Zero Day Initiative Advisory 09-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Operations Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a hidden account present within the Tomcat users XML file. Using this account a malicious user can access the org.apache.catalina.manager.HTMLManagerServlet class. This is defined within the catalina-manager.jar file installed with the product. This servlet allows a remote user to upload a file via a POST request to /manager/html/upload. If an attacker uploads malicious content it can then be accessed and executed on the server which leads to arbitrary code execution under the context of the SYSTEM user.
f75bee3a0ef69790466f2dcfe8532a1ba92d356f316bf6d636784b35d8a50973Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
4d511b4cceb539b683428bda6f2fcee10dbbd4c63a174eb2d14bbaa79ceb2613VMware Security Advisory - VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. And by multiple, VMware means 93 issues. And by issues, VMware means vulnerabilities.
101173f9f91a1f7594cf27ac8b0a52a7e9ab1d79d792e24aa5854aaa771f163dHP Security Bulletin - A potential security vulnerability has been identified with HP Operations Manager for Windows. The vulnerability could be exploited remotely to gain unauthorized access.
e7ff7ea3b271887cdcbfd5b312dce78fc4d17ab51782377395d5bc855481bf72Betsy CMS versions 3.5 and below suffer from a local file inclusion vulnerability.
41542e3783234685da0bf139cebeb00029024c285c6a78ccdd9b651bb10e1318PHP versions prior to 5.3.1 suffer from a remote denial of service condition due to server exhaustion from the creation of too many temporary files.
316de2b8351b813911bb798a12385bf727ba0def864f5b86a8833e05717d7eccSecunia Security Advisory - A vulnerability has been reported in Cisco VPN Client, which can be exploited by malicious, local users to cause a DoS (Denial of Serivce).
09f9e2d062846c6536acb911726e1d8e06b89b2a5449caeeab0b05552e58e6bbSecunia Security Advisory - Multiple vulnerabilities have been reported in PHP, some of which have unknown impact and others that can be exploited by malicious users to bypass certain security restrictions.
e357a2359a694f36bc0c9a7b8003c7bd0b5cdd2d4803e712bf0da0b8890a5e01Secunia Security Advisory - A vulnerability has been reported in the PEAR Mail package, which can be exploited by malicious people to bypass certain security restrictions.
4e07f95f5edbbaf566dcda17ffc795a1338511073eab2647c883f9bb24c4c4e1Secunia Security Advisory - SUSE has issued an update for java-1_6_0-sun. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system.
a9a1364be50bec3b6783e050bcdccedf36bf8d929d9d9323dad1b23c8f33cd65Secunia Security Advisory - A vulnerability has been discovered in Opera, which can be exploited by malicious people to potentially compromise a user's system.
37ea0550b1b4eed9ddc9d7a5cfc397cefb375986b0bc14a3a290d3b639c3533aSecunia Security Advisory - Some vulnerabilities have been reported in IBM Rational products, which can be exploited by malicious people to conduct cross-site scripting attacks.
3abf66d300d198abda90e90593f4e5ded19a45e81d233ada32de7988c925eb49Secunia Security Advisory - A vulnerability has been reported in KDE, which can be exploited by malicious people to potentially compromise a user's system.
55986d762e254d0273fc8345de0704d6df789f070d43213282953f4613cb5139Secunia Security Advisory - A vulnerability has been reported in HP Operations Manager, which can be exploited by malicious people to bypass certain security restrictions.
d4ddc5de5e278f80d0e9ae6e80cf3da5914801ee346553b5f9e9dbf52a42d6b6Secunia Security Advisory - A security issue has been reported in Dovecot, which can be exploited by malicious, local user to gain escalated privileges.
ada530a14523fe8e6c0b869280373cd9ba819248e7d44384fe8df29bce0ae82dKDE KDELibs version 4.3.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
6f52b93fb01923395e9e086f5499f4f495580fa36af7131b1bed3d92eb179b44Opera version 10.01 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
a37b1ab07f2eb1b10acb2a9937e5b99e96db9296d51a29455557a8d718666d22K-Meleon version 1.5.3 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
4f99f451546f29e0f79ecb622261bf75af36cf92b6e4376642a36de97a3e3327SeaMonkey version 1.1.8 suffers from a remote array overrun vulnerability that allows for arbitrary code execution.
2aa2eab42892d1c8cf5768b431d3c784578d3ee3b77c8e0e16d5a0e45da5403fCisco VPN Client 0day integer overflow denial of service proof of concept code.
142bea9a4f77b4e9264718284df5e0a2a9694680c035f320894fc7e1f5fcd792HP Security Bulletin - A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS).
2ca872e8783c444b03bc95b7b99e7a801b0e5295009dfc0c6675d88324faf42f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed