Secunia Security Advisory - A vulnerability has been reported in HP Intelligent Management Center UAM, which can be exploited by malicious people to compromise a vulnerable system.
ed081b3141c7412bb2b1b05783e81c7f1ae35b053cb2b8a1f5501924e89ac6efSecunia Security Advisory - Two vulnerabilities have been reported in HP Application Lifecycle Management, which can be exploited by malicious people to compromise a user's system.
d3b49bb6a4c2155106f81b536f52d76c6e175bb39f31f251ac7ae500951bbda3Secunia Security Advisory - Multiple vulnerabilities have been reported in some IBM Rational AppScan and Rational Policy, which can be exploited by malicious users to disclose certain information and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
b424d0d27a9ea2abe1c1defa48d7c83745007f4dffbac9795618a2b1b29cd753Secunia Security Advisory - A vulnerability has been reported in HP Operations Orchestration, which can be exploited by malicious people to conduct SQL injection attacks.
e566b6987d5750f610bfab48911d4ccb1c4c0081b60768caed0d4729c6e176deTomatoCart version 1.1.7 suffers from a cross site scripting vulnerability.
0c07814d08fbfa12a47580606c8545fc61df5e12c363b5e7233df9904b3df0a6Ubuntu Security Notice 1505-2 - USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web browser in Ubuntu 11.04 and Ubuntu 11.10. This update fixes the problem. Various other issues were also addressed.
1157f11b2d63aa85f84b214f9dec793f27b9998e1ad7048935a9b0c8eb84fe6aDebian Linux Security Advisory 2535-1 - It was discovered that rtfm, the Request Tracker FAQ Manager, contains multiple cross-site scripting vulnerabilities in the topic administration page.
eb24626e3a933edec2eb2949d720970d3a2fdb156db268249200395c08a66663Ubuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
ce87c21a6c2469f17ca24d7dcc65b9195b43b4503dfb480587baa3201f6d1112Endonesia 8.5 CMS publisher module suffers from a remote SQL injection vulnerability.
2b7945c56a8f9846517260ec379412697319a8da8f902141f87eb1058681b581squidGuard version 1.4 may suffer from a denial of service vulnerability when fed a long URL.
fc2b35ea47586fba7304892ac8282bfcbf545aead94d1ecb4627ea55270709b0Winlog Lite SCADA HMI system version 2.06.17 suffers from a SEH overwrite vulnerability.
65763c2d8beef5f0757ae8cb84213f5458a558619a807c7ffc08f54e8de3a0d9YourOnlineAgents CMS suffers from a remote blind SQL injection vulnerability.
6e4aaf2fcf81a9aefc84e43c1f9c90e1b7bfd1cc5114b7b861c96dc50dc8a7e9This is a rudimentary runtracer for Windows 7 on x86 (ASLR resilient).
0c338f0abacb1298c6e3159ef4e1383419cd701b04ef15d5434f37c70994813aiSolution CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
1a08a1a12a801bc316f73078633539d6a650fbcb8bc90023cfe06640eece4665Disqus Blog Comments suffers from a remote SQL injection vulnerability.
d153d27a4a6e5a7b4b64cb53d6872723f2de5a385ce4b520ca8623a249712a95WordPress HD Webplayer version 1.1 suffers from a remote SQL injection vulnerability.
794f8fb3c3303c1fd8753b97a7fade46db699ff0285978b9dae1170f973058adMandriva Linux Security Advisory 2012-147 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other vulnerabilities were also addressed.
ac842d060e5a71fbd19379a59603aad1eb68341ea634c795cd15a6abd94be521Zero Day Initiative Advisory 12-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WxSuperCtrl650.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files inside arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.
6aa38dcf56266cca5031793e281cb153a6a3cbeed54f22bddc1b5e8754cbf960Zero Day Initiative Advisory 12-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins as well as the Microsoft Windows spooler service. When handling certain requests the client-file-name parameter is improperly copied to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM.
8979b4441be91dc89370ce5a0c381bc13ea650e7ac616526aaef1318d9a9dff3Zero Day Initiative Advisory 12-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ISGrid.dll ActiveX control. The process performs insufficient bounds checking on user-supplied data passed in the DoFindReplace() method which results in heap corruption. This vulnerability can be leveraged to execute code under the context of the process.
6cda57ac5d2dddf4b3b0a51b759fbd94b82e7766e18694fd0cc41e25bf65aec3Zero Day Initiative Advisory 12-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AEXView.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files in arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.
a7465b5401eae09d86f86686525c56e6d712583245d647f15ff28395259f58e1Zero Day Initiative Advisory 12-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is update() which allows an unauthenticated user to update the admin credentials. This can lead to remote code execution under the context of the current process.
a7d7cad7879c61819dbc94f08be01be1e8d0afbc314b1e6219a955b923aa173fZero Day Initiative Advisory 12-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is loadFileContent() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
a981f2b2198bcd2e57cbfd68417c9cbccf607abda086d08e670d5451e2b885dbZero Day Initiative Advisory 12-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getFileInternal() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
70a89850ac9dc1cd883c181aae929ff4a71d499727264d2562593c361f329253Zero Day Initiative Advisory 12-175 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is create() which allows unauthenticated user to create a new user account for the service. This account has access to an DownloadFilesHandler which contains a flaw that allows you to download any file from the server including the server configuration files that contains the admin credentials. This can lead to remote code execution under the context of the current process.
63c7d0cb64b93026d854c51c9d224b782e10faf19f32dc134c2e2f728d9539c3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed