Secunia Security Advisory - Debian has issued an update for bcfg2. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
6f41ac202fc35d6547ba6ff0f2fda80d82d7e9f63e765de4317d406dbca32e3aSecunia Security Advisory - A security issue has been reported in Avaya IP Office Customer Call Reporter, which can be exploited by malicious people to compromise a vulnerable system.
ebe6c2ceb1275dc2811f5802b7baa5ce2cb55fd58ed250abb9a6be6edd1f1b2bSecunia Security Advisory - Ubuntu has issued an update for python-crypto. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.
bc029fce5673bf2054a75e646770f76352b50f52789172738c802ace6abce190Secunia Security Advisory - Debian has issued an update for libspring-2.5-java. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
c55aa8555cb0c5ce86342ab8be4ea4ffeeb2e4a103e6ff47c7bd60dd3dc079d1Secunia Security Advisory - A vulnerability has been reported in accountsservice, which can be exploited by malicious, local users to disclose sensitive information.
5906e432b70b0eeddcc362fb337bf6421be8aa296d63418f9648744ef5058678Secunia Security Advisory - Ubuntu has issued an update for accountsservice. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.
435cdd79dde3bb7cc5ecda8ed203f49ff129c6112ed220563b4223902e609ca4Secunia Security Advisory - A vulnerability has been reported in IP.Board, which can be exploited by malicious people to conduct cross-site scripting attacks.
cda6881bbf77aed21b0441e84b1dc5287ad4cd6d8a7a3e42df2f803ebc863c03Secunia Security Advisory - Two vulnerabilities have been reported in multiple GE Intelligent Platforms products, which can be exploited by malicious people to compromise a user's system.
5870c4b090d1b64963f717703d1a860db29f53d55726c7ab401f8bf06ebcc549Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
ee2420a705a26ed773b1354114c6612b6c63f17469cb4b7177fbc350de395af5Zero Day Initiative Advisory 12-112 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. If a package with sub opcode 0x4 contains a Parameter Name string NetWeaver will eventually write a \x00 byte onto the stack to mark the end of the string. The location of this null byte is dependent on user supplied data and the resulting stack corruption can lead to remote code execution under the context of the running process.
a0f622145843006fa62dd9d19de99eb5f3c0d11cce559f5e222a1eee50b9b533Zero Day Initiative Advisory 12-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user supplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process.
ad22b44c74644b46fdacc02308bbd21656af15bb64c46cfe7da8bd7939f91b79Zero Day Initiative Advisory 12-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. It is possible to remove a child without setting the removed child pointer to NULL, thus leaving it still accessible as a dangling pointer. Subsequent use of this pointer allows for remote code execution.
75a17d05bb1ce9d85c18a44c0f62f0d23ba1f077eab5fccd0a2a8d01acd33897TEMENOS T24 Core Banking Solution System version 7 suffers from a cross site scripting vulnerability.
c98de2b59ae7660620eab1d44dcb42a197c5a01b987f62005384b0415c883941Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.
0d53259e616b4161775a0b9272f7b7ef1d1569e48797e4a3ba27a9c8136edeffJAKCMS version 2.2.6 suffers from a remote shell upload vulnerability.
8979837fbdfb46b12bd7cad18d277dc1d78e57253e57f5b607581b9edb59d77eZero Day Initiative Advisory 12-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the sampleData element the code within QuickTime3GPP.qtx does not properly validate the length of the data within a color sub-field before copying it into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
67df3b8ec25a60a634a3128373f2eafefadf0c72627a2cc6d57389c101714488Lidosys CMS suffers from remote SQL injection and information disclosure vulnerabilities.
aed75f9b422d398ddc8a3bc152ec5a54b7aa049ce7c63239350a7471edf79f3cZero Day Initiative Advisory 12-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the karaoke XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much data into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
66658c754e796e0918edaec264117e07ba214d3cfb5485a34005f242ab8c18c5Zero Day Initiative Advisory 12-107 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML elements within a TeXML file. Specifically, when handling the style XML element the code within QuickTime3GPP.qtx does not properly validate the length of the data within specific sub-fields. By providing specially crafted data, the code can be made to copy too much into a fixed-length buffer on the stack. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code under the context of the user running Quicktime.
ec9ca6e89db17756e89ac2f6a9f8f242ae57ba337294689a6345cc4b405617e3RADIANT INFOTECH suffers from a remote SQL injection vulnerability.
f7deaf876e8083cb79829f6fbd01c4e1a519f27ab6bb5e753110d8be47b854eaGeosoft Technologies suffers from a remote SQL injection vulnerability.
13e605724d4a56a8de25d72ff309c8ef8952bbe3768d85d0d43285a3ae3f2f95Frog Web Works suffers from a remote SQL injection vulnerability.
2fa1644366058fc4f2b09482b72171e4297988d5b454d64ebcf74d9feeb17379Dharmatechnet suffers from a remote SQL injection vulnerability.
08fc43acdfdbef9739aedbfa27b6bcc8eb60edc3ca6af2abd8041d84cfec040aAs'ad Mansour suffers from a remote SQL injection vulnerability.
9801786724876ca5d2a91359040bec7c985185348a7e40d57d2d9611dbaba539Access Bank Plc suffers from a remote SQL injection vulnerability.
c81db695ee2d5b88c1bdef45d2c59ef8ef1f76d47fa934957c8f32694acfde36
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed