Secunia Research has discovered a vulnerability in HP SiteScope, which can be exploited by malicious people to conduct script insertion attacks. The SiteScope server performs agent-less monitoring of the IT infrastructure and can be configured to receive SNMP traps from devices. The status of the SNMP monitor and the content of received SNMP trap messages can be viewed in the web interface. The received SNMP messages are rendered in the context of the management interface with no filtering or sanitizing. This can be exploited to execute arbitrary HTML and script code in a user's browser session when viewing the information. HP SiteScope 9.0 build 911 is affected.
58b64bebe88c7d9ecc454e7c44918ddfccddbea43ef2062b4fc396569b32d5d0The way that FireGPG handles the user's passphrase and decrypted clear-text is not secure and may result in the compromise of secure communication or a user's private key. All versions up to 0.6 are vulnerable.
239f3dce0b1ce7a509db57be9343323b2b6bb6e3a2481b6c02bd2fa7453507c2Whitepaper entitled Detecting and Exploiting Vulnerabilities in ActiveX Controls. Written in Farsi.
a55486b2ef8323dff122d471481f484a8d72623c271a349cd0b318f55b96ca82e107 versions 0.7.13 and below blind SQL injection exploit that makes use of usersettings.php.
91d59e5953dbda1d47051d52fa34775268aea3cd3c9e777e0a658d88356b363fVivvo CMS versions 3.4 and below remote file inclusion and multiple SQL injection destroyer exploit.
7f9103bff4f1b432f3f562d7bed2191f08191d8b4fc2ced7bca0b212870ffbd2yappa-ng versions 2.3.3-beta0 and below suffer from a local file inclusion vulnerability.
6e1a955f1e80775a29ffbbe17d8f7a3ea4eedad65539bd1e2a9a972955c4333bFast Click SQL version 1.1.7 Lite suffers from a remote file inclusion vulnerability in init.php.
628dd1e8eb291bb5da4bf4508b7502541485abe58801366660d94042b2889d51Dart Communications PowerTCP FTP module remote buffer overflow exploit.
a8f30619e45ed77a4e1ba804579b586fc63fdec41d37222e7edbcbaf695b3e0eSolaris 9 UltraSPARC sadmind remote root exploit.
17da15a62198e84d12408134e9626bdb2f2cdd5077fae263ebfa63a7bbaab5b6cpCommerce suffers from a cross site scripting vulnerability in search.php.
ef9b5836653513efb4328f89b13fbc77287f7433d230eaecebabf6eae85bc911PeopleTools version 8.49 suffers from a brute forcing vulnerability that bypasses the account lock-out mechanism.
1794832b45dbd92fd22d7dfa4a7894a3017ca74fc0a57e60ed4181884fae20edOracle versions 8i, 9i, 10g Release 1, and 10g Release 2 suffer from an unauthenticated proxy vulnerability.
ec3cad539a775dde2997a1297f85c3d7574fae33267cd0c9794bbc00b97b00dbMandriva Linux Security Advisory - pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. The fix for CVE-2008-3970 uncovered crashes in the code handling the 'allow', 'deny', and 'require' options in pam_mount-0.33, released for Mandriva Linux 2008 Spring. Also, the verification of the allowed mount options ('allow' configuration directive) was inverted in pam_mount-0.33. This update fixes these issues.
b435f6c8b6acf0291cce622d3d8674d7f5ac6833f7f5e609ae2bd0706a775bf1Secunia Security Advisory - A vulnerability has been discovered in RealVNC VNC Viewer, which can potentially be exploited by malicious people to compromise a user's system.
719eeb9bf2897333f65a02ec263225fcae349d1568c3dcc0d7783dcb23b5ace7Secunia Security Advisory - A vulnerability has been reported in Vivvo CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
e12512176d43b52fa7f9a8b65c86cc3d2de927461884bfec591adcfc37fc343aSecunia Security Advisory - Vrs-hCk has discovered a vulnerability in yappa-ng, which can be exploited by malicious people to disclose sensitive information.
12adef2c23349fc19c2f4e7d893594feeb5512ef5b3f44b6024f396e98dd39ad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed