Zero Day Initiative Advisory 12-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw is a directory traversal in the UploadFilesHandler url that allows you to upload files to the server into a directory on the server that allows for scripting. This vulnerability could lead to remote code execution under the context of the current process.
4ee84abc0ed60faa0ef4eaf23e562588e583a3ba9fdbd25999ffb6342ecf1e64
Zero Day Initiative Advisory 12-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. A remote attacker could abuse this vulnerability to login to SiteScope with administrative privileges then execute arbitrary code through the underlying functionality.
3664679a0798fdfd213eb09c398b686510ec5256a83ac88387b3ba49d44830c2
Zero Day Initiative Advisory 12-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RSScheduler service JDBC component of Operations Orchestra which listens by default on TCP port 9001. The component is vulnerable to SQL injection attacks. Remote, unauthenticated attackers can exploit this vulnerability by injecting malicious SQL into the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
2e6296934e9eb31a41004fb77a403dabf9b037e9f8ff4edde0c15edcccb89a28
Zero Day Initiative Advisory 12-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the uam.exe component which listens by default on UDP port 1811. When logging received actions to a log file, sprintf is used to build the log message. The process does not properly verify the destination buffer on the stack is of sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
72b76f5f036df5670bf0135032f957301d5d812167752414d6bc378a702e8dc4
Zero Day Initiative Advisory 12-170 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Application Lifecycle Management. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XGO.ocx ActiveX control. The control exposed two vulnerable functions: 'SetShapeNodeType', which is vulnerable to a type confusion allowing user specified memory to be used as an object; and 'CopyToFile' which allows an attacker to create and overwrite files on the system of the user invoking the control. The attacker can utilize these vulnerabilities to execute remote code under the context of the process.
d3c9828441c320ddd3cc9e187105d893074559a023cf494f12db26998b203cae
Zero Day Initiative Advisory 12-169 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the KeyHelp.ocx ActiveX control. The control contains a LaunchTriPane function that allows launching of the HTML Help executable (hh.exe) with customized command line parameters. By using the -decompile switch, an attacker can specify the folder to decompile to and a UNC path to a specially crafted .chm file. The attacker can utilize this vulnerability to execute remote code under the context of the process.
1d9cc5e9c9e4b44c3492912b95ec7b4338a90ddb678216b44fd28eec565c9802
Zero Day Initiative Advisory 12-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.
d3906c04c1551295a1d49431e04af6182300549f596f348f989e9e3ea751e535
Zero Day Initiative Advisory 12-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.
69ef2ff5d98292fa291bf2211351fecf6a6b0eb8a1a5ff2d20882a59592c9bb3
Mandriva Linux Security Advisory 2012-146 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Various other issues have also been addressed.
d9b0e412f5ed192520dfac9c307c9df27ba2b4bccfafea9d868885005ffef2eb
Mandriva Linux Security Advisory 2012-145 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other issues have also been addressed.
9fbb0084a57f0671e6c2c0ce4d1e2841a703b2cf91116f2f1ffd7567ef4804dc
Red Hat Security Advisory 2012-1211-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malicious Scalable Vector Graphics image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
8c97839258033a6c0ad46097a7e78aa875b3917ef4f5ccb91b32af7bc915816e
Red Hat Security Advisory 2012-1210-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a malicious Scalable Vector Graphics image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
9b5a9cea8f65e07fb2da4b3a175b7587efbc9e0360d69000b2ead87872003321
ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffc
Puma.com suffers from a cross site scripting vulnerability.
9a6077194d65dfacc4d2f18883f2652b3d4f693d2182054e755895b95d48e936
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
7938b500996336df96808c40f3d1aa2ec7ab56a086cb184341748ff728e6ec44
Secunia Security Advisory - A vulnerability has been reported in Mono, which can be exploited by malicious people to cause a DoS (Denial of Service).
c1aa8c327a4f7c4470540686f5c87599e018b3b674100c125d0ee45adc7f87b0
Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.
13825168a3825675f25b18e32c52792602c8715895e204ddd5686bdd69a09e47
Secunia Security Advisory - Ubuntu has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
1a1587258c7647774a0fb54acfc08e82810406e76fa1a452dae41c42985155eb
Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct phishing attacks, and compromise a user's system.
b63a1f551a67861ee8ae508d94306fe2f1b051184498da150c1ea24186ccf39a
Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
0233ca4e89f1d124dce0ee10ec07c604bba6346399daddcf115256f273e09d7e
Secunia Security Advisory - Some vulnerabilities have been reported in op5 Monitor, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
6928f7f24b305bcb57a4ef0c47d4f2bdd2a2fbc039798601ad93185af8805548
Secunia Security Advisory - Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
0a4d844a10cfd1f352896a2efa65a6dba99d9258f0e5537a916317c43da1e234
Secunia Security Advisory - A vulnerability has been reported in Atlassian Bamboo, which can be exploited by malicious people to compromise a vulnerable system.
2814041ba8fc9db7912b83beca6dadd7cf24dea41de74cff6cb686a2056a8e6d
Secunia Security Advisory - Two weaknesses and some vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks, conduct spoofing attacks, and bypass certain security restrictions.
e60dc08ba01e11022bcb5b67df20aa62ee01b2897f073690ddce646028c8fd97
Secunia Security Advisory - Multiple vulnerabilities have been reported in SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
624455266972714285a26f15f0a55cb838bb98c054ad76109a940de78fdeabb6