www.microsoft.com suffers from a cross site scripting vulnerability.
1ee63e162b6d85810a941910498b15b4fd101ff6d675e0d4b36d5da229ebd7cfMany different AntiVirus products suffer from various file-parsing evasion vulnerabilities. Some of the affected pieces of software include AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, and Panda 10.0.
193275575de0eac59e8a98740fa704a8e2265457fd5a44adfa2b9f9c7719d0d6Greenpeace.fr suffers from a cross site scripting vulnerability.
64387ee3a4245d257438c11a4faf085f75bb527fa822dc980bea98fcd1212af9ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.
ac9ce0ef47d738091d599b3ea17bfa50dae411a0fcf3d690ac1f2757cfe3424dRed Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
0036797987fe157b69b95604a2713b21fc1006dc352d46cb79b8d8274bba60f4Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.
145fc959fbc7cc8bfb9b7e7eccef6c448ffafe94e95ffa18be3f080b0c3cbf48360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
42173590795645e2f9e4219d77b6699b9a6ca4563946c65ff2773b7d9c831693This is a whitepaper called Pentest: Information Gathering. Written in Spanish.
0a120fb44dd61a5a363336664fa11eb9a02a30c416dd768a578b7a9619ceca1fLANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.
fe7e3841d8266a0bdf777c01b95935543a5458d8b05813ac7e4e79d579cbd473Deathcore XP suffers from a remote SQL injection vulnerability.
6c9a1fcfd3817388fb23ededdfce0e39336e6bf5c9d451903ab88a156326f9b5LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.
4673c5fc0a1d5af35f49f2fe5b245398727d8205e95e7aa7d94b7620983fabbcHP Security Bulletin HPSBPI02728 SSRT100692 5 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 5 of this advisory.
34fc17a3a00efdd16c2e510fe459251c21d59b231555ad0e979a5da926ca663aExcode suffers from a remote SQL injection vulnerability.
437e672427e6b5d046811237c35d3d8d96b61dcfcd71174c8267a0fdd0ff9eac2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
27227020ccb5074c6aa97e3a7d52d21c14c048d281d198b91a577d394154d6b42X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.
0ec15ada5f97ed20cc44237301fcfa9df7cde6ef19772eacaebffed8822def0eFastWeb2 suffers from a remote SQL injection vulnerability.
320fff2e23664df026d453f52e61e3b6739feb6442e1a5f686b817a2cb0a5149RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.
766d4e2a21af4ed52778ae2efdfcd577ce82c1423642cde3c2a93b082e130048at32 Reverse Proxy version 1.060.310 suffers from multiple HTTP header field denial of service vulnerabilities.
19613ca01eb9c3f61b2d576a3e623d93091cc41f733468f29135ad17c1b2a6c5Zinf Audio Player version 2.2.1 buffer overflow exploit that creates a malicious .m3u file. Written in Python.
11b1158d362d3ed7220cb1f2adddb884b77cb7432f1a548de83db67295c50025RelativeLink.sh in Tor browser bundle has a small typo causing debug mode to be always turned on. This, in turn, may log sensitive information like domain names.
680afc2e40e9f3b6fa62bc22f0230dda07dde9e92e158703ce7e8e80e0ee53c2Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.
7d0ce122aab6b55983ad9b309da39537a16589ba657d163e326d34fa4f7c8abfUbuntu Security Notice 1401-1 - It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.
72dd23ef0655b7dc1ad658c36b42d88462bc63744bcfe1aa8b0aa2db6ebbcf36Hermesconcept suffers from a remote SQL injection vulnerability.
ccd77a9614e7ea111defefe21feb70cfa57699be8ea7303800af74bde6b7c74eJeux Fille suffers from a remote SQL injection vulnerability.
c9a77620eee1bfd49d1eee5974d96696702d68f90a0c67f3b077dcb7959f1febPCL suffers from a remote SQL injection vulnerability.
49be1fd963616368b15e313ff0f0af642c26583734429dd31a333f74e7f62d8e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed