cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.
a7bed8adf2ecf6e23ed3f5339c1e7c15686d07059931a0cf2de3c60290e434f8Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
df0245181057603a8dc37c937816adecbd8468cc2531d7431525df8205995d92Zero Day Initiative Advisory 11-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite r12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RegenerateReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the RegenerateReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
9604c9d1dba521a52fec22695da4ef25091e8b8ac4dd8e7c7d4451edd336a30cZero Day Initiative Advisory 11-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReports stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReports stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
63e6487bc5e04f7f5fb3b9d735fe4a94a20ce08835b90f30d5200a28f74fa88eNEdit version 5.5 suffers from a format string vulnerability.
d8284e0cdee8b2f00cd71de61fc4d9da502bf41c1e1e588109e5c736af2dd4d5Zero Day Initiative Advisory 11-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteReportLayout stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteReportLayout stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
142dc870b1e27809cf5462bfb9c020f9b964670c2aa95a15de96b5c4fb38a774phpAlbum.net version 0.4.1-14_fix06 suffers from cross site request forgery, cross site scripting, and remote command execution vulnerabilities.
d3b3b2fe24c513488e371d057b26f458e7b0f4c91bfcc64d6293c28262d7bbbbHP Security Bulletin HPSBMA02652 SSRT100432 3 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in information disclosure. Revision 3 of this advisory.
2ed6982ddc7b1d8a69aec3fc693b4cf578266cf128028c21fcf97329f26ba511Help and Manual Professional Edition version 5.5.1 ijl15.dll DLL hijacking exploit.
ed443b5344c664ad0b6e377f3582578ad1f8a8c439eea4320164fd0a63b67c77Qianbo Enterprise Web Site Management System suffers from a cross site scripting vulnerability.
fbc64b22694c7ebc103fd98b1868964de106988978c151a96860e9e81840f953Google Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.
524a9eb3d4e911250194aabce955b783780df355774c38057c3c3e9cd7a7d944Zero Day Initiative Advisory 11-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NonAssignedUserList stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the NonAssignedUserList stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
c8588b14f2af9ae6351222e30cea70f2eabb552c5d74b4a76ef031ab0e46d0b7CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server.
9697f3a718cfbc9df64ba14c7c65ce50a6f140e9f9064d6822691eb7e5a4adccCYBSEC Security Advisory - A cross site scripting vulnerability was found in Blackberry WebDektop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered if a logged-in user follows a specially crafted link, executing malicious Javascript code on the user's browser.
425100c93bdabb1ce32e4448daf3a93ed9596972d3ee05c2e2f14c674f1aeeacEZ-Shop version 1.02 suffers from a remote SQL injection vulnerability.
83f97db3a90cce74a879bcd39d3d63097da8549f56aba09ae5f3a6948b2c3fcaZero Day Initiative Advisory 11-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite Unified Network Control Management Console. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeleteFilter stored procedure, accessed via the MainApplication.html console. The Unified Network Control Management Console listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the DeleteFilter stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
d01e6cf4fc6bdb05a9814da878a530840c02bb2c5cb63953ab07a0633c7b9416MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.
0e3e5240220bc86a2ebbd53af919f5eb300431e7d92522bea43cb28a37d3570ePRE-CERT Security Advisory - The Linux kernel contains a vulnerability that may lead to a denial-of-service due to corrupted partition tables on storage devices. The kernel automatically evaluates partition tables of storage devices. This happens independently of whether any auto-mounting is enabled or not. The code for evaluating EFI GUID partition tables contains a buffer overflow bug that allows to cause kernel oops resulting in a denial of service.
c706d8f1111e5e6772c99b27b909ea43d70a53491a02c722e6e124b5baa947ebZero Day Initiative Advisory 11-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnassignAdminRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
0ec175efc79d75101fcc9188b8620d95bc4b3627a90310bc64e0d7834862b9d4HP Security Bulletin HPSBMA02643 SSRT100416 2 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi). One vulnerability could be exploited by a local user to gain unauthorized access to files. The other vulnerability could result in remote cross site scripting (XSS). Revision 2 of this advisory.
17dc50058509e2b3ffc2a464fa1d1660fc359f8cd06cfb9692e0d581c4d302b0HP Security Bulletin HPSBUX02642 SSRT100415 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 1 of this advisory.
c0680af27c9227db9da778bd256e51adbfc9635796e940324823d9a8c1b9b4cbThis is a blog entry from Matt at WordPress.com noting that they suffered from a break-in to multiple servers.
d00d0f5623b0d6b2c4c9dc552b2abc86c3bb5ac713f0ea32c14c2d8e60f84b1bThe Uploadform ASP script suffers from a shell upload vulnerability.
c6100abc466fd1cb381d3b6023c361123c63e39eefc32312bc6c6fd0a12e68ffTimThumb versions 1.24 and below suffer from cross site scripting, denial of service, path disclosure, and abuse of functionality vulnerabilities.
c73e2b9a8df7da1c3a2dfe95fb62d16f4824514350f34bc2be9a17f9afe38165Zero Day Initiative Advisory 11-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UnAssignFunctionalRoles stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, it is possible for a remote, un-authenticated user to inject arbitrary SQL commands in the SOAP request which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
d6e71067fdc7623aa9dc1e33e254f51ef48f0e2c1afe154361941ac748d11199
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed