www.microsoft.com suffers from a cross site scripting vulnerability.
1ee63e162b6d85810a941910498b15b4fd101ff6d675e0d4b36d5da229ebd7cf
Many different AntiVirus products suffer from various file-parsing evasion vulnerabilities. Some of the affected pieces of software include AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, and Panda 10.0.
193275575de0eac59e8a98740fa704a8e2265457fd5a44adfa2b9f9c7719d0d6
Greenpeace.fr suffers from a cross site scripting vulnerability.
64387ee3a4245d257438c11a4faf085f75bb527fa822dc980bea98fcd1212af9
ManageEngine Device Expert version 5.6 suffers from a Java Server ScheduleResultViewer servlet unauthenticated remote directory traversal vulnerability.
ac9ce0ef47d738091d599b3ea17bfa50dae411a0fcf3d690ac1f2757cfe3424d
Red Hat Security Advisory 2012-0397-01 - The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue.
0036797987fe157b69b95604a2713b21fc1006dc352d46cb79b8d8274bba60f4
Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.
145fc959fbc7cc8bfb9b7e7eccef6c448ffafe94e95ffa18be3f080b0c3cbf48
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
42173590795645e2f9e4219d77b6699b9a6ca4563946c65ff2773b7d9c831693
This is a whitepaper called Pentest: Information Gathering. Written in Spanish.
0a120fb44dd61a5a363336664fa11eb9a02a30c416dd768a578b7a9619ceca1f
LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote code execution vulnerability.
fe7e3841d8266a0bdf777c01b95935543a5458d8b05813ac7e4e79d579cbd473
Deathcore XP suffers from a remote SQL injection vulnerability.
6c9a1fcfd3817388fb23ededdfce0e39336e6bf5c9d451903ab88a156326f9b5
LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.
4673c5fc0a1d5af35f49f2fe5b245398727d8205e95e7aa7d94b7620983fabbc
HP Security Bulletin HPSBPI02728 SSRT100692 5 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 5 of this advisory.
34fc17a3a00efdd16c2e510fe459251c21d59b231555ad0e979a5da926ca663a
Excode suffers from a remote SQL injection vulnerability.
437e672427e6b5d046811237c35d3d8d96b61dcfcd71174c8267a0fdd0ff9eac
2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll.
27227020ccb5074c6aa97e3a7d52d21c14c048d281d198b91a577d394154d6b4
2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll.
0ec15ada5f97ed20cc44237301fcfa9df7cde6ef19772eacaebffed8822def0e
FastWeb2 suffers from a remote SQL injection vulnerability.
320fff2e23664df026d453f52e61e3b6739feb6442e1a5f686b817a2cb0a5149
RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.
766d4e2a21af4ed52778ae2efdfcd577ce82c1423642cde3c2a93b082e130048
at32 Reverse Proxy version 1.060.310 suffers from multiple HTTP header field denial of service vulnerabilities.
19613ca01eb9c3f61b2d576a3e623d93091cc41f733468f29135ad17c1b2a6c5
Zinf Audio Player version 2.2.1 buffer overflow exploit that creates a malicious .m3u file. Written in Python.
11b1158d362d3ed7220cb1f2adddb884b77cb7432f1a548de83db67295c50025
RelativeLink.sh in Tor browser bundle has a small typo causing debug mode to be always turned on. This, in turn, may log sensitive information like domain names.
680afc2e40e9f3b6fa62bc22f0230dda07dde9e92e158703ce7e8e80e0ee53c2
Debian Linux Security Advisory 2436-1 - It was discovered that the Apache FCGID module, a FastCGI implementation, did not properly enforce the FcgidMaxProcessesPerClass resource limit, rendering this control ineffective and potentially allowing a virtual host to consume excessive resources.
7d0ce122aab6b55983ad9b309da39537a16589ba657d163e326d34fa4f7c8abf
Ubuntu Security Notice 1401-1 - It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues were also addressed.
72dd23ef0655b7dc1ad658c36b42d88462bc63744bcfe1aa8b0aa2db6ebbcf36
Hermesconcept suffers from a remote SQL injection vulnerability.
ccd77a9614e7ea111defefe21feb70cfa57699be8ea7303800af74bde6b7c74e
Jeux Fille suffers from a remote SQL injection vulnerability.
c9a77620eee1bfd49d1eee5974d96696702d68f90a0c67f3b077dcb7959f1feb
PCL suffers from a remote SQL injection vulnerability.
49be1fd963616368b15e313ff0f0af642c26583734429dd31a333f74e7f62d8e