Secunia Security Advisory - Parvez Anwar has discovered a weakness in HP PKI ActiveX control, which can be exploited by malicious people to cause a DoS (Denial of Service).
ca79902a496720c54c8d371eff1416a450cbf56cf7f93599f1ae157f4f7a18e6Secunia Security Advisory - Two vulnerabilities have been discovered in w-CMS, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
2a32f5151363e7cc7dc4f7989b731f919105c94a7e9dad0b8f12a54aeadbd61fSecunia Security Advisory - Blue Coat has acknowledged multiple weaknesses, security issues and vulnerabilities in Blue Coat IntelligenceCenter, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions, by malicious users to disclose sensitive information, bypass certain security restrictions, manipulate certain data, gain escalated privileges, cause a DoS (Denial of Service), and compromise a vulnerable system, and by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service).
37346eb2b70fc348afadcdfd6e2f0347ef6aa220a8480858bf8f402f63e394d6Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Rational License Key Server, which can be exploited by malicious people to compromise a vulnerable system.
253417d4c931a847a1a0f958f5ce13b5ccdc30615a85465b8f613dfadcbce559Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Telelogic License Server and IBM Rational License Server, which can be exploited by malicious people to compromise a vulnerable system.
2079ac0d1657d52c2aa7c16665ff6905dbee58d463251762666ac92ea62cae5bSecunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system.
9c0822785fc67e26efb8775672c06e58ca4ae2f270e9aa218b6cb388af81f732Secunia Security Advisory - Red Hat has issued an update for php53 and php. This fixes two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
b293b423d770ae9f831d89508981279fc240fcbecb7ea6c33ebfe9ed2fcc795bSecunia Security Advisory - Multiple vulnerabilities have been reported in @Mail Server, which can be exploited by malicious users to conduct script insertion attacks.
0fc17f46e4b0c1ecc6fa9740106360a782cdc01018c6f6348a10b6f7972a348bSecunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-maverick. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and to cause a DoS (Denial of Service).
6ae66286353f3902f17748e2ad71c960871bf5d64fcc72290898d790c11a30c7Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes one vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
4b5995520da2fcce4b427eb23f816128c4cb8116fac5d3f29ba1bd15dc3f8638Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes one weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
d24f833ce9e21adf4422a1921d10f9dcb4d4bad2b3eb588121f71e67a8da11caSecunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
8fb83759fd36becb038f2a5a5cc35ecc0226d5cfbfba1e9068392b494a59bd2dSecunia Security Advisory - A vulnerability has been reported in multiple MailEnable products, which can be exploited by malicious people to conduct cross-site scripting attacks.
900ad96f4fa3d8ce8257e61f01a60109e22dd3241a17da9c8a4e3dc645a696e3Secunia Security Advisory - A vulnerability has been reported in multiple MailEnable products, which can be exploited by malicious people to conduct cross-site scripting attacks.
ecbdad318cb59152f13e745103a49a85205552eac17a80cb7927542d38030cd5Secunia Security Advisory - Two vulnerabilities have been discovered in the Count Per Day plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
4d8ae5c250045774aa66bd6c2affbfa409998da7ea0877aca963ab5e14bfffa7Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
2c833458d64b54fa4421270d388ee9b4a01c2fc297d2c179bbf8b8477be83ac9Secunia Security Advisory - A vulnerability has been discovered in the HD Video Share component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
c5bb91a125bc018c3abd83725eaa9a934e36f7bab4607782759cb71fc57838a1Zero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.
f89cf1cca7956e3476a79653108a775954c6207b163d593dad96b7179e74c5f5Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
efef31e729581273d43acf86536cbf3cf65886fa8a51dab225bf70b406583cb8IPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers. Revision 2 of this document. This revision includes, among other things, a discussion of possible issues with SEND as a result of IPv6 fragmentation.
a8b7a492cc8ab102f8884547a7f042ea0e94a1cdbbad648050eb655bf675f524MailEnable Professional and Enterprise versions are prone to cross site scripting vulnerabilities as the user-supplied input received via the "Username" parameter of the "ForgottonPassword.aspx" page is not properly sanitized. Versions 4.2.6 and below, 5.52 and below and 6.02 and below are affected.
cab4ee58932f48fbb2493be671b4513aaa7da0caa31bfdb2f95731c6adf0d732Mandriva Linux Security Advisory 2012-004 - Multiple vulnerabilities has been found and corrected in t1lib. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Various other issues were also addressed.
f9a48e9ae40316e20b4d213e0862b9dee1e34ba82c1cf80d054005a9862897ceZero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.
4c0d8147a4cc744a03c4b805f15c9dfd3c1b87e71dd48d95d2810e446ce52c6dHashCollision denial of service proof of concept exploit written in Python. It generates the payload on the fly and sends it to the server.
9ea223d1751dc755d5ba16393c4065f1bda060687cfe5211724fcb29a994c2c5YABSoft Advanced Image Hosting Script suffers from a remote SQL injection vulnerability.
3489b2d8762d7b2212e2012148ac474b5fa37010d94ac80b6cd32c026b0a8645
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed