Asterisk Project Security Advisory - When an IAX2 call is made using the credentials of a peer defined in a dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are not applied to the call attempt. This allows for a remote attacker who is aware of a peer's credentials to bypass the ACL rules set for that peer.
1dbe89247fe8ae0e746deba8d087c0a2e8f0db2a220148bcfd8d8c829b97520cAsterisk Project Security Advisory - The AMI Originate action can allow a remote user to specify information that can be used to execute shell commands on the system hosting Asterisk. This can result in an unwanted escalation of permissions, as the Originate action, which requires the "originate" class authorization, can be used to perform actions that would typically require the "system" class authorization.
a16cf1c312b65d9b8b4ddd517f7fef1fb90fcf85094f853ed40ad6333d9fe808Booking System Pro suffers from a cross site request forgery vulnerability.
d6537cfa113bde257fb118f3bc449e9523674fe97c7780c4ed292493c4c46941Mandriva Linux Security Advisory 2012-148 - Multiple vulnerabilities has been found and corrected in ffmpeg. This advisory provides updated versions which resolves various security issues.
dc4b48dc91bf77b70f8a47d5aaa5d9e521c4035f2645af7ccd9069f8d5735ed2A format string vulnerability exists in the EMC NetWorker nsrd RPC service that could potentially be exploited by a malicious user to execute arbitrary code. Versions 8.0, 7.6.4, and 7.6.3 are all affected.
768328413795e6970904bc4833c2ec26daa72cde036884a7e4eaced57398951bMandriva Linux Security Advisory 2012-074 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service via an invalid bitstream in a Chinese AVS video file, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.
18dc0b1c3f83bcd521ea58847ed494e97c63f2bb8bcd31d035718be13de786d5Symantec Messaging Gateway version 9.5.x suffers from a vendor-supplied backdoor vulnerability. By default the 'support' user is enabled and uses an insecure password. This user is not visible in the web interface and therefore cannot be disabled. As the appliance provides a SSH daemon on all interfaces, this account can be used to gain remote shell access on the device.
d327098479a9098d90ac2ea33a247a5c26c17c8e26b8959dee707097e490d059HP Security Bulletin HPSB3C02809 SSRT100377 - Potential security vulnerabilities have been identified with HP iNode Management Center. The vulnerabilities could be remotely exploited resulting in the execution of arbitrary code. Revision 1 of this advisory.
e014c95c4d2bb9e7447585cb6ccd4ff9f0c5f925bbda4e2097817049e6d1026dUbuntu Security Notice 1551-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted E-Mail, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
c4e43e8c6418c4f1f910b3c3afaea8c1d484fffcf4da3940e16208abd45dcd5dDebian Linux Security Advisory 2537-1 - Several vulnerabilities were discovered in TYPO3, a content management system.
61d23ef21aebae51fc8bbade236820e8ef95587197fc7341dc5affccfddda183Debian Linux Security Advisory 2536-1 - It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting.
4f188624c08347780c254407978e0878a970ce7fb48697547c14a11bb88e4231Smart-Info Ltd CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
047c33a2f3bee46445f180d67c0e55fbc881e801526442db3dc3dba24a04654eSchoolsindia CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
3bfdb0049bead70baa2c1b1ace5568c8ca3d6bd18fe8e0122f1858cd48a89156e-Orchids CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
4f7cb497df0174d384e200453992e11f7bd6a54ca5b7d7b750f418b39ba2462aDhost Interactive CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
dcc3d70c3c2af61f92433ba42e005169fa5e9fdc9e7ad9c0407791762f334043CWE CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
e011e3348cbee590b904f3b1523e8ae68af4f5e4d6cbe3be674f48c75d7701192Creation CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
b4b0f82130d99fff3aceda3045a09c31bc1a840d5d79ddb5443dbc2cdda25214MicroOrange CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
6cf51259dea417cc3e6b3996f8a4386978c58a7fa06f806b73b16380c4d0f483Plogger CMS version 1.0 RC1 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
46cffb9af2c2fe39aebadc21069f6ba49b39236022f293c7648e78a331e063f0OpenText WSM CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
28b781ec8f860efa508d0e021a024afa38dc729f223e1173a54021e52be3a11aMedcom LTD CMS suffers from cross site scripting, and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
bcd4b63a25797a509ead3cb44d4d8184837790d133ac49daa9862eacaf58f6baMedcom Limited CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
79bcd426c2be168a35bdd45b5c6bee1bef6025ffcf4937068fa54132bc791bc5Mangium Infotech CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
0942286f605074803801dc6ebec38a6aeb1ec747092d11e2cf3d384df8b6452bHCAMindbox CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4e0d7abc43e6e63e5e38f4052f385f767a8b51f50b012075390d39fd069ae952DMPIndia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
52fb3c5345c19f8da402e7d96ef769c5f1f4bd40c8f405ebcb544c088432b521
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed