Red Hat Security Advisory 2012-1151-01 - OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security negotiation with OpenLDAP clients.
b5e58ac02a262a4dec401a753af836111759f4a329334fb8c3c1a2a0b7b62159
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
af5927c4e9d6a607a05e48844259bb81f722ee9404fcdab77834d99f0a04d614
Axigen Mail Server version 8.0.1 suffers from a stored cross site scripting vulnerability.
b712d8ab578b4188e22a4207f80f37e1183a304194159d181703507b37e78350
EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.
1d614ed71a8927d8aefe626bbcff7dd35a56dc0ab018757a65f61785d9f38e5f
ESCON SupportPortal Pro version 3.0 suffers from a stored cross site scripting vulnerability.
276e0b8f015732fce0ae5dbd7e7bdd804d1aa558b1f1268b2d84dc292f750351
MailEnable Enterprise version 6.5 suffers from a stored cross site scripting vulnerability.
fd72faeb58eb75ffa50d2abc0e461b01e20ed0f5d946c64e0d92334ec5a8ef56
AfterLogic Mailsuite Pro (VMware Appliance) version 6.3 suffers from a stored cross site scripting vulnerability.
70975b139f142c6b5aa2788169c1656874f10ae8fd42b3b7714b3d1791acff41
MailTraq version 2.17.3.3150 suffers from a stored cross site scripting vulnerability.
146ace147ff06c7f56045da0af62a91fa81e836cd9400ac850544756e07b726e
FreeBSD Security Advisory - BIND 9 stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure. A remote attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.
14ce0ceb3dfdd72660f83035bfda8974a44d0c866f0212093a308b810aac8df9
Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.
149b7cb1a9d75035cbf157d9a41f74cd86afc4f26ebe2a53fe79e88cc5726a0b
Mandriva Linux Security Advisory 2012-126 - Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. The updated packages have been patched to correct this issue.
6a3ce55329031068584d5c7d764a0eaa56d8918f2f86f153cbcf8edeee863c66
HP Security Bulletin HPSBMU02781 SSRT100617 2 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL. The vulnerabilities could be remotely exploited resulting in execution of arbitrary code and Denial of Service (DoS). Revision 2 of this advisory.
969977237cbe019bfcfe019ff2785e5a2cd29b36bd1679c3d115100fcd8f2197
This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.
c465ce76e11d434cefe598ce9ad6f6709a3c029e5620d87ca6bb83721ba8d677
Secunia Security Advisory - Accuvant Labs has reported a vulnerability in Calligra, which can be exploited by malicious people to compromise a user's system.
b67fcaae429b33a0a4151deb0249754d7149fb5c0cba132e57bc9fc99d6ea01f
Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a security issue which can be exploited by malicious, local users to disclose sensitive information.
5ea7395bb014f5909c2f72aaaea8d4c2671315d00ebab58fdd557ad87e510d8a
Secunia Security Advisory - FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
555cd0aed919baf30a8c3f0e6c85fda01ad6c658cc9582d5b683a3dbac9d8ea0
Secunia Security Advisory - Matthew Joyce has discovered some vulnerabilities in ConcourseSuite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
048a6cd89895dd4d0e3351bc27906ef963207169477b47fcc1219eddb3f3694f
Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/Integrated Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
e1e4fd2b43a7f2ebe7f350917caab52ef7de2545adaef3ac7e021acc73dcf864
Secunia Security Advisory - A vulnerability has been reported in Sleipnir Mobile for Android, which can be exploited by malicious people to compromise a user's device.
943f2ce7fee15408d358baaad3f9bc05c904e8694aa65521dc950f607ec1cac8
Secunia Security Advisory - Vulnerability Lab has reported multiple vulnerabilities in Inout Webmail, which can be exploited by malicious people to conduct script insertion attacks.
758f94ecb90c9ba246456f2dc018afe833005413480d232321b3edfed53a9fae
Secunia Security Advisory - A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system.
415bdb53a582f34c45fd6d68ab280ae7b73a6a7f56050e69f13483d539d6bbbe
Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to manipulate certain data.
0c5659ac4f1df773e82c3574bd1df02c2a0af87b5bc055904252b5189fd96879
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Baby Gekko, which can be exploited by malicious people to conduct cross-site scripting attacks.
59136adaf0e567b0ce15b4f2538944a0c01f2d4b96f4f62b0bdc2880f9857edc
Secunia Security Advisory - David Litchfield has reported a vulnerability in Oracle Database, which can be exploited by malicious users to gain escalated privileges.
c0e217a5a59ee9cffe7edc6da96fa7ac2c6c0b6ddda4477b3549a3266b2ea978