HP Security Bulletin HPSBMU02712 SSRT100649 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server. Revision 1 of this advisory.
1f7ca5a0ae58a0027c35ec9e374f938ee845b96cf1e71c8adc37d2ab6740c547The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
eb5b5217e2b643bfb0ab1be7a52fe6d7c9ec87512e821b9d6da3c54b7ae5e770Adobe's website suffers from a persistent cross site scripting vulnerability.
a15e31e441f46bf0f587e8ef98a6abd95fb8ad45240f72445ae18c71de864ae7The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.
4adf33603b356ff3b73d86dd885c7fef8b16304d70e5775f89788b5d0609f5d3Oracle Hyperion Financial Management suffers from a code execution vulnerability in the TList6 active-x control.
a59b5e3567a781774f959f2ec3772f48798978127e2d4cbe4bbc80b6256ae281Mandriva Linux Security Advisory 2011-162 - KDE KSSL in kdelibs does not properly handle a NUL character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. The updated packages have been patched to correct these issues.
0b381d0e6a6306be9feffb69a83c5e196277a065e827c68c9a869e6303be4f3dGentoo Linux Security Advisory 201111-1 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code and local root privilege escalation. Versions less than 15.0.874.102 are affected.
d303259343f4bc608387ad0a73a5b97a0c89d328efa5bd9344965626cc554353Brief whitepaper discussing how to trick a printer into passing LDAP or SMB credentials back to an attacker in plain text.
4c1967b52b737e8378e0591046c4fbeb02462547b019cb3d9e260b1c5939d804This short paper describes the trash attack which is effective against the majority of fully- verifiable election systems. The paper then offers a simple but counter-intuitive mitigation which can be incorporated within many such schemes to substantially reduce the effectiveness of the attack. This mitigation also offers additional benefits as it significantly improves the statistical properties of existing verifiable systems.
f3dc29a3800369867d6dbd3254907d55b91b54e054a74c5975d588767adce42eSecunia Security Advisory - Two vulnerabilities have been reported in Perl, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
0cdfb98a84e6107b0a6581d281232bd89275d8e18ba0a30f8d97d7f662ea71e5Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in NCSS 2007, which can be exploited by malicious people to compromise a user's system.
bc4052b3a46b21e077d7667e139b22d81163063f4872824553306b97570e1142Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
4b17da2cb197437b490e71cad79cc67e46f70701ca98878bab19e19993c387e5Secunia Security Advisory - Fujitsu has acknowledged two vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions.
c155b0939e8b2756322b7ff2e33be518dc96a9b0d634486571356ed0475bf9a0Secunia Security Advisory - Multiple vulnerabilities have been reported in eFront, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to bypass certain security restrictions, conduct cross-site scripting and SQL injection attacks, and compromise a vulnerable system.
f80c3c0994d239cceb395a6cdb5ac6d4818bad49fa17c8c3e9a0935975a4e08dSecunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
2b4a2492368a5cce5c69b6ff535c64ad7add587df2f25ea9c1baf11d324fcb0fSecunia Security Advisory - Mr.PaPaRoSSe has discovered a vulnerability in the Simple Balance theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
274d9adf8a0bfceb275fc8ef2410fd498ed9fcb43715c77ce8d8f9ccf17171ccSecunia Security Advisory - SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
478a309dd5479b62512d0ce2bc22dcd3ba7758af23dfa33f448a5f06f15b6982Secunia Security Advisory - Debian has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service).
fc21dab2e465f35e889f38f1a6c4f602975855e2cadfe7945165f5c4bea5c7bbSecunia Security Advisory - Debian has issued an update for tor. This fixes a security issue, which can be exploited by malicious people to disclose potentially sensitive information.
17c4cce78d049b3487987b5f6379608430ce7e71dcb6a3304134105912c69457Secunia Security Advisory - Multiple vulnerabilities have been reported in SonicWALL ViewPoint, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
bdb27c8521da7f1b68f026ee292cf9fed815a86aaa9794dc5c269a396c413137Secunia Security Advisory - SUSE has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a4c309ba8c24ef17de27c6496794d7379f8dbaad602918ea64b3edada530d7adSecunia Security Advisory - SUSE has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a4c309ba8c24ef17de27c6496794d7379f8dbaad602918ea64b3edada530d7adSecunia Security Advisory - demonalex has discovered a vulnerability in Megatops YaTFTPSvr, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
164e5b762ce8d81425193c16ad6904d59adb166ba3a852f03a93be3d76ebb414Secunia Security Advisory - A vulnerability has been reported in CSWorks, which can be exploited by malicious people to cause a DoS (Denial of Service).
15536964e10c7902ee142af82bea84d53495fde072f472b1da36bc128d03ead8Secunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
87dcbd57f51d620e49ad945e298dfd988c4cd86f32ba4351cd79dbfe641465f4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed