Zero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.
c9875f083e981a649b82cd3fc96e172a5e7ead7522bb0fcbbb19128b2cc1d8b9HP Security Bulletin HPSBPI02794 SSRT100542 - A potential security vulnerability has been identified with certain HP Photosmart printers. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f39d009e7e352d2b9f93664bf49c7618a7dae15b4a79bf85fdcb5948f6e58f93Debian Linux Security Advisory 2503-1 - It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.
19d7f0f9846f89668422d5fdf7058fd6f90271b7c49727c1bdde4a5772ba56a5Debian Linux Security Advisory 2504-1 - It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests.
eb4852b5ff523c83cd3b743f3cc96087df117c7c95d23b7657b743f5804578f0Ubuntu Security Notice 1485-1 - Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.
98db492a84e65422f2ea894ff6cb2a226228331fe4e976ea60ea62427ba2e0ecUbuntu Security Notice 1484-1 - It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys.
04fbced1a91721f7ab5f380ac1b24b6b95bb3cc42c528814abcc82b70cc1f2ddSecunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.
0b5b1482b378643f2bf6632ee0323f03da626add0f05cfbc0c91c32a42618324Secunia Security Advisory - FortConsult has reported a vulnerability in GoAnywhere Director and GoAnywhere Services, which can be exploited by malicious people to conduct cross-site request forgery attacks.
46605255758fcb56b4e4d296cd0a7b8f9d93cf8230c4697b1bec24c4d3ee4de5Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in SpecView, which can be exploited by malicious people to disclose potentially sensitive information.
9b81351a67417855aab11aa1fd6c49a3152a07452fd52490f6a5855594d207a5Secunia Security Advisory - MustLive has reported a vulnerability in LIOOSYS CMS, which can be exploited by malicious people to conduct SQL injection attacks.
393c91e18023985823f995873fb19a756d7936f1767d9fb52a4501077ca71355Secunia Security Advisory - A vulnerability has been reported in swfupload, which can be exploited by malicious people to conduct cross-site scripting attacks.
61afee315b538570ced37e9f53df8f5062f50ed4d8dcc3b03348eeab48b56434
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed