Lumension Device Control (formerly Sanctuary) versions 4.4 SR6 and below suffer from a remote memory corruption vulnerability.
1caa94de7a31ba6b7b07d67b405eeea35b0ad409884b1159f43029ba918c7e59Mandriva Linux Security Advisory 2011-099 - The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service via an empty ZIP archive that is processed with a statName operation.
5f56bbf1927d311d0b7613020b373344a22acb4b5c91e1e99cedd55648e42362phpScheduleIt version 1.2.12 suffers from multiple cross site scripting vulnerabilities.
5db247863aca225f49b9243807c5dc59e5a3bc6b60f4f9d1fa36ad4b3787f23aAjax Chat version 1 suffers from a cross site scripting vulnerability.
7c4c8b263ac25b470d2fcc65c9497d70fa344da56160fcef220629ef9e0be30cNNT Change Tracker Enterprise version 4.7 suffers from a weak encryption vulnerability.
bb9cfa0dea1ecbb9aaa1f7f61253d99bceada83c9b55f2a9d67b79ffc1f7d419This Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.
3771df4f4d30f18e8cb453cb8d601bc178761d31e4917dee0ed0a0b741354001
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed