Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.
108f782397bed85614bca238459238a301e0edba19302d2e8b7e2dd06ffa54e0Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
5fa18dee8a23f4dd9c3d4620b0383abf2aae10dfa345dc72de5c79a3b0194145Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to cause a DoS.
aaca5db8313ec7c969af6bcc33c016aa9b9dabfeca0b23a26322ed296e66bb84Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
e2dc95897ae830a032c9f444639c769c881553b49bb92e1a75bc7872f4ada857Secunia Security Advisory - Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
0b945c898d41127e6452e0f0eb1fb1c9a47caef4c089890d5b1af5d1308a25faDebian Linux Security Advisory 2339-1 - This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority.
17ceb4d0d27958d7c1219f07d766ebb9d2a0826f55687a1845ec046371292e0aZero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
dcedd1f5279bffe71ebb152a88eb1b63bd0865f88191f86b8f3a11151ef3fbffZero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
e6eddd47fde61c73171a1ff9441f02b3a3b7138176b3ee3341926af2f8e1a4d811in1 CMS version 1.0.1 suffers from a CRLF injection vulnerability in do.php.
f955da4bcc0d2a2181fafefc2785bbcf833286c9799a1b16d67159fc577d0490The Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.
8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6dfZero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
b753b691cd1b19ea83db5b584c5ac867c8bd729ca136c92caeaff9f8f00df1bfstrongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
a602d73869f6d31e7e39021d3ac0b4d659de65348c0b42292785a6497ce28edcStunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
d12d3d92de6801d03d0dd0bd9b58d169489120f7770e5ac648165b8f34080b14XCA is an interface for managing RSA and DSA keys, certificates, certificate signing requests, revocation lists and templates. It uses the OpenSSL and Qt4 libraries. Certificates and requests can be created and signed and many x509v3 extensions can be added. XCA supports multiple root and intermediate Certificate authorities. The CAs can be used to create CRLs and extend certificates. The following file-formats are supported: PEM, DER, PKCS#7, PKCS#8, PKCS#10, PKCS#12, and SPKAC.
e5562d9af4e03e5e730a85a9ca4eb80386288f18f84de24bb9ff0dfcc7110cbchaveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
0430cbeffd0dea31dbe300f7b88c532a2d046e336c7d0ce5e1ef84858179595bZero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
a611921b0513771a9fdffc7fbbcae2b2d851adf225a777e615d2e31f0d6ce680Saints Row suffers from a persistent cross site scripting vulnerability.
d27711aad2dbe6c2769dcc664cbd043dff170e143ebee0fa872c294fbfffc8ccZero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
76bbeb241f7d9a97571c3c8254a8ec18e70281fa8a97e1f0917cd03c13a434b0Hotfm.com.my suffers from a cross site scripting vulnerability.
1ff5c6757a580f641bd1f69910260003a1aeff414dbfd0c1ae2e2bf357f7d6c3ARCS Solutions suffers from a remote SQL injection vulnerability.
5fadd5c1f4fd932c1ecbf5128df77baf0294e6206386fb96f3c493439c8d7b58PBCSTechnology suffers from a remote SQL injection vulnerability in articlenav.php.
f53703310acbd7faf9bbc718b93d264ace027fd75e7c6cb382fd44ac1b853f20Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
6a74ac0937627315840074635634fc8916adb3f1765ec2c6c4f7a632a54c4f61Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.
6bcd7459335c9a7f66cc29ce7e4dc243db4ff465bd47ad13d99aba40151ce33cDebian Linux Security Advisory 2338-1 - Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning.
d1a38c8c610f5989c5daf1016596ede2b2c096ec660b728073b0146832b7074aZero Day Initiative Advisory 11-319 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within \Program Files\Common Files\InstallShield\ISGrid2.dll. If the bstrReplaceText parameter exceeds its statically-allocated length then a buffer overflow will occur. This can be exploited to execute arbitrary code on the system in the context of the user running the browser.
3eacac84513b91a50fb4fc056becf5fa6d034716f1cc6215002d8ad0fd4f0d3f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed