IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.
07d34c8cc41959e3fc58495e9c36c8046479cb6ce919a0514491dabfe2561b46Red Hat Security Advisory 2012-0332-01 - Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server.
83217c4f85e67c38de8250edb78839110461105a09c8ced94de19612811108b2Secunia Security Advisory - A vulnerability has been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks.
d1eae9f979b5bfd4714fff93034fc6ab1c0f21fefff41ec1064aaf25818e0d09Secunia Security Advisory - Multiple vulnerabilities have been reported in Zimbra Collaboration Suite, where two have unknown impacts and one can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session.
69262b494c1693be3244cdfeaf5fc63629de9e3feb8e2e85b2295633b5894225Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
35a63a05c4a33b71a7bcfee436327107866cecc57861e8d07b69574145af5179Zero Day Initiative Advisory 12-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uncsp_ViewReportsHomepage stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the uncsp_ViewReportsHomepage stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
38c96fbd0758de3d47d24f2cd78a96e8dd8121809197ed09d568532c067566adZero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.
1de96172989487fd3a6ea16f36030260ccf1f16e55224c94d2ef37c87fcf3425Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
0e8f7ca268f389e2b1876c29d7b402d6145d28a3f54451240d6162b5bbe3dc50HP Security Bulletin HPSBUX02741 SSRT100728 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
4a4c267d9d541a369ea92c687c9df43f531dfb40dcc39d4aae8a349d0e276192Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.
8d477b129cade9168945756f320e10f89d8e0cf7bba8bf7336e147cc0e23f36aDebian Linux Security Advisory 2402-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
f7f7b7d14f242917b8c9c29325d2201bc5a13f9d2f1a43f78eed23b9e91a0038Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
05c0dd91dd29762f5e296d14459621c31954abd49ee245eed81ed44d3cf305aeSecunia Security Advisory - A security issue and a vulnerability have been reported in Symantec pcAnywhere and IT Management Suite, which can be exploited by malicious, local users to perform certain actions with escalated privileged and by malicious people to compromise a vulnerable system.
94c1ed5ba71244ac481501b93666109aedbfad8ce8b1f7028e9f6571e0bcbd61Secunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM DB2 Accessories Suite, which can be exploited by malicious people to compromise a vulnerable system.
37515000f2354363c2bd29a3f4bf4f84f1996e0e948ea875004998e59a2870d2Secunia Security Advisory - A vulnerability has been reported in Oracle E-Business Suite, which can be exploited by malicious users to disclose potentially sensitive information.
3dd29051ff233751caafb21c351e1495feff4aabfd5eb7e57a08495032c00e1aSecunia Security Advisory - Two vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious users and malicious people to manipulate certain data.
c449325cc00b76438234b518003441fd982320c75839682416aa701a82191794Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in Kayako SupportSuite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to disclose sensitive information, conduct cross-site scripting attacks, and conduct script insertion attacks.
be9dd375198704e80d554bb81080a42d71cdb0404162f7615c399f9322ecb10dWOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers. These tools include bruteforcing the MAC address to wake up clients, sniffing WOL attempts and passwords, scanning for Apple devices and more.
e28f7b08a572231c36ca10c3933eb5f2549796295fe96083eb66efbad6aaf210Secunia Security Advisory - A security issue has been reported in vBulletin and vBulletin Publishing Suite, which can be exploited by malicious users to bypass certain security restrictions.
85348aedf72fe0403ad72a85647099290bc23ccfebda1b46161f02ad4d304421Kayako Support Suite versions 3.70.02-stable and below suffer from multiple cross site scripting vulnerabilities.
6388220ce5746c5f193fc985d52fcbfe5756c33f0e4edf0d648f11ec4782914aKayako Support Suite versions 3.70.02-stable and below suffer from an information disclosure vulnerability.
20084ddbb8a2ff6cf4d0dd2b7998c8b3d15c75f515922a64130b7664c8af010eKayako Support Suite versions 3.70.02-stable and below suffer from a PHP code execution vulnerability.
e47bcffce88a53a2a7b03acfb49fe193a2593ffc314a44126c1c3664d1a16d33Kayako Support Suite versions 3.70.02-stable and below suffer from a cross site scripting vulnerability.
e751861febf25fae1e2a8f5aa2948adcee16ff4744ed3ba2b9c80b55c1699005Debian Linux Security Advisory 2263-2 - Advisory DSA 2363-1 did not include a package for the Debian 5.0 'Lenny' suite at that time. This update adds that package.
b6fd5f67db4288edf661bbc8943258fa17410cbc92bcad67c9f6da86124d49ceSecunia Security Advisory - A vulnerability has been reported in Enterasys Network Management Suite, which can be exploited by malicious people to compromise a vulnerable system.
45e0109ea86fa49fc69ef311f84bcf5a5267a8e3ca44d42a218e31c4a2b8116dRed Hat Security Advisory 2011-1822-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.0 serves as a replacement for JBoss Enterprise Portal Platform 5.1.1, and includes bug fixes and enhancements.
82ea083ba0199172dd69274928ff1dcc5d9cb1f40e65fb4772f8d34ce98bdf81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed