Secunia Security Advisory - A security issue has been reported in PlaySMS SMS Gateway, which can be exploited by malicious users to bypass certain security restrictions.
503ad8d5bc008c83bada9a0c9cc0a83b7644c43d9e0dc6e9b065cb49fe8a96b5
Secunia Security Advisory - Red Hat has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
c9522e3f81a00d1e0b7327967b19a815e985e13d16e0f342fc4ef6764fdeff8f
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in Tiki Wiki CMS/Groupware.
e00c2e31728e9f7bc3d93eeb6a2f158eb8d04801de2112ee656c4ad5e3445899
Secunia Security Advisory - A vulnerability has been reported in Qemu, which can be exploited by malicious, local users in a guest virtual machine to potentially gain escalated privileges.
1afff84cb61fd0ba05ff37aa7edf5d07336b54412a8f46d32cbdf1a94ddbd0f0
Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixed a security issue and some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and bypass certain security restrictions.
8e6d1cbcdc941d94e0c7e79599009bdf727bc7705998bed4bfb7aaff4a77bebb
Secunia Security Advisory - Debian has issued an update for zabbix. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
5dc29f874e37fbebd27bd64759ed24edfdb7ea3effe18571cfb1dd12a9a769b2
Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
31c768d4345c4a8bc86e8ea094521406085b51cfa554e8ec0d0b1521a3537547
ICS-CERT Advisory 12-243-01 - Independent security researcher Justin W. Clarke of Cylance Inc. has identified a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password. This vulnerability could allow a remote attacker with any level of access to the system to escalate the attacker’s privilege to the administrative level. The attacker must have access to a logon account on the device to exploit this vulnerability. GarrettCom has produced a patch that mitigates this vulnerability.
71f6ced785250177950747b2672a05eeff6721af0e798ee700d0e98c8b4b363b
This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.
a43d27bd69dd1a7e1c0fff3b8a4a24b14573fc751ae1415faf70bc5354e57f89
This Metasploit module exploits a code execution flaw in HP SiteScope. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the getSiteScopeConfiguration operation, available through the APISiteScopeImpl AXIS service, to retrieve the administrator credentials and subsequently abuses the UploadManagerServlet to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2.
67a67e063170cfbbee06938a04c27b05f533096fb0b94e357687f2dd391e82f8
TestLink version 1.9.3 suffers from a cross site request forgery vulnerability.
736b804ed14899a61e45af9653a9658234392141a3b1244d4491cc912560e8b1
Kayako Fusion version 4.40.1148 suffers from a cross site scripting vulnerability.
22c8939a4ff8f7653b41b96e3d5e28adb2daf84ed90611ca28c98c0000ba9ed9
Apple Security Advisory 2012-09-05-1 - An opportunity for security-in-depth hardening is addressed by updating to Java version 1.6.0_35.
40683407869977f11f2178ecba0709810a82b7f712437df50ec3b2b0fe8ed802
Drupal Exposed Filter Data version 6.x suffers from a cross site scripting vulnerability.
52e6f98cc1bc38e3e2eb148dfdcca7acb277e9f88c7570ad4d640880e2e5bd37
Drupal Heartbeat versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
1b69734a3e410cd01c33085f61b037a1e7ef4942201be9dbe2e7607c5748d08e
Flogr version 2.5.6 suffers from a cross site scripting vulnerability.
121f75b7018579ac3d30797c9d6d69498ac7e2be3d261bd041823c624da988d0
RootedCON 2013 Call For Papers - RootedCON is a security congress that will take place between March 7 to 9, 2013 in Madrid (Spain). With an estimated capacity of 670 people, it is one of the largest specialized conferences ever undertaken in the country and one of the largest in Europe, with profiles of attendees ranging from students, state forces, through market professionals in IT security or simply technology enthusiasts.
11029accce51a6ffe621bde34e401c66b388459d9b1e9d4a2ec8659b6d220883
mcrypt versions 2.6.8 and below suffer from a vulnerability that is caused due to a boundary error in the processing of an encrypted file, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted .nc file. Successful exploitation could potentially allow execution of arbitrary code on the affected machine.
180992cedcdbda9713f765bd805e86bd35f9352d536b84ffc9e7276e64fab984
Web@All CMS version 2.0 suffers from remote shell upload and local file inclusion vulnerabilities.
89fe4d72c6e0633b4f99cb3605416a0313e9dc5ff6be7db1ec4dabe98a5e2d72
Ektron CMS version 8.5.0 suffers from unauthenticated file upload and XXE injection vulnerabilities.
aec2ac7f32fa1685fd5e487de3e2ea551d1c03b5a65c07c2695b12fd0654d18e