Cisco Security Advisory - Cisco SA 500 Series Security Appliances are affected by two vulnerabilities on their web-based management interface. An attacker must have valid credentials for an affected device to exploit one vulnerability; exploitation of the other does not require authentication. Both vulnerabilities can be exploited over the network. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
8b3960c1957150337fa342ec83e2ac3e818b1cc014f35f691270707173b6a216Cisco Security Advisory - Cisco 9000 Series Aggregation Services Routers (ASR) running Cisco IOS XR Software version 4.1.0 contain a vulnerability that may cause a network processor in a line card to lock up while processing an IP version 4 (IPv4) packet. As a consequence of the network processor lockup, the line card that is processing the offending packet will automatically reload. Cisco has released a free software maintenance upgrade (SMU) to address this vulnerability. There are no workarounds for this vulnerability.
87fa33ee924bcf0d8e5f8a6c407248b7e7facaaff576542c1526f34a106a7dffSynergy Software suffers from a remote SQL injection vulnerability.
cdf7d4ef5a37b49d8abeeb3a86f1f95ff203bb22de6317494fa470d85a7fe60cTechnical Cyber Security Alert 2011-201A - Oracle Database, Oracle Secure Backup, Oracle Fusion Middleware, and various other Oracle products suffer from vulnerabilities including remote execution of arbitrary code, information disclosure, and denial of service.
7c1bd1e3b5f0d9d514eee9dfcd1fbedbbcc91a1a8fc792a16611e4b45ca60fd3Zero Day Initiative Advisory 11-237 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Icihttp.exe module (CA Gateway Security for HTTP), which responds to incoming HTTP requests on port 8080. Due to a flawed copy-loop algorithm in the URL parsing routine, it is possible for a remote unauthenticated user to cause an exploitable heap corruption condition. This could result in the execution of arbitrary code under the context of the Gateway Security service.
03a726e72a0ef746644c53f5d9af301545b02f72a2a1b6bee3e85609ce19f145Infocus Web Solutions suffers from a remote SQL injection vulnerability.
d9f1a30573441b0a08214bae090c7533a6ee4d5ee848de625c3464f99ff37096Tiki Wiki CMS version 7.0 suffers from a cross site scripting vulnerability.
ec2d6bdcaf4a432a3e5516e038616a3e5f122796fa5e7f94f350407a10a545eeElitecore Cyberoam UTM suffers from a cross site scripting vulnerability. Builds prior to 10.01.0 Build 0739 are affected.
b06e6512b53ea8ea20ff4be6e0b06151a0930083acb280cb4531302feec1fb02arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
61055bf9e7c15e34f8adabebb4a9b035cb0030a3cd19b4f00df9fea483c0256fMandriva Linux Security Advisory 2011-115 - Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service via a crafted UPDATE request.
7d41f6e52999fdc1d9c78dcfcf058cdfdebae1c5f16f889d64aef16fde5a8728Ubuntu Security Notice 1171-1 - It was discovered that an SQL injection vulnerability exists in the Likewise Security Authority (lsass) local authentication provider. A local attacker could use this to gain elevated privileges.
9147ace4d770d7127fbd5320246d4ce11167381a45259e91d9121fcb911c43c4The Joomla Appointment Booking Pro component suffers from an arbitrary file reading vulnerability.
3919153d2e40600bef5a3b3385d421da5a7351ac182a07274b851a53bcbdc041HTC devices running Android versions 2.1 and 2.2 suffer from a directory traversal vulnerability in the OBEX FTP service. Full details provided.
cd9dc9bff02c9bfc1d7a54707217d4b420a7848b53831a382f95fad8326e714eJoomla! versions 1.6.5 and below suffer from a cross site scripting vulnerability.
4a02bc6a0b3a648183829132a928faa71371aae04716c35f03f753193221f26eThe Hackers 2 Hackers Conference (H2HC) 8th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 29th through the 30th, 2011.
6abf5bb679b73d1024b3c4ebfe1e31214e38626c31d3a30e526fa62a56d626d8Technical Cyber Security Alert 2011-200A - US-CERT is providing this Technical Security Alert in response to recent, well-publicized intrusions into several government and private sector computer networks. Cyber thieves, hacktivists, pranksters, nation-states, and malicious coders for hire all pose serious threats to the security of both government and private sector networks. A comprehensive security program provides the best defense against the full spectrum of threats that our computer networks face today. Network administrators and technical managers should not only follow the recommended security controls information systems outlined in NIST 800-53 but also consider the following measures. These measures include both tactical and strategic mitigations and are intended to enhance existing security programs.
4a87eb5de090dc25ebd48d8673de5aafcc291456942b65ad5f05132ed3e47288Oracle Sun GlassFish Enterprise Server version 2.1.1 suffers from a cross site scripting vulnerability. Proof of concept code included.
e852d78319b40a191a8aa9ea6c5cefd12cf9f11cf487cae2ce22d9f26df1275bFreeFloat FTP version 1.0 any non implemented command buffer overflow exploit.
ac83615e8ea562e1c12cf0b82fac72d7376e0499e575ecd08be1d32ca60d543bDow Group suffers from multiple remote SQL injection vulnerabilities in dynamic.php, news_desc.php, product.php, and solutions.php.
f3d4b978a82f3af2df87010f44ffd2ce67118b3ecf95deef66533259cd39c60aSecunia Security Advisory - A vulnerability has been reported in Likewise Open, which can be exploited by malicious people to conduct SQL injection attacks.
5125c343fccad6e2f43b62bcc05aabc5bdd736014b81e340e25757f766e166c8Secunia Security Advisory - Ubuntu has issued an update for likewise-open. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
b7e481f14aad4a85a63e429e43bf44549078020fb7afb900caf22828af2030d6Secunia Security Advisory - A vulnerability has been reported in Auto Web Toolbox, which can be exploited by malicious people to conduct SQL injection attacks.
01fbe2d1f7ee205ff8137a7e35caefced9d1d9459faed8173bc31fb078f8c9bbSecunia Security Advisory - Two vulnerabilities have been reported in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library.
1bc737cf81abf0ee2c2f02b4ab76786bcaf47a5b116373b58631a6e831eb1c48Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise Human Resource Management System (HRMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
9fe1fddbe1150ebf625ac559854483f198ed2f84e087cf40454ddaccab587ca3Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Financials and Supply Chain Management (FSCM), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
8e99fdc0ec975dbf87695b6e68875467c0781b04b391114a459b44c37019b96e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed