RSA Archer GRC version 5.x suffers from improper authorization, remote shell upload, and cross site scripting vulnerabilities.
6a8a5e91e1b57ce0408f1ab97e52945082afdc7c31d4610a7ee64b7b5f03ed2eRed Hat Security Advisory 2013-0788-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials.
69e05585ba6d8d8814f688c1b52bb27b2f1508f025869853c0eea5b7c2bbdc7bMandriva Linux Security Advisory 2013-161 - Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.
ffcfcad0a47762c3459b69a420724e734e59173d0e903c4fc4e1cb8318bc2a35Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API.
5ee140ef4ee1fbbba3be2d987e3af93d9141d6766d1e154771745114d62a987dD-Link DSL-320B suffers from persistent cross site scripting and multiple authentication bypass bypass vulnerabilities.
39f8eb0877b4a1479fcf473272af42277ef75ed9a0c42219a8756b0d491a8ad4Michal Zalewski put together a really amusing asteroids proof of concept to demonstrate how a modified version of the javascript ":visited" attack can be leveraged based on visibility. Proof of concept js included.
0c1b7330caf6f1622bcdfe153cd13fde591641b80ff7a9881a550469301c5a39The Huawei AR1220 SNMPv3 service suffers from multiple buffer overflow vulnerabilities. Proof of concept code included.
a2461e3befdfb50515c11ca9595e07480247ee2c8f41a08738dc3a72c2c19311Webid version 1.0.6 suffers from local file disclosure and remote SQL injection vulnerabilities.
18d44295209f490ad81cc1f5e3e8e12c5e0835f2ffdca7b29f8ebc0733e53a86GetSimpleCMS version 3.2.1 suffers from a persistent cross site scripting vulnerability.
c104417689e0929e94e0ffb8bc8dcf34adf9b7f88d9438da13fcb5b0af45065dGetSimpleCMS version 3.2.1 suffers from a remote arbitrary file upload vulnerability due to not using whitelisting.
6e6a12193bbda8bbf5d3e8f79bc113751942309e56cc2e70e3ea96dc597d99f53CXPhoneSystem11.exe (for Windows) comes with vulnerable outdated third party libraries and components.
69cba503c241948b132b39eaebd4d6ea204480f2f09dd78aff20760fcccfa5773CXPhone6.msi (for Windows) comes with vulnerable outdated third party libraries and components.
bb201f262088d88b08a2e77776c0afb02bbbe6e69f68855536164dd78da9e033Apache VCL versions 2.1, 2.2, 2.2.1, 2.3, and 2.3.1 suffer from denial of service and cross site scripting vulnerabilities due to missing input validation.
2c1c5596e8e13b9395cc426a070f1a3de460f01bc9bca5807ab970a455c1f3d9Digital Whisper Electronic Magazine issue 41. Written in Hebrew.
943ec4e0485d74dd9ed39aa0d674f085cffe2af06b44da200b7904e9cc427b26JW Player and JW Player Pro versions prior to 5.10.2393 suffer from a cross site scripting vulnerability.
3245ddea3643dcef93da43abf81563693bdd734be6dea6a9c28c227473275b39This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.
9f18945c55a2fbd9055540900907f3a8eaa040d2e359f0cf0c72ca1e9f641b44VideoJS suffers from a cross site scripting vulnerability.
139174ef78c5cd7005b493eea97a84315c36e8d0deb9be083d494629a3bc8d5dMyBB Games suffers from a cross site scripting vulnerability.
4587a32c6a64a7513957760fbd359aa4690e411b2d53bfdc353478481de946cfThe Fujitsu Lifebook A512 with Windows 8 Professional x64 factory preinstallation comes shipped with out of date vulnerability components and insecure installations.
149be66ca877ed618264fb078501befafb7a2310c8c9244bbcb494a5d08d46b6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed