Secunia Security Advisory - A security issue has been reported in PlaySMS SMS Gateway, which can be exploited by malicious users to bypass certain security restrictions.
503ad8d5bc008c83bada9a0c9cc0a83b7644c43d9e0dc6e9b065cb49fe8a96b5Secunia Security Advisory - Red Hat has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
c9522e3f81a00d1e0b7327967b19a815e985e13d16e0f342fc4ef6764fdeff8fSecunia Security Advisory - A vulnerability with an unknown impact has been reported in Tiki Wiki CMS/Groupware.
e00c2e31728e9f7bc3d93eeb6a2f158eb8d04801de2112ee656c4ad5e3445899Secunia Security Advisory - A vulnerability has been reported in Qemu, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
1afff84cb61fd0ba05ff37aa7edf5d07336b54412a8f46d32cbdf1a94ddbd0f0Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixed a security issue and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and bypass certain security restrictions.
8e6d1cbcdc941d94e0c7e79599009bdf727bc7705998bed4bfb7aaff4a77bebbSecunia Security Advisory - Debian has issued an update for zabbix. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
5dc29f874e37fbebd27bd64759ed24edfdb7ea3effe18571cfb1dd12a9a769b2Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
31c768d4345c4a8bc86e8ea094521406085b51cfa554e8ec0d0b1521a3537547ICS-CERT Advisory 12-243-01 - Independent security researcher Justin W. Clarke of Cylance Inc. has identified a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password. This vulnerability could allow a remote attacker with any level of access to the system to escalate the attacker’s privilege to the administrative level. The attacker must have access to a logon account on the device to exploit this vulnerability. GarrettCom has produced a patch that mitigates this vulnerability.
71f6ced785250177950747b2672a05eeff6721af0e798ee700d0e98c8b4b363bThis Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.
a43d27bd69dd1a7e1c0fff3b8a4a24b14573fc751ae1415faf70bc5354e57f89This Metasploit module exploits a code execution flaw in HP SiteScope. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the getSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS service, to retrieve the administrator credentials and subsequently abuses the UploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2.
67a67e063170cfbbee06938a04c27b05f533096fb0b94e357687f2dd391e82f8TestLink version 1.9.3 suffers from a cross site request forgery vulnerability.
736b804ed14899a61e45af9653a9658234392141a3b1244d4491cc912560e8b1Kayako Fusion version 4.40.1148 suffers from a cross site scripting vulnerability.
22c8939a4ff8f7653b41b96e3d5e28adb2daf84ed90611ca28c98c0000ba9ed9Apple Security Advisory 2012-09-05-1 - An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35.
40683407869977f11f2178ecba0709810a82b7f712437df50ec3b2b0fe8ed802Drupal Exposed Filter Data version 6.x suffers from a cross site scripting vulnerability.
52e6f98cc1bc38e3e2eb148dfdcca7acb277e9f88c7570ad4d640880e2e5bd37Drupal Heartbeat versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
1b69734a3e410cd01c33085f61b037a1e7ef4942201be9dbe2e7607c5748d08eFlogr version 2.5.6 suffers from a cross site scripting vulnerability.
121f75b7018579ac3d30797c9d6d69498ac7e2be3d261bd041823c624da988d0RootedCON 2013 Call For Papers - RootedCON is a security congress that will take place between March 7 to 9, 2013 in Madrid (Spain). With an estimated capacity of 670 people, it is one of the largest specialized conferences ever undertaken in the country and one of the largest in Europe, with profiles of attendees ranging from students, state forces, through market professionals in IT security or simply technology enthusiasts.
11029accce51a6ffe621bde34e401c66b388459d9b1e9d4a2ec8659b6d220883mcrypt versions 2.6.8 and below suffer from a vulnerability that is caused due to a boundary error in the processing of an encrypted file, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted .nc file. Successful exploitation could potentially allow execution of arbitrary code on the affected machine.
180992cedcdbda9713f765bd805e86bd35f9352d536b84ffc9e7276e64fab984Web@All CMS version 2.0 suffers from remote shell upload and local file inclusion vulnerabilities.
89fe4d72c6e0633b4f99cb3605416a0313e9dc5ff6be7db1ec4dabe98a5e2d72Ektron CMS version 8.5.0 suffers from unauthenticated file upload and XXE injection vulnerabilities.
aec2ac7f32fa1685fd5e487de3e2ea551d1c03b5a65c07c2695b12fd0654d18e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed