McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a file download vulnerability.
541d487c0fd9f602725c99856fa3e3627cd412b773bb200ff86822d291aee585McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
83b1fca33c08846e197daa065fc717ff51f5a94766c6b9b25ceeac7ca984be29McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a token disclosure vulnerability.
5e6128752681e8d4144799b7dd87140151481f96ddb6ba769da110dd68f46272McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability.
38b9c98ba1910b6ae86c52cbb72d534f1960caf1fa1e8484b1a424503d4d3a2bPHP Designer 2007 PE suffers from a remote SQL injection vulnerability.
7f5cd0d29463fed33d4ae2fd9962cde7c0185b25d1e0b37c8635ac96d1105fcdPTK version 1.0.5 suffers from cross site scripting and direct access bypass vulnerabilities.
73db2993ed1cf68f7e922d7bd762d40bda60592e0f603e13367647097dc3daa2GetSimple version 3.1 suffers from backup download and shell upload vulnerabilities.
6d7e6bb2dc03c8ee708abf9ebd0c5acdb49191acb3f9a1b447a52889d00c3574Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.
5333f13c7d3a31da5790853e3d445f2ca1d0412733313afc050cc63a50eeae64The Flexicontent component in E107 version 1.0.0 suffers from a remote SQL injection vulnerability.
415819e480c87949196e8660c90b6a6e0bf85fc7176806049bb428ec4a657981SMF version 2.0.2 suffers from a cross site scripting vulnerability.
8a24d74ec72c3f3c5a5641aa378d76fba73e19c15a756f998b0b616a548362c2In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.
b67ff68635b0da527a9389e954b4fa15fc435fa409b274cf649d45bc21db5d36McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.
ea917b03e7a1554b15684bdf3c879c93ffadab2739f8cdd41c0e98cfd264ec09McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.
0c1840f7a89acaf990fbe44ab43b5a65bc48fca9f572401830ddd523cc72dcdeGentoo Linux Security Advisory 201203-23 - Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. Versions less than 0.10.1 are affected.
3dc6ec677cef70e1de94b2d06ab3401e1e55afa0cbebc37c8c0cb6bceef728e8Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.
214097b723d5e1016a9378358b8884c8afd2d66057492714e906754204d059ddRed Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
d65d4721c97ea8c2b04ae4bf5108126edba21737d791da66ab764bc731edc55dUbuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
fa24d61a1e2ebc2f10bb016c59b802b5caa5ee81f5cd0d430c76d972c159a045Ubuntu Security Notice 1412-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.
ffa26fc4d4f2107fa0a64ed1c7e866f5a1c4fef22ea503843dc7738efdabb04eDebian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.
1bf8166f452ce37b8119e22989896e1361e2b04b9065dbab3659079991b8e62cGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
1b249434937ec1c1ec6432094ca9aca11399fda520e83ee44caaf8e3963ed614Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.
d0a54650e8efd4c39e79421b011fe738bf7decc8c31ed82b1aed3488ad1654e3Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36aHP Security Bulletin HPSBMU02756 SSRT100596 - A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS). Revision 1 of this advisory.
efc98ae21b7578cdda64deb5dc05500c54b69e6f2036619387554bc0530e3ad6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed