Secunia Security Advisory - A vulnerability has been reported in HP Intelligent Management Center UAM, which can be exploited by malicious people to compromise a vulnerable system.
ed081b3141c7412bb2b1b05783e81c7f1ae35b053cb2b8a1f5501924e89ac6ef
Secunia Security Advisory - Two vulnerabilities have been reported in HP Application Lifecycle Management, which can be exploited by malicious people to compromise a user's system.
d3b49bb6a4c2155106f81b536f52d76c6e175bb39f31f251ac7ae500951bbda3
Secunia Security Advisory - Multiple vulnerabilities have been reported in some IBM Rational AppScan and Rational Policy, which can be exploited by malicious users to disclose certain information and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
b424d0d27a9ea2abe1c1defa48d7c83745007f4dffbac9795618a2b1b29cd753
Secunia Security Advisory - A vulnerability has been reported in HP Operations Orchestration, which can be exploited by malicious people to conduct SQL injection attacks.
e566b6987d5750f610bfab48911d4ccb1c4c0081b60768caed0d4729c6e176de
TomatoCart version 1.1.7 suffers from a cross site scripting vulnerability.
0c07814d08fbfa12a47580606c8545fc61df5e12c363b5e7233df9904b3df0a6
Ubuntu Security Notice 1505-2 - USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web browser in Ubuntu 11.04 and Ubuntu 11.10. This update fixes the problem. Various other issues were also addressed.
1157f11b2d63aa85f84b214f9dec793f27b9998e1ad7048935a9b0c8eb84fe6a
Debian Linux Security Advisory 2535-1 - It was discovered that rtfm, the Request Tracker FAQ Manager, contains multiple cross-site scripting vulnerabilities in the topic administration page.
eb24626e3a933edec2eb2949d720970d3a2fdb156db268249200395c08a66663
Ubuntu Security Notice 1548-1 - Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
ce87c21a6c2469f17ca24d7dcc65b9195b43b4503dfb480587baa3201f6d1112
Endonesia 8.5 CMS publisher module suffers from a remote SQL injection vulnerability.
2b7945c56a8f9846517260ec379412697319a8da8f902141f87eb1058681b581
squidGuard version 1.4 may suffer from a denial of service vulnerability when fed a long URL.
fc2b35ea47586fba7304892ac8282bfcbf545aead94d1ecb4627ea55270709b0
Winlog Lite SCADA HMI system version 2.06.17 suffers from a SEH overwrite vulnerability.
65763c2d8beef5f0757ae8cb84213f5458a558619a807c7ffc08f54e8de3a0d9
YourOnlineAgents CMS suffers from a remote blind SQL injection vulnerability.
6e4aaf2fcf81a9aefc84e43c1f9c90e1b7bfd1cc5114b7b861c96dc50dc8a7e9
This is a rudimentary runtracer for Windows 7 on x86 (ASLR resilient).
0c338f0abacb1298c6e3159ef4e1383419cd701b04ef15d5434f37c70994813a
iSolution CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
1a08a1a12a801bc316f73078633539d6a650fbcb8bc90023cfe06640eece4665
Disqus Blog Comments suffers from a remote SQL injection vulnerability.
d153d27a4a6e5a7b4b64cb53d6872723f2de5a385ce4b520ca8623a249712a95
WordPress HD Webplayer version 1.1 suffers from a remote SQL injection vulnerability.
794f8fb3c3303c1fd8753b97a7fade46db699ff0285978b9dae1170f973058ad
Mandriva Linux Security Advisory 2012-147 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other vulnerabilities were also addressed.
ac842d060e5a71fbd19379a59603aad1eb68341ea634c795cd15a6abd94be521
Zero Day Initiative Advisory 12-182 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WxSuperCtrl650.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files inside arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.
6aa38dcf56266cca5031793e281cb153a6a3cbeed54f22bddc1b5e8754cbf960
Zero Day Initiative Advisory 12-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins as well as the Microsoft Windows spooler service. When handling certain requests the client-file-name parameter is improperly copied to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM.
8979b4441be91dc89370ce5a0c381bc13ea650e7ac616526aaef1318d9a9dff3
Zero Day Initiative Advisory 12-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Admin Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ISGrid.dll ActiveX control. The process performs insufficient bounds checking on user-supplied data passed in the DoFindReplace() method which results in heap corruption. This vulnerability can be leveraged to execute code under the context of the process.
6cda57ac5d2dddf4b3b0a51b759fbd94b82e7766e18694fd0cc41e25bf65aec3
Zero Day Initiative Advisory 12-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC ApplicationXtender. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AEXView.ocx ActiveX control. By manipulating a combination of the DisplayImageFile, AnnoLoad and AnnoSave methods, the vulnerable AnnoSave() method can enable an attacker to save arbitrary files in arbitrary locations. The attacker is able to control the file extension and the creation path via a directory traversal issue. An attacker can leverage this vulnerability to execute code under the context of the process.
a7465b5401eae09d86f86686525c56e6d712583245d647f15ff28395259f58e1
Zero Day Initiative Advisory 12-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is update() which allows an unauthenticated user to update the admin credentials. This can lead to remote code execution under the context of the current process.
a7d7cad7879c61819dbc94f08be01be1e8d0afbc314b1e6219a955b923aa173f
Zero Day Initiative Advisory 12-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is loadFileContent() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
a981f2b2198bcd2e57cbfd68417c9cbccf607abda086d08e670d5451e2b885db
Zero Day Initiative Advisory 12-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getFileInternal() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.
70a89850ac9dc1cd883c181aae929ff4a71d499727264d2562593c361f329253
Zero Day Initiative Advisory 12-175 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is create() which allows unauthenticated user to create a new user account for the service. This account has access to an DownloadFilesHandler which contains a flaw that allows you to download any file from the server including the server configuration files that contains the admin credentials. This can lead to remote code execution under the context of the current process.
63c7d0cb64b93026d854c51c9d224b782e10faf19f32dc134c2e2f728d9539c3