Zero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.
c9875f083e981a649b82cd3fc96e172a5e7ead7522bb0fcbbb19128b2cc1d8b9HP Security Bulletin HPSBPI02794 SSRT100542 - A potential security vulnerability has been identified with certain HP Photosmart printers. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f39d009e7e352d2b9f93664bf49c7618a7dae15b4a79bf85fdcb5948f6e58f93Debian Linux Security Advisory 2503-1 - It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.
19d7f0f9846f89668422d5fdf7058fd6f90271b7c49727c1bdde4a5772ba56a5Debian Linux Security Advisory 2504-1 - It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests.
eb4852b5ff523c83cd3b743f3cc96087df117c7c95d23b7657b743f5804578f0Ubuntu Security Notice 1485-1 - Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.
98db492a84e65422f2ea894ff6cb2a226228331fe4e976ea60ea62427ba2e0ecUbuntu Security Notice 1484-1 - It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys.
04fbced1a91721f7ab5f380ac1b24b6b95bb3cc42c528814abcc82b70cc1f2ddSecunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.
0b5b1482b378643f2bf6632ee0323f03da626add0f05cfbc0c91c32a42618324Secunia Security Advisory - FortConsult has reported a vulnerability in GoAnywhere Director and GoAnywhere Services, which can be exploited by malicious people to conduct cross-site request forgery attacks.
46605255758fcb56b4e4d296cd0a7b8f9d93cf8230c4697b1bec24c4d3ee4de5Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in SpecView, which can be exploited by malicious people to disclose potentially sensitive information.
9b81351a67417855aab11aa1fd6c49a3152a07452fd52490f6a5855594d207a5Secunia Security Advisory - MustLive has reported a vulnerability in LIOOSYS CMS, which can be exploited by malicious people to conduct SQL injection attacks.
393c91e18023985823f995873fb19a756d7936f1767d9fb52a4501077ca71355Secunia Security Advisory - A vulnerability has been reported in swfupload, which can be exploited by malicious people to conduct cross-site scripting attacks.
61afee315b538570ced37e9f53df8f5062f50ed4d8dcc3b03348eeab48b56434mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.
6243e220a650147a49269970cfc1491e6c727f6e9ef4eb34673909783bc258b2webERP versions 4.08.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
5267f890f545bb735b1c39589e72551064eb335e1539e0d265bf1035279b0379This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.
91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36This patch is a backdoor to bash that will create a setuid backdoor shell in /tmp if run as root.
7f978450f62d11b175da265f7b856d733cbf051c7a1ea779218dd0d051a04d20This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.
50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0Secunia Security Advisory - Red Hat has issued an update for php. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
934d615ed9a095d866cfb84ebcf46f3879968e5eb2684f5990d9a4d7c7729578Secunia Security Advisory - A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.
8cd5c31b7f0c7cbe85c70e74937d591fa2f021fb900aa474559748f67de240edSecunia Security Advisory - A vulnerability has been reported in bcfg2, which can be exploited by malicious people to compromise a vulnerable system.
f0e39b5ac89e9e35383ff03335824fa6a9082c01cd6eaf287c8c3f69619fe3b8Secunia Security Advisory - A vulnerability has been reported in the Hashcash module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.
acc52fb98d8c2856aa52909f18d7b97b29c6c5a30f485ee7370e7ce9a1a382e9Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, manipulate certain data, cause a DoS (Denial of Service), gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
724e1bef8a6b08e62f938a18af516735528ea5e7897c16630fbb1734e9945489Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.
e3872883589e948f5ab26057b52953a554ab7a2a836bb9741a27a3301a8003d6Secunia Security Advisory - Two vulnerabilities have been reported in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
a0eb0f4970a67c1bb871f98a07141bea4a23a39c07a65a43ded09878469d1189Secunia Security Advisory - A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).
8b99dfe771fa4444681df851b7362066df6524e6b0b1f3df12e81b47ca3b85f1Secunia Security Advisory - Red Hat has issued an update for php53. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
8408eaa9ca821e02a089bde620723488dcaf949226c24355eb9e1ea1920e7ad6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed