ManageEngine ServiceDesk version 8.0 Plus suffers from cross site scripting vulnerabilities.
8616515dfc840b10244580b4236a536565045ddd3abdb1854b027016b0b960d7Mandriva Linux Security Advisory 2012-173 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution. Various other issues were also addressed.
820a649b00028100a5269c4edfcc2cd80daf8b25e032c81ad040ddb62e795ce0dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
d46225e6ffc0eec269ac97abe0411a6f3763bb5a9ed63edecc2da5f6af7a7779swfupload_f8.swf suffers from a cross site scripting vulnerability. Affected systems are TinyMCE, Squeeze Documents for SPIP, Upload Manager for Radiant CMS, AionWeb, Liferay Portal (Community Edition, which earlier was called Standard Edition, and Enterprise Edition), SurgeMail, and symfony.
7cb01fdd1e05d212be9f91472666f74a1a2ccbefb7f0261aa01eccfa4a976751Ubuntu Security Notice 1638-2 - USN-1638-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
99bb7f4ae7c5cde08a7f0475af92bbd1b2a459027ddb9a137e6275eb69fa9002Ubuntu Security Notice 1636-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Thunderbird. Various other issues were also addressed.
8b9c321e37e69fc94d55f674ba19416d645fa20775fb41523e7fdbeb02008603Ubuntu Security Notice 1638-1 - Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow while rendering GIF format images. An attacker could exploit this to possibly execute arbitrary code as the user invoking Firefox. Various other issues were also addressed.
51b60eda7a1a9533853d033f01876fc9d4848a9964a22a5de8e4b86ae64b7e32Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.
6864ba7f5f6a718c9e0112e11cec496ec671ff32f21f776d4ab22411b5416b9cUbuntu Security Notice 1635-1 - It was discovered that libunity-webapps improperly handled certain hash tables. A remote attacker could use this issue to cause libunity-webapps to crash, or possibly execute arbitrary code.
c60b9862fd0c02eb901893aa19aecfbc975e315df18bf3ed7e1d9834919732d3This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.
f79aa10f08abac5de98e9a1207c3259575b8c431b2e93a15ad5ebc8cf3d70deePHP Server Monitor version 2.0.1 suffers from a stored cross site scripting vulnerability.
a66b0a9487b95c5307915eccadb39223d33aa5451ae999c36c581fabd1220cfcThis Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501Yii Framework version 1.1.8 suffers from a remote SQL injection vulnerability.
d41438703075497185a196eafaeb2ea7f0fefde46cd9bc2ccba91796a1f6e261pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
e1ebeb3cd8d8b516d0de6025c5a67ae7cbe930bd6b71ede62b7fdd6f379d979cFeng Office version 2.0 Beta 3 suffers from cross site scripting and privilege escalation vulnerabilities.
c7f9176fbec9a9bd75131316e5716c7fac417c119bd0f14371400af5c4cdfa99Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.
be8ee2f9dea1ea04d565822bbeeb2456c9677be7472447e186e0618f85defcfbSecunia Security Advisory - A vulnerability has been reported in HP Integrated Lights-Out, which can be exploited by malicious people to disclose certain sensitive information.
69110141fe4b1ab4fb598f741d66b4604565bb8da2cb2caf39468172dda47286Secunia Security Advisory - A security issue and some vulnerabilities have been reported in eSolar Light, eSolar, and eSolar DUO, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.
2dff7bd20d40719ee8b9ea6ff6c45006977c7ef70bc608918df2b94630cc00e0Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Security AppScan Source, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
f1d644fe8d006ebed9e202db72efd59d850407fbb3c5594c9dbc4014fd63e257Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Libxml2 included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
34c3094d91237d32124bc29d812fa9b36f2db7f45711d9d47066eed1dd99e2f6Secunia Security Advisory - A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service).
d229f5ab17f0d7e33140e59a3bc600416780e5d0cbe68f343c507b24d3771debSecunia Security Advisory - SUSE has issued an update for libvirt. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
4000528c635f0a487080f49dd94a9f734b804260d9fbed7bef37c8b1ee226bf8Secunia Security Advisory - SUSE has issued an update for plib. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
55e19a80a6cca20a17df0c4c53e540cf7b67e0d7847ad93e576a7a10c4b38e9cSecunia Security Advisory - A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).
135426d29a0c4837e2d882f49e72bf45f6de288695a3cdc81b64dd7b0d73b468Secunia Security Advisory - IBM has acknowledged a security issue and a vulnerability in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).
aafdd9602a49cc63edc87be513dbfb2910e619f3528ce3b1a073f00d3a02b7ba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed