Online Banquet Booking System version 1.0 suffers from a cross site request forgery vulnerability.
242e1ac878946f2c1079108497cb89ce8c04972924dd3446288bd6725374a38b
Secunia Security Advisory - Some vulnerabilities have been reported in GIMP, which can be exploited by malicious people to compromise a user's system.
1f1316645df5df97210bf9e034d33467b589eb48f5f02f67b1c02dc2bd26ca62
Secunia Security Advisory - Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.
1b96f725cd09e98614ef2fed1a60e7ca3ccba63efe4b7157ef2246e75849b23d
Secunia Security Advisory - A vulnerability has been reported in McAfee SmartFilter Administration, which can be exploited by malicious people to compromise a vulnerable system.
a703b1a95357d6c56e78153fecfe2423f047d759e2a36648b9be443b22464153
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6cefeb9d53564ddd95662c3efb212b82978bad23acf898881484202536c67aa9
Zero Day Initiative Advisory 12-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.
6b5f97b1c544b37daf25f97b0b52fcbb7493e4537b578d0236271819a3ac573e
Zero Day Initiative Advisory 12-141 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within Microsoft .NET XAML Browser Application (XBAP) handling of Clipboard object data. It is possible to cause unsafe memory access within System.Windows.Forms.Clipboard, allowing an attacker to control the memory used by an object's native code. This unsafe access allows for control of a function pointer, which can be exploited to remotely execute code. In the case of Internet Explorer, execution of attacker code occurs outside of the Protected Mode sandbox.
8a9c280b793fd5689ee6d1eab372451da1a6ddfa522f51fffe5b3eeaf469a90f
Zero Day Initiative Advisory 12-140 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee SmartFilter Administration Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Method Invocation (RMI) component which is exposed by SFAdminSrv.exe process. This process exposes various RMI services to TCP ports 4444 (JBoss RMI HTTPInvoker), 1098 (rmiactivation), 1099 (rmiregistry). Requests to these services are not authenticated and can be used to instantiate arbitrary classes or to upload and execute arbitrary archives. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
6d44dbf9f816ae47b69459fc6a3ae55af8b47454af0c493a2b31bcdd640effcb
Zero Day Initiative Advisory 12-139 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The flaw exists within the ebus-3-3-2-7.dll component which is used by the crystalras.exe service. This process listens on a random TCP port. When unmarshalling GIOP ORB encapsulated data the process invokes a memcpy constrained by a user controlled value. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
b5cd95c093a6d7c698cda8f5b0501a67a51fa6615c044079dd187f2f91b82aa0
There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.
6bb8abc35df548c551fcf9ff102ee8db444b1e273993fe8a725e91885c36da04
Mandriva Linux Security Advisory 2012-135 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
ed1f626a9ec66091da1ced33f9dcf94853900a07685bff02a384520cb736cdfc
Mandriva Linux Security Advisory 2012-134 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
e7a2ce0735205d049fc69106cd58cf7bc1f4cbae6e55ed2fc256e52ad05d4759
Some system directories on the Samsung Galaxy S2 for Sprint-US (Epic 4G Touch) are world-writable and allow for information disclosure, modification, and may lead to local root compromise of the device.
9f06ef12f388247b4f5396e78958861f0d2d299cd6eda363dcfb33d724706997
Secunia Security Advisory - Two vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
5f6689ccbd14a11663edb78085fd876cc43a1e16c7541f749a3e943476d61261
Secunia Security Advisory - Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
a8da39ec795d458b751baf8f596c08c5b8787657117a6a3448e652865893bd96
Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
4a0a1b4903894469bff498da1a1de032a7ea6158e3482a326613ddf0ff53b8a1
Secunia Security Advisory - Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
50783ebab1cb45ed05a070b36da381fc543a4816f9bb5d478a3c15d4709f658f
Secunia Security Advisory - SUSE has issued an update for chromium and v8. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
e70dc3c6cc08a72002560df72da99fdc06ff124863fbd4ef3398adf7d7e15630
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
e49512d4b1183a2b7f7d1e89472e2bc893629bbfad4358cdbeb4e99198996262
Secunia Security Advisory - Multiple vulnerabilities have been reported in Performance Co-Pilot, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
958e27438a16ed8a1d50ff43fd51ed396f51b0c01c95c9f5d128ce2a04075c45
Secunia Security Advisory - A vulnerability has been reported in IBM Hardware Management Console (HMC) and IBM Systems Director Management Console (SDMC), which can be exploited by malicious, local users to gain escalated privileges.
ad291daf2f590e8e133fc0ae3133eb5a7bee2aea4dfa2c0a92ce907b62295500
Secunia Security Advisory - Debian has issued an update for icedove. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.
5ec1c68c93f00219e1f1b2bbd9542b170fa1d6f461e06858784b810db2c1c9c9
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system.
c54216312e8a1c614c987aa7867e162c73407e99718aaab381cde6c9f03c31ed
Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP-4G and RSP-8G), Route Switch Processor 440 (RSP440), and Cisco Carrier Routing System (CRS) Performance Route Processor (PRP). The vulnerability is a result of improper handling of crafted packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Cisco has released free software updates that address this vulnerability.
bc07f2e416a80379a131e30d960f750f093f1907368c5841670468346b98ce8e
This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
13ee2928c651d3a5639e180e5f2cafa4d077977aeeeb2da9a34de919ec969a8e
Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
64a709b58b6ee61639d0b91751fa1370fb95af75e8e2c731bae64a2534aa2be5