Insomnia Security Vulnerability Advisory - One of the pages included in the admin interface of Up.time Systems Management software contains a function designed to set the administrator password when the interface is loaded for the first time. After this task has been completed the code which processes this request is left in the page. By sending a specially crafted request a remote attacker can abuse this functionality to bypass the servers authentication mechanism and reset the password for any account.
6c9f9fe29a5db7bd0c9e35ad56265abf778b16ff07e28d1298796b7d1a51ecf2Insomnia Security Vulnerability Advisory - An insecure URL handling vulnerability exists in Pidgin versions 2.9.0 and below that can be exploited to cause remote code execution. This vulnerability requires user interaction in the form of clicking a malicious crafted URL.
78f433609701f4f1da1ce29a348a9c690cd4095e97081d3ac07d88c61cd8c42fSecunia Security Advisory - Insomnia Security has reported a vulnerability in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to compromise a vulnerable system.
7083a0ec78588fad991fb51a632aa10454d3252b0c4809f91b05e45a4354f921Insomnia Security Vulnerability Advisory - The ODBC service component of IGSS listens on port 20222/tcp by default. The application layer protocol runs over TCP and reads an initial packet that specifies the amount of data to follow. A second read then takes place and the data is copied into a variable length buffer. Next the data is parsed and during this process a buffer overflow occurs on the stack. At minimum this vulnerability leads to denial of service though remote code execution may be possible.
9b00196dabcaf93182f5a536e6c2c63ee2b1c359b79ac0f8472802f7bb57d00fInsomnia Security Vulnerability Advisory - EasyManage Content Management System suffers from a remote SQL injection vulnerability.
e5becb2b8475b0b2f94b2eb2b5bbdeb1104541b5cbec60eb630f4d3514ae6443Insomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.
39f5ed63255f91f74bafeb10491b25db0ff238ff227c677e96fd690e0beceae1Insomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.
0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573Insomnia Security Vulnerability Advisory - The Altiris Deployment Server Agent in Altiris Deployment Server 6.X suffers from a privilege escalation vulnerability.
ad4df9326b88cc8114e907561c055aaa21aa5a4cccfa765a54aeb3b200530a40Insomnia Security Vulnerability Advisory - Microsoft Office OneNote suffers from a URL handling vulnerability.
cd5c05fc129fad5e01ad13fafee248da86bca40d183785e3fddc3dc796468b18Insomnia Security Vulnerability Advisory - Microsoft SQL Server contains a buffer overflow that can be reached by causing the server to attempt a database restore from a corrupt back file.
5a50603e65e5b46c0ff831ce59e84e01f0f7a9d8c6723e48eb9d86453a08b703Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.
234df1762e5efb593ef96dd70a17ec44fe21692085b54ea3770decbd5d36aeb3Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.
326d2fd0343a50acde785461329cd29f99ec31a55cf0fdeda6e4172d09fb8bbf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed