Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in IvanView, which can be exploited by malicious people to compromise a user's system.
7394b28cdec4dd5bd98bd901628a51c53432ebbd3afb4760c2a4d00251fd6b1f
Secunia Security Advisory - Tielei Wang has discovered two vulnerabilities in Hancom Office 2010 SE, which can be exploited by malicious people to compromise a user's system.
38eca4d257c925cad1d7e0e5f862e11422bf06ae9982ce039aec7ba14793c417
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in XnView, which can be exploited by malicious people to compromise a user's system.
9067f05397c236ec5b75d30f2543399513a7af43fd9a1b6a19956f0b9b4bd7f5
Secunia Security Advisory - A vulnerability has been discovered in Basic Analysis And Security Engine, which can be exploited by malicious people to conduct SQL injection attacks.
550a2542fda5d59b96e381bb5baa431ccbe0f552c314db827e107bcc7f5116a1
Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
94a07289e3b86a0ccf00fa98aad88a5ce20f809b835dbf81c0d8d13cf838e02f
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain sensitive information and by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
7f7c9a405fb664e560fba7dfc697a57910e83319a79a3e02d75988443d562ee2
Secunia Security Advisory - A security issue has been reported in EMC Documentum xPlore, which can be exploited by malicious users to disclose potentially sensitive information.
d54f5e6e32a6dd19dcd1ac286c5f9ed61211192400df23725bbd93275b8bca14
Secunia Security Advisory - A vulnerability has been reported in Campaign Enterprise, which can be exploited by malicious users to conduct SQL injection attacks.
3ce42bdb5f60e8ad47a6fed415c8988e58fa4af143f71d54c28015e96c991dec
Secunia Security Advisory - Debian has issued an update for xen-qemu-dm-4.0. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
4894c263971e048773fc23e52781b49afd2d2f0b26fe7d32335b32e1aaf3f04a
Mandriva Linux Security Advisory 2012-014 - The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request. This advisory provides the latest version of GLPI which are not vulnerable to this issue. Additionally the latest versions of the corresponding plugins are also being provided.
f4875e63cc28c3d7e1d8921a612952ad0ff1970d34cc76aaf7e34342f3c7f682
The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
cb8784c8a30a60fd5be4ccee3a92361bbb9b0c25e831d60269f418117ec0e6b6
BASE version 1.4.5 suffers from a remote SQL injection vulnerability.
f9f6ed98eeadca471182c50d8d2bae104a3070e332a26a54e604d1a1b0cef000
XRayCMS version 1.1.1 suffers from a remote SQL injection vulnerability.
662727c3cbe08b8f94537e2406e2a06ae3e8231c70d2b1a28507796f7a79d43d
Conduit Wibiya suffers from an open redirection vulnerability.
e2361c76d1e4ded936e8781116973facfae8899e458d0227527a7cce943a9d07
This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.
df5bc33eaeb96b0f6521c6843db41166584ab0601a42185c148d886d2a3268c5
LibGuides suffers from a cross site scripting vulnerability.
4985e190d49324e53c6fd278eb3ddb1f516c44031167e7402aa76e7f4f366db9
Brainkeeper Enterprise Wiki suffers from a cross site scripting vulnerability.
7b8b5eac1b2aedafb23a81945c6fcdbc804b7457d6c2c26bede2f8baa1281d50
Red Hat Security Advisory 2012-0101-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. If a user submitted a system registration XML-RPC call to an RHN Satellite server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.
0e357eb02cf1bd13d067a393447a97f98a191c81e71ec325288e3e621237287a
Red Hat Security Advisory 2012-0100-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed, crash the condor_schedd daemon, or, possibly, execute arbitrary code with the privileges of the "condor" user.
1ba6833f9ebb7c035637dd76d121e4c791b53f7559536add2740c05516f9052b
Red Hat Security Advisory 2012-0099-01 - Multiple format string flaws were found in Condor. An authenticated Condor service user could use these flaws to prevent other jobs from being scheduled and executed or crash the condor_schedd daemon.
cfcf5a0927c7fde9bf2cfe1260babb07ef5eb4dceef80bb74f2921bde440c301
Red Hat Security Advisory 2012-0102-01 - Red Hat Network Proxy provides a mechanism for caching content, such as package updates from Red Hat or custom content created for an organization on an internal, centrally-located server. If a user submitted a system registration XML-RPC call to an RHN Proxy server and that call failed, their RHN user password was included in plain text in the error messages both stored in the server log and mailed to the server administrator. With this update, user passwords are excluded from these error messages to avoid the exposure of authentication credentials.
37f7e303099d5969d003d6e0c8fbd2ff0aa151afe8c4376919c05979495ea3d8
Debian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.
b0c6203ca4497541242454515790d9cfda365dfb81c65448ab664a3e143985e1
Debian Linux Security Advisory 2404-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.
4e58ccc81ad0baf672d6236c04572e7d50276f23c9a83e8e7d36c414bf73adc0