Cisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
6b27a6d0350503c5eb2d868879d677892bb126cfaeb81bd45854c169f2040d76iCloudCenter JobSite PHP Script version 1.1 suffers from a remote SQL injection vulnerability. The author of this software claims this only affects the demo version.
b509650023b641912535c258e64650b697b206ea7fc1b25224162e1970514f73HT Editor versions 2.0.18 and below file opening stack overflow exploit.
606c05d66ce0b264b537d3064e14cdd8c31c5369f64587f21351ba4018f04a4fAndy's PHP Knowledgebase version 0.95.2 suffers from a remote SQL injection vulnerability.
ef98675a17d9e48efecc788efee692612e97e35a67ea1472dbd238994394fa08Debian Linux Security Advisory 2208-1 - It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer (IXFR). Such an update while processing a query could result in deadlock and denial of service.
8e452dea246304cace57360967f3dd35c2135af4917dc90c3899c242b7d570fdPHPBoost version 3.0 suffers from a remote backup download vulnerability.
ef1574e2e3c50a6b9c92f75f53d0b32ddd0539433aaa7cc5f36a70142127fb52Cisco Security Advisory - Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network. Cisco has released free software updates that address this vulnerability.
268896624ef8d94224345a2976b3904c9920e2396783d1d556ab4bccf7dc55e9A vulnerability exists in EMC Replication Manager which is embedded in NetWorker Module for Microsoft Applications (NMM). The vulnerability may allow arbitrary code execution on vulnerable installations of the product. Versions affected include EMC NetWorker Module for Microsoft Applications 2.1.x / 2.2.x.
0bf8111e108fe2a222a6dfcc4cca63a04d783a161a247e687ec31c6cc9b95587This is a brief whitepaper called Faster Blind MySQL Injection Using Bit Shifting.
0b29a9d07c2c7fc32795bd6b3d988ecd3c3db65a90e7ddf57718b11ea059557fPligg CMS version 1.1.3 suffers from multiple vulnerabilities including access bypass and privilege escalation.
c1af8e08548aacff946f9da3d38e8b81d5f8417db51630d93356e356eff7aadeGOM Player version 2.1.28.5039 .avi file denial of service proof of concept exploit.
a65170b17064f05b9668b27442d562f008b2845f955722fe8ce92128181272b7Windows Explorer version 6.0.2900.5512 Shmedia.dll denial of service proof of concept exploit.
a1d2fba0f7f0303c28217474ca8647a21575b64ab79d031f04bb705463ed5902Winamp version 5.61 .avi file denial of service proof of concept exploit.
d7eded42258ccb7867ed395d6417cc61e79d5258f8a9c0196eae0fa65812e8baMedia Player Classic Home Cinema version 1.5.0.2827 .avi file denial of service proof of concept exploit.
4a8479701be1e39559db199ef5f1049c2f021a8e5944e204666ddd282d0636c1Zend Java Bridge version 3.1 remote code execution exploit that takes advantage of a specific flaw in the javamw.jar service.
5b230d5d0d8b69815ef55baf27ebfe72e28fd2c2e03ebc062420fdb5fcd6d19eYaCOMAS version 0.3.6 suffers from information disclosure and cross site scripting vulnerabilities.
710e28c10c2296f4c8a8b857c4cd66e7933b6428b3716d8ed856057f91b589daCosmoQuest suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cdb6b3dfcff09aa7e0f16347c50028ee2aabac05697ca7308b35e034551842a8Bigace version 2.7.5 suffers from an arbitrary file upload vulnerability.
57a9cc07f24f285760467f7c127d2f846400654d5aef4c21e1d8634352d61a17IrIran Shopping Script suffers from a remote SQL injection vulnerability.
bfa74863454352adb2efaeae6ae22c92436deb4c31e69a0b6fafb19fc870fde1Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
fac3e4e9a7358940293fb0676f4ff1496e7c05c74c2dfe05897988d1447c3676Minveli suffers from multiple remote SQL injection vulnerabilities in index_1.php and inner.php.
41b1fe03950607d6b855375dc7a529904bbbb4d5102bf7794b4dc805ce5dcb92Mandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.
ace7fafa9471fca6031d43a03d644b937b041bcea223a3fb3b08278136c49d2eMandriva Linux Security Advisory 2011-055 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field.
8591f032eba2c88f1210d71b7a0f3e560b564e03862df761b4a2e8e43b8e0cdbGrapecity DataDynamics Report Library versions 1.6.1871.61 and below suffer from a cross site scripting vulnerability.
a22a8c2b6b70131ce3b4225ba88dc0ab77792b84394c64a663c7b4b21c85a45bVMware Security Advisory 2011-0006 - The VMware vmrun utility is susceptible to a local privilege escalation in non-standard configurations.
069d709991feb1e78d30ec92cec7f28dd116782787338066a58527dd30e9ea96
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed