Zero Day Initiative Advisory 12-106 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Avaya IP Office Customer Call Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists because Avaya IP Office Customer Call Reporter allows unauthenticated users to upload files to the webserver through ImageUpload.ashx. The uploaded files will not be stripped of their file extensions and the directory where they are uploaded to has no scripting restrictions. This flaw can lead the remote code execution under the context of the user running the IP Office Customer Call Reporter, usually NETWORK SERVICE.
c9875f083e981a649b82cd3fc96e172a5e7ead7522bb0fcbbb19128b2cc1d8b9
HP Security Bulletin HPSBPI02794 SSRT100542 - A potential security vulnerability has been identified with certain HP Photosmart printers. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f39d009e7e352d2b9f93664bf49c7618a7dae15b4a79bf85fdcb5948f6e58f93
Debian Linux Security Advisory 2503-1 - It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges.
19d7f0f9846f89668422d5fdf7058fd6f90271b7c49727c1bdde4a5772ba56a5
Debian Linux Security Advisory 2504-1 - It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests.
eb4852b5ff523c83cd3b743f3cc96087df117c7c95d23b7657b743f5804578f0
Ubuntu Security Notice 1485-1 - Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.
98db492a84e65422f2ea894ff6cb2a226228331fe4e976ea60ea62427ba2e0ec
Ubuntu Security Notice 1484-1 - It was discovered that PyCrypto produced inappropriate prime numbers when generating ElGamal keys. An attacker could use this flaw to facilitate brute-forcing of ElGamal encryption keys.
04fbced1a91721f7ab5f380ac1b24b6b95bb3cc42c528814abcc82b70cc1f2dd
Secunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.
0b5b1482b378643f2bf6632ee0323f03da626add0f05cfbc0c91c32a42618324
Secunia Security Advisory - FortConsult has reported a vulnerability in GoAnywhere Director and GoAnywhere Services, which can be exploited by malicious people to conduct cross-site request forgery attacks.
46605255758fcb56b4e4d296cd0a7b8f9d93cf8230c4697b1bec24c4d3ee4de5
Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in SpecView, which can be exploited by malicious people to disclose potentially sensitive information.
9b81351a67417855aab11aa1fd6c49a3152a07452fd52490f6a5855594d207a5
Secunia Security Advisory - MustLive has reported a vulnerability in LIOOSYS CMS, which can be exploited by malicious people to conduct SQL injection attacks.
393c91e18023985823f995873fb19a756d7936f1767d9fb52a4501077ca71355
Secunia Security Advisory - A vulnerability has been reported in swfupload, which can be exploited by malicious people to conduct cross-site scripting attacks.
61afee315b538570ced37e9f53df8f5062f50ed4d8dcc3b03348eeab48b56434
mod_auth_pubtkt is a simple Web single sign-on (SSO) solution for Apache. It validates authentication tickets provided by the client in a cookie using public-key cryptography (DSA or RSA). Thus, only the login server that generates the tickets needs to possess the private key, while Web servers can verify tickets given only the public key. The implementation of the login server is left to the user, but an example and a library in PHP are provided with the distribution.
6243e220a650147a49269970cfc1491e6c727f6e9ef4eb34673909783bc258b2
webERP versions 4.08.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
5267f890f545bb735b1c39589e72551064eb335e1539e0d265bf1035279b0379
This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.
91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36
This patch is a backdoor to bash that will create a setuid backdoor shell in /tmp if run as root.
7f978450f62d11b175da265f7b856d733cbf051c7a1ea779218dd0d051a04d20
This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.
50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0
Secunia Security Advisory - Red Hat has issued an update for php. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
934d615ed9a095d866cfb84ebcf46f3879968e5eb2684f5990d9a4d7c7729578
Secunia Security Advisory - A vulnerability has been discovered in Mini-stream URL Hunter, which can be exploited by malicious people to compromise a user's system.
8cd5c31b7f0c7cbe85c70e74937d591fa2f021fb900aa474559748f67de240ed
Secunia Security Advisory - A vulnerability has been reported in bcfg2, which can be exploited by malicious people to compromise a vulnerable system.
f0e39b5ac89e9e35383ff03335824fa6a9082c01cd6eaf287c8c3f69619fe3b8
Secunia Security Advisory - A vulnerability has been reported in the Hashcash module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.
acc52fb98d8c2856aa52909f18d7b97b29c6c5a30f485ee7370e7ce9a1a382e9
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, manipulate certain data, cause a DoS (Denial of Service), gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
724e1bef8a6b08e62f938a18af516735528ea5e7897c16630fbb1734e9945489
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.
e3872883589e948f5ab26057b52953a554ab7a2a836bb9741a27a3301a8003d6
Secunia Security Advisory - Two vulnerabilities have been reported in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
a0eb0f4970a67c1bb871f98a07141bea4a23a39c07a65a43ded09878469d1189
Secunia Security Advisory - A vulnerability has been reported in multiple HP Photosmart printers, which can be exploited by malicious people to cause a DoS (Denial of Service).
8b99dfe771fa4444681df851b7362066df6524e6b0b1f3df12e81b47ca3b85f1
Secunia Security Advisory - Red Hat has issued an update for php53. This fixes a weakness and multiple vulnerabilities in PHP, which can be exploited by malicious people to conduct brute force attacks, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
8408eaa9ca821e02a089bde620723488dcaf949226c24355eb9e1ea1920e7ad6