PHP Login and User Management versions 4.1.0 and below suffers from a remote shell upload vulnerability.
bd0631b0840255f200ab219736fbbaaa
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
8c6bbc874d1dba024e5d32ac06693a10
Red Hat Security Advisory 2012-0451-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code.
e1ebdafc731a17c30fafb41f24928280
Red Hat Security Advisory 2012-0441-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements. The following security issues are also fixed with this release: It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
a89039a4a91c060565a037962444f37e
Debian Linux Security Advisory 2445-1 - Several remote vulnerabilities have been discovered in the TYPO3 web content management framework.
bfa6fa633f848b4dec65292a864df2fa
Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
7bc2c38df6bd4b0e21e1eb8854ab2072
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
6a8589381ca1b0c1a921e9955f42b016
Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
a91d87508705fbbed4ab6cf5e057b000
Red Hat Security Advisory 2012-0427-01 - libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
a43eef1826a4d7960f6d2deaa0d89c9c
Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
765c01a1a7095fb564e5f4803e7ab78e
Tim Hendriks Content Management System suffers from a remote SQL injection vulnerability.
b1469614cf5e15cffbf8a0116aada2d1
Secunia Security Advisory - Multiple vulnerabilities have been reported in Novell ZENworks Configuration Management, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
0e6df2764fa0dc9f6eb20889bca5564d
Red Hat Security Advisory 2012-0406-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.0.1 release serves as a replacement for JBoss ON 3.0.0, and includes several bug fixes.
49bfdbc1a1d92ef191256aebb4c2425b
LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote arbitrary file deletion vulnerability.
5bd1f53d535b56bdac715abd0ce779c8
Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.
3e4d1d8f0f8720becbbd9b1a798952da
LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.
427d81acba32c9ed18437de98ddfe7ec
Secunia Security Advisory - A vulnerability has been reported in Ad Management Yoga, which can be exploited by malicious people to conduct cross-site request forgery attacks.
9271439112108a079fb8f4dd04a66c0c
Aanval is the industry's most comprehensive snort and syslog intrusion detection, correlation and management console. Aanval is designed specifically to scale from small single sensor installations to global enterprise deployments. Aanval is browser based and designed to work on all current variants of UNIX, Linux and Mac OS X.
f2c0bf183f5846cb1af421a80904000b
Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in IBM Maximo Asset Management and IBM Maximo Asset Management Essentials, which can be exploited by malicious users to disclose sensitive information and conduct SQL injection attacks and by malicious people to conduct spoofing attacks, cross-site scripting attacks, cross-site request forgery attacks, and cause a DoS (Denial of Service).
f3555efb09260e5185e3f2a4add25826
Debian Linux Security Advisory 2429-1 - Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects.
4b79b8f15eba56b6dbba49f270c8587e
Ubuntu Security Notice 1387-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.
b0c9ddd8933c790af07fb3fcdbddec1e
The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
9168599a30269df0cf080fbd1e6eb6bd
The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
39fa5254f3d7885d7982bd48771e9a2f
Secunia Security Advisory - A vulnerability with unknown impact has been reported in Novell ZENworks Configuration Management.
fefe4e0bdb98684a95ba9fd73b39f3a8
Debian Linux Security Advisory 2421-1 - Several security issues have been fixed in Moodle, a course management system for online learning.
a74bc62550a61a96abd86bbdfb4bb423
Ubuntu Security Notice 1379-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. Various other issues were also addressed.
ce143cf8b1b8cc8e8cc1bb38636b82a1