Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in IvanView, which can be exploited by malicious people to compromise a user's system.
7394b28cdec4dd5bd98bd901628a51c53432ebbd3afb4760c2a4d00251fd6b1fSecunia Security Advisory - Tielei Wang has discovered two vulnerabilities in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's system.
38eca4d257c925cad1d7e0e5f862e11422bf06ae9982ce039aec7ba14793c417Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in XnView, which can be exploited by malicious people to compromise a user's system.
9067f05397c236ec5b75d30f2543399513a7af43fd9a1b6a19956f0b9b4bd7f5Secunia Security Advisory - A vulnerability has been discovered in Basic Analysis And Security Engine, which can be exploited by malicious people to conduct SQL injection attacks.
550a2542fda5d59b96e381bb5baa431ccbe0f552c314db827e107bcc7f5116a1Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
94a07289e3b86a0ccf00fa98aad88a5ce20f809b835dbf81c0d8d13cf838e02fSecunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
7f7c9a405fb664e560fba7dfc697a57910e83319a79a3e02d75988443d562ee2Secunia Security Advisory - A security issue has been reported in EMC Documentum xPlore, which can be exploited by malicious users to disclose potentially sensitive information.
d54f5e6e32a6dd19dcd1ac286c5f9ed61211192400df23725bbd93275b8bca14Secunia Security Advisory - A vulnerability has been reported in Campaign Enterprise, which can be exploited by malicious users to conduct SQL injection attacks.
3ce42bdb5f60e8ad47a6fed415c8988e58fa4af143f71d54c28015e96c991decSecunia Security Advisory - Debian has issued an update for xen-qemu-dm-4.0. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
4894c263971e048773fc23e52781b49afd2d2f0b26fe7d32335b32e1aaf3f04aMandriva Linux Security Advisory 2012-014 - The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.
f4875e63cc28c3d7e1d8921a612952ad0ff1970d34cc76aaf7e34342f3c7f682The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
cb8784c8a30a60fd5be4ccee3a92361bbb9b0c25e831d60269f418117ec0e6b6BASE version 1.4.5 suffers from a remote SQL injection vulnerability.
f9f6ed98eeadca471182c50d8d2bae104a3070e332a26a54e604d1a1b0cef000XRayCMS version 1.1.1 suffers from a remote SQL injection vulnerability.
662727c3cbe08b8f94537e2406e2a06ae3e8231c70d2b1a28507796f7a79d43dConduit Wibiya suffers from an open redirection vulnerability.
e2361c76d1e4ded936e8781116973facfae8899e458d0227527a7cce943a9d07This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.
df5bc33eaeb96b0f6521c6843db41166584ab0601a42185c148d886d2a3268c5LibGuides suffers from a cross site scripting vulnerability.
4985e190d49324e53c6fd278eb3ddb1f516c44031167e7402aa76e7f4f366db9Brainkeeper Enterprise Wiki suffers from a cross site scripting vulnerability.
7b8b5eac1b2aedafb23a81945c6fcdbc804b7457d6c2c26bede2f8baa1281d50Red Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.
0e357eb02cf1bd13d067a393447a97f98a191c81e71ec325288e3e621237287aRed Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
1ba6833f9ebb7c035637dd76d121e4c791b53f7559536add2740c05516f9052bRed Hat Security Advisory 2012-0099-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed or crash the condor_schedd daemon.
cfcf5a0927c7fde9bf2cfe1260babb07ef5eb4dceef80bb74f2921bde440c301Red Hat Security Advisory 2012-0102-01 - Red Hat Network Proxy provides a mechanism for caching content, such as package updates from Red Hat or custom content created for an organization on an internal, centrally-located server. If a user submitted a system registration XML-RPC call to an RHN Proxy server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.
37f7e303099d5969d003d6e0c8fbd2ff0aa151afe8c4376919c05979495ea3d8Debian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.
b0c6203ca4497541242454515790d9cfda365dfb81c65448ab664a3e143985e1Debian Linux Security Advisory 2404-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.
4e58ccc81ad0baf672d6236c04572e7d50276f23c9a83e8e7d36c414bf73adc0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed