PRTG Network Monitor version 7.1.3.3378 suffers from multiple cross site scripting vulnerabilities.
929aabab18dd36ddc0d64df2ed1835203b3bfafb3b51f2c7989ed4531b579fda
Red Hat Security Advisory 2012-1169-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.
7d5b013b987ff091dd7a23fc5f576eb318a9b088700f78e918b6ba97b41e66c5
Red Hat Security Advisory 2012-1168-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.
d2ced5174e3b3e5aa23d5bb70fe45a1a71a1a33cadc9611bc0fa7bc2e78e8c66
Distimo Monitor version 6.0 suffers from multiple cross site scripting vulnerabilities.
8997d4bbe63b34cb1da238ba0f409d0e3cab0dbc64082cb95fb7bcf37f7dc08a
Secunia Security Advisory - Some vulnerabilities have been reported in SolarWinds Network Performance Monitor, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.
1926cf191e0518f471db743d332526dbf0ca8b20f48a2342d63cb6c00cd7ebcf
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
bfb10445f74a3bad526d0bc5d4bdd023e4c36c32ecbaf3e20091f91bbf16c5c1
Secunia Security Advisory - A vulnerability has been reported in the Campaign Monitor module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
4cc6d2225fa3b10d157826f31126c15c92831ba5c55771ed210fbcebd5efd142
Drupal third party module Campaign Monitor versions 6.x-2.x prior to 6.x-2.5 suffer from a cross site scripting vulnerability.
fcf698f74e9bd805c5289afb6e0ad89ddcb88901f7884f93b45a0a3a837ab1eb
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
1701fc58dc21a0ecb6c45f4836abb5e380f5e8214af1f3d389ec0e35ee46a019
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
79fd0da76674b5e455a947a43496357a83abbd086c7bf141c80764ec54afd32c
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
9e3d29cc126a1609f93c89cc4b178fb01f091d989e2b8cec117b79eadf7b611c
Check Point Abra suffers from multiple security vulnreabilities. Imperfect control modules and data monitoring allows you to run any file, bypassing the current policy around virtualization, and read/write data from an isolated Abra session directly into the PC operating system, conduct phishing attacks, etc.
fd38db2d9b2ab2fa942d55e39415191f7800d837620ebccc49fa1b3074ad2a6c
ipv6mon is a tool for IPv6 address monitoring on local area networks.
87998c9beb90c410776520cb78807d8b97edb1ae4718be2cd8ed998cb9c50079
Red Hat Security Advisory 2012-0796-04 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default.
2155d79e28e8e74a243b1f67069744419bc5811e098622feae8c4b6cb4ec4962
The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques.
f4297d4df9c7cacbca1f10534a0d4c968fff5b9b90fe6f1cbd3316b6cc0ac1d1
Red Hat Security Advisory 2012-0725-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.1.0 release serves as a replacement for JBoss ON 3.0.1, and includes several bug fixes and enhancements.
8d3bb8bd4dec312c37db12ea1d0326d27764478c6640f56aba6202f31ce7e031
Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
73ff5dfb078e0744709d0ead26276a1c88af8a9f0515e786a60c84bd9cd9cfc7
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
11557623033f83fd59c047df77732ae8b78ffc6326f727c0c1aea355a332f580
WordPress Download Monitor plugin version 3.3.5.4 suffers from a cross site scripting vulnerability.
1f4d185b80123fbf8df66916397b96e0618c037e026207693f3fc9e0f7db1cdd
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
7535e3c956995ec088e0036a3ecb227af85f7e7498611ed214ba05bc70a26996
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
94dad2184e4ccfe8bb52bebf3d33dc6d653dfad67dc23d4198e3f1a6deb8463b
Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.
98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701
Red Hat Security Advisory 2012-0509-01 - Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
a8e8a801da4b7a24fc2903f6f33c984e1248132f1730c633edd984d26d065336
This Metasploit module allows remote attackers to execute arbitrary code by exploiting the Snort service via crafted SMB traffic. The vulnerability is due to a boundary error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests, which may result a stack-based buffer overflow with a specially crafted packet sent on a network that is monitored by Snort. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Any host on the Snort network may be used as the remote host. The remote host does not need to be running the SMB service for the exploit to be successful.
4831463187a96ae8a63ec6bde91a0cbca65b38578ad54e60da0525ce6c81e52a
Sagan is multi-threaded, real-time system- and event-log monitoring software, but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, it can do a number of things with that information. Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information and Log Management) system.
6c4fe7128a01c6f309bd181563c54cdf0abf2f623db78e0207f9c69176b15858
Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4