Beltane is a web-based central management console for the Samhain file integrity / intrusion detection system. It enables the administrator to browse client messages, acknowledge them, and update centrally stored file signature databases. Beltane requires a Samhain (version 1.6.0 or higher) client/server installation, with file signature databases stored on the central server, and logging to a SQL database enabled.
6cff066f40f8d61db49afeacb90b0290f046841d98979ebee29299be3d6fe88dLinkedIn suffers from clickjacking and open URL redirection vulnerabilities.
b6579358ab8ea2745cc3360e9133088f1110d9aebb005e3b3138404134f48e5fSlackware Security Advisory - New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.
000552f2a548f3bf42223e0f2764b341a663c102cc85900664d56344ac684049Confluence Wiki versions 3.5.9, 4.0.3, and 4.1.4 suffer from a cross site scripting vulnerability.
9bcf399a2e8ea5531b3605b2128bf6b02fa2c55f7a7dea89f867a811b06a28d7Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.
a096bed06db60f636bf2bafdc2c50790b87a13319d23ccace1d019062338e47fSlackware Security Advisory - New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.
b786300c75cbab9d6cc18580e9be933d433110a6c529226c2fa13191cc6d8c5fMultiple CNN sites suffer from a cross site scripting vulnerability.
096af4011880d288a5647811b198a78701418586dcb30a2927def6dfc9268a09IFOBS suffers from cross site scripting and brute forcing vulnerabilities.
065d53ba03513e5662ef8b879522b39ede97e028bf86ca1db8b8b6aa9679f634Vetor Design based sites suffer from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
fd917f043929b483d7b010f851cf056f010cf2f878bc643ccff5d44b63a5148eTrainor suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
8299bb963d997ff2b0c5b98826cea0e0e7ba4cb6b3b7b717e49f86db73db7f42The University of Wisconsin suffers from a cross site scripting vulnerability on commarts.wisc.edu.
3c9dbcba637bf78582ce1f17faef4824ab22c796a14ea0dec8e3fac15a409641This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.
7ce41ed8870542efde605f50001955d8595ff56317328c0892477dec49dbddecThis document is an analysis of the Oracle Java Applet SunToolkit.getField remote code execution vulnerability as noted in CVE-2012-4681.
984b4382479c7f5ba1f0cdda3a43a567466a673b2a4732358d08f4d66b5b22cfTrend Micro InterScan Messaging Security Suite suffers from stored cross site scripting and cross site request forgery vulnerabilities.
d86efa1d88ecdbb7560b3e29adb1a12d5b6a2953d61809ccae4d56fd757440dc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed