McAfee Cloud SSO is vulnerable to cross site scripting. McAfee Asset Manager version 6.6 is susceptible to a traversal that allows for arbitrary file read and remote SQL injection.
235fa0a455346bf78fc185e183a6d715c8696783a2e2e500e8bac0e9db5f3156Secunia Security Advisory - A vulnerability has been discovered in the Newsletter Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
cb36a950079f83af2f475c4d4271ef181153c76a6c34d8cd8acc35dc572988f3Secunia Security Advisory - Two vulnerabilities have been discovered in the Newsletter Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
dab4d85853f355eb400bf752e7cb6a03c798964ddc619cf1c02b76504f1f31b3FlexNet License Server Manager versions 11.9.1 and below suffer from a stack overflow vulnerability in lmgrd. Proof of concept included.
e1685cec49a2c9fdbef7f2df8194086852d758d0cee891a610d91b40c7e329acSecunia Security Advisory - IBM has acknowledged a vulnerability in Tivoli Access Manager for e-business, which can be exploited by malicious people to cause a DoS (Denial of Service).
3b0dea3aeb974eff62c4c99fc05efec9828bb0781b24f433a4a757b0b06c0354This Metasploit module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.
f0082fe343289cee7851fb985c1987add9c8ebcb058523260ad6c25997867acfSolarwinds Storage Manager version 5.1.0 remote SYSTEM SQL injection exploit.
8721ee1a12fe6d7008415fbf1a6f1b25e326924c27b9fa0e98b01fd1e473de9fStrato Newsletter Manager suffers from a directory traversal vulnerability.
76f188a12bf8d09a8dc736d69a4d3d4472dc396fd4320b488e73352c25ca8f9fSecunia Security Advisory - A weakness, a security issue, and multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
f3742b125f8fd332afbfeaf88124209b769c9fc2c36ae527b3caaa155008f4bdNokia CP Suite Video Manager versions 7.1.180.64 and below denial of service exploit that creates a malicious .mp4 file.
daf7b2e22b9a005980356be684ac1ed2fd5a006e4717b6e3dd0743dbd43d78a3Secunia Security Advisory - A vulnerability has been reported in TwonkyManager, which can be exploited by malicious people to disclose potentially sensitive information.
4f24c1defe0b4de613e5aa742ed4953c3aa2b686dccf2f00e5a593d675734b2eMultiple PacketVideo products contain a directory traversal vulnerability within the web server that is running on port 9000. These products are vulnerable to the attack regardless of having configured the "Secured Server Settings" which are available on the Advanced configuration page. Susceptible products include the Twonky 7.0 Special and the TwonkyManager 3.0.
d7cc75961c0a51603edd705eddc5a0af411e1503f0174c5d5cefe48addcd4c14Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
b0c8408942d275f30e267079642d97fbf210bdc1cf8f78ddc08d167596db105cAsterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.
98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701Mega File Manager version 1.0 suffers from an arbitrary file download vulnerability.
82d8be8c8a197aff6162ca8c6654d71c3bbc7be6d45c8e286a8be96f62d01204Secunia Security Advisory - A vulnerability has been discovered in the Download Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
21c5c47de8c72653177f65ab6af5cc82467a8b1be235930dff2d4911ca3bb43cSecunia Security Advisory - A vulnerability has been reported in Oracle Identity Manager Connector for Database User Management, which can be exploited by malicious users to manipulate certain data.
5d4de1b8bdc2499c7b5da4f6ca7e8e1bd88337b6b5bc4484cffdd204af8ee9a3Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5 and 11.1.0.7 (and previous patchsets) suffer from a session fixation vulnerability.
b23814439d636e11ed6a260aec8c598ed350de8a5024e6065430fd9b1b3534e8Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the prevPage parameter.
8181e024c40eda634dec94eeab4606fb3db63b7568215c373cb8f48ead738da1Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 10.2.0.5, 11.1.0.7, and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.5 (and previous patchsets) suffer from an HTTP response splitting vulnerability in the pageName parameter.
4a9392fef4e6e9384b1634a3dd07200e175b383fcc4c1b78ec8e889706f4392dTeam SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.3 (and previous patchsets) along with Oracle Enterprise Manager Grid Control versions 10.2.0.5 and 11.1.0.1 (and previous patchsets) suffer from a remote SQL injection vulnerability in the searchPage web page.
238c4c370d27fbb4af33c31d9b6b3c6a70be3e90074b5802d357dae06c3c99a4Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control versions 11.1.0.7 and 11.2.0.2 (and previous patchsets) along with Oracle Enterprise Manager Grid Control version 10.2.0.4 (and previous patchsets) suffer from a remote SQL injection vulnerability.
aaf728d372e18f22b5e25311a5a3f620eec0564baa23a4ceed2f9a4ee870f4c0Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious users and malicious people to disclose potentially sensitive information and manipulate certain data.
a582ae23e10997c0d9b4daf76b0e8efb1bd46136ec1043d0fe26db13b10bf615Secunia Security Advisory - A vulnerability has been reported in Oracle Identity Manager, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
a50837c4ca1aaebf48c86cbbecf6a448857ef1e17b53afb4ec81cd50b6406837This Metasploit module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" parameter with user controlled data is used to build a "Content-Disposition" header and attach contents in a insecure way which allows to overflow a buffer in the stack.
cc74382e2035afca25b92161a9b63460e74741bb7ded9bd96d66e5da0d29eb86Secunia Security Advisory - Cloudera has acknowledged a vulnerability in Cloudera Manager, which can be exploited by malicious users to impersonate other users.
606469c93bbd2fecb2b7480ae32edaf9b0aa669a8d02dcea2be0bdb04c51702f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed