Cisco Security Advisory - Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store. An attacker may exploit this vulnerability by sending a special sequence of characters when prompted for the user password. The attacker would need to know a valid username stored in the LDAP external identity store to exploit this vulnerability, and the exploitation is limited to impersonate only that user. An exploit could allow the attacker to successfully authenticate to any system using TACACS+ in combination with an affected Cisco Secure ACS. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.
6b37d5f0fcb0a7ad665204627872dfe1cc01d178190b5abefa4d0e4c5dc0f7b2
Cisco Security Advisory - The Cisco Product Security Incident Response Team (PSIRT) would like to notify customers of an issue that may impact their network security posture when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.2(1)SV1(5.2) with deployments that have Cisco Virtual Security Gateway (VSG) integration. This issue will manifest itself when administrators perform an in-service software upgrade to Software Release 4.2(1)SV1(5.2) from Software Release 4.2(1)SV1(5.1a) or earlier. After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2) could cause all the virtual Ethernet ports on the Virtual Ethernet Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in No-Policy pass-through mode because a valid VSG license is not actively installed. As a result, the VEMs no longer use a configured Cisco VSG; therefore, the virtual machines (VM) are not firewalled and traffic is not inspected by the VSG.
e173bf86ec7f8fa6a6b464720bcc4ee2a42d6116b5425370d71bcba2ab7c0932
CMS Made Simple version 1.11.2 suffers from a cross site request forgery vulnerability.
56b7ba7d70e2826a7429d5920fa59759fa5a8af3573cf4be2e6001b5dd4f93f6
WordPress Cardoza Ajax Search plugin version 1.1 suffers from a remote SQL injection vulnerability.
6d06edc690468130eea58db8d0ab4a2dea23f89736468d08ea1c22e5d776891b
Invision Power Board versions 3.3.4 and below unserialize REGEX bypass exploit.
ad210687f42887baff2de52193e65980c72d969f3690120bb695a84ed8356c42
Red Hat Security Advisory 2012-1434-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code.
e12c1a7ac098b253d5904f7b8d1a5e58645a2d4e038151635e4b4d092c2364e7
Ubuntu Security Notice 1625-1 - Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.
a92fca9c17ea5986598988a1bba2a4d8928f0d51cde5e65dffe0984b58c4a3d2
Red Hat Security Advisory 2012-1431-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
74298bcda64541105929f42feb938eef94253e1da00fe43d7bf9c10b934de15d
Xivo version 1.2 suffers from an arbitrary file download vulnerability that has root level privileges.
90bc356292d4e2c8b7ec5bea519259471c2c2b2e02033c5c7c17b56a1dfa0893