Secunia Security Advisory - Debian has issued an update for bcfg2. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
6f41ac202fc35d6547ba6ff0f2fda80d82d7e9f63e765de4317d406dbca32e3a
Secunia Security Advisory - A security issue has been reported in Avaya IP Office Customer Call Reporter, which can be exploited by malicious people to compromise a vulnerable system.
ebe6c2ceb1275dc2811f5802b7baa5ce2cb55fd58ed250abb9a6be6edd1f1b2b
Secunia Security Advisory - Ubuntu has issued an update for python-crypto. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.
bc029fce5673bf2054a75e646770f76352b50f52789172738c802ace6abce190
Secunia Security Advisory - Debian has issued an update for libspring-2.5-java. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
c55aa8555cb0c5ce86342ab8be4ea4ffeeb2e4a103e6ff47c7bd60dd3dc079d1
Secunia Security Advisory - A vulnerability has been reported in accountsservice, which can be exploited by malicious, local users to disclose sensitive information.
5906e432b70b0eeddcc362fb337bf6421be8aa296d63418f9648744ef5058678
Secunia Security Advisory - Ubuntu has issued an update for accountsservice. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.
435cdd79dde3bb7cc5ecda8ed203f49ff129c6112ed220563b4223902e609ca4
Secunia Security Advisory - A vulnerability has been reported in IP.Board, which can be exploited by malicious people to conduct cross-site scripting attacks.
cda6881bbf77aed21b0441e84b1dc5287ad4cd6d8a7a3e42df2f803ebc863c03
Secunia Security Advisory - Two vulnerabilities have been reported in multiple GE Intelligent Platforms products, which can be exploited by malicious people to compromise a user's system.
5870c4b090d1b64963f717703d1a860db29f53d55726c7ab401f8bf06ebcc549
Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
ee2420a705a26ed773b1354114c6612b6c63f17469cb4b7177fbc350de395af5
Zero Day Initiative Advisory 12-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a Parameter Name string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.
a0f622145843006fa62dd9d19de99eb5f3c0d11cce559f5e222a1eee50b9b533
Zero Day Initiative Advisory 12-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user supplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process.
ad22b44c74644b46fdacc02308bbd21656af15bb64c46cfe7da8bd7939f91b79
Zero Day Initiative Advisory 12-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. It is possible to remove a child without setting the removed child pointer to NULL, thus leaving it still accessible as a dangling pointer. Subsequent use of this pointer allows for remote code execution.
75a17d05bb1ce9d85c18a44c0f62f0d23ba1f077eab5fccd0a2a8d01acd33897
TEMENOS T24 Core Banking Solution System version 7 suffers from a cross site scripting vulnerability.
c98de2b59ae7660620eab1d44dcb42a197c5a01b987f62005384b0415c883941
Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.
0d53259e616b4161775a0b9272f7b7ef1d1569e48797e4a3ba27a9c8136edeff
JAKCMS version 2.2.6 suffers from a remote shell upload vulnerability.
8979837fbdfb46b12bd7cad18d277dc1d78e57253e57f5b607581b9edb59d77e
Zero Day Initiative Advisory 12-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the sampleData element the code within QuickTime3GPP.qtx does not properly validate the length of the data within a color sub-field before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
67df3b8ec25a60a634a3128373f2eafefadf0c72627a2cc6d57389c101714488
Lidosys CMS suffers from remote SQL injection and information disclosure vulnerabilities.
aed75f9b422d398ddc8a3bc152ec5a54b7aa049ce7c63239350a7471edf79f3c
Zero Day Initiative Advisory 12-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the karaoke XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much data into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
66658c754e796e0918edaec264117e07ba214d3cfb5485a34005f242ab8c18c5
Zero Day Initiative Advisory 12-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the style XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
ec9ca6e89db17756e89ac2f6a9f8f242ae57ba337294689a6345cc4b405617e3
RADIANT INFOTECH suffers from a remote SQL injection vulnerability.
f7deaf876e8083cb79829f6fbd01c4e1a519f27ab6bb5e753110d8be47b854ea
Geosoft Technologies suffers from a remote SQL injection vulnerability.
13e605724d4a56a8de25d72ff309c8ef8952bbe3768d85d0d43285a3ae3f2f95
Frog Web Works suffers from a remote SQL injection vulnerability.
2fa1644366058fc4f2b09482b72171e4297988d5b454d64ebcf74d9feeb17379
Dharmatechnet suffers from a remote SQL injection vulnerability.
08fc43acdfdbef9739aedbfa27b6bcc8eb60edc3ca6af2abd8041d84cfec040a
As'ad Mansour suffers from a remote SQL injection vulnerability.
9801786724876ca5d2a91359040bec7c985185348a7e40d57d2d9611dbaba539
Access Bank Plc suffers from a remote SQL injection vulnerability.
c81db695ee2d5b88c1bdef45d2c59ef8ef1f76d47fa934957c8f32694acfde36