ManageEngine ADManager Plus version 5.2 suffers from multiple cross site scripting vulnerabilities.
b0a7776712965ad82934634aa82214e128b7fb5bd571425c4a5e24d1a8a04ad8Batavi version 1.1.2 suffers from a remote SQL injection vulnerability.
6fc8dda996f6e7a4e9f86390ea2fa22440cde5c58ca16e649410cff0a2c7a070Cyberoam Central Console version 2.00.2 suffers from a local file inclusion vulnerability.
798532758c34efcb716d938503b9354d184cae1ce0f92afa168ccf808c277e1aFacebook Profile Sticker suffers from a remote SQL injection vulnerability.
c01092422153f916a3b4a6552e6cd4b22b1bb013498bd837b118f413eba4384eHP Security Bulletin HPSBMU02736 SSRT100699 2 - Potential security vulnerabilities have been identified with HP Business Availability Center (BAC) and Business Service Management (BSM). The vulnerabilities could be remotely exploited to allow unauthorized access to sensitive information. Revision 2 of this advisory.
bb415e5d34619cbb9448e6fc9bebdc5c819176f95792e0720ac41b2baf84cd64Dinama SMS Service suffers from a cross site scripting vulnerability.
2a4f4c56013fee403231978baf32de582cbf2d74a8dc44d3a1c04a75c0cae667eFronts Community++ version 3.6.10 suffers from a cross site scripting vulnerability.
8ef660b9da8e37a6d668e71f29eb76cc7348fa44c0a3f15b9754e19642fd9ce1VolksBank Online Banking suffers from cross site scripting, open redirection and input validation vulnerabilities.
a96b0a40c41ccb9f1f48d5cfcdc2a59332874abcab438eb3a287bcc9f43991fdSimpleGroupware version 0.742 suffers from a cross site scripting vulnerability.
da8c237855bb436d3a75486eaa1d4091bc3709e59dffbf2f047bbdf437251048Apache CXF versions 2.4.5 and 2.5.1 fail to validate a WS-Security UsernameToken received as part of the security header of a SOAP request against a WS-SP UsernameToken policy.
b292e2def6610f71ed845303fc918ae45534205d8f616f67a68c79fe20ca97baThis is a compact fake pop3 daemon that logs password attacks.
6606163274f3cfc9bf7e8b5a1201ab59ffdc8e9baedab41009ce14200a0d62a3This is an newsletter that discusses information related to Capture The Flag that will be held at DEF CON 20 this year.
ae4ac34dbc347466ae0fed2bc2c7c50f2afe22240b5f39b8991a0c36dc37c044Debian Linux Security Advisory 2403-2 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
0a43317dba937253385b54d3b26aa2f4ebcd6897c1a37b0fba9b5f3f67463d3cUbuntu Security Notice 1356-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. Various other issues were also addressed.
273765a9dc6a271d3102ed83aa47f5dcfd7f9c56f6f7a215a553292598ed7c31afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
067e9fd3a6de7bcf39a64c3ea4e28159c8a11605e0f19179116cbaf0b785167eThe Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
48b1ad0f0b8e17c97223e2272e12cd11873d14beb0aabe0425706a6b4379c4c5Three proof of concept exploits that demonstrate denial of service vulnerabilities in Typsoft FTP server version 1.10.
39c99d47531eaa98f86c5e8df806c2b5a81af47e943510211088a1d4b5c0b518Flyspray version 0.9.9.6 suffers from a cross site request forgery vulnerability.
6bb9446d5ee83df46c0389cbc2edccf6f84e48744673788fb46e170bec39b3ebAnanta Gazelle CMS suffers from an update statement remote SQL injection vulnerability.
294e9941e6d46b62cc1e27e608f4bdb8c963b5dfb5043917c560640e4397840fPS Design Web Site suffers from a remote SQL injection vulnerability.
f3f39c6f67410fd9b86345ae06beafbf6ddd171613974bd8c1042efa8ecca8a1Axiatel.com suffers from a cross site scripting vulnerability.
04c8384ba86d52ccca8aaf46585b564cfc8a2659d80e5ee8ed3190cd41a703fbSecunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, by malicious, local users in a guest virtual machine to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
21fbc905bd79a4e601a1ba2fa1b0e907a6b7dac71ac15b0f513fccc25cb76503Secunia Security Advisory - SUSE has issued an update for tomcat6. This fixes multiple weaknesses and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
0101309c5bc1b5ba8e155ef2a716c557cbd996ac2bfdfde28a84f3d464693794Secunia Security Advisory - A vulnerability has been discovered in Snort Report, which can be exploited by malicious people to disclose potentially sensitive information.
02d2265b061755acafdc404dc5df75626bc2ae70dc753e0529104e2fce916e19Secunia Security Advisory - A vulnerability has been discovered in Tube Ace, which can be exploited by malicious people to conduct SQL injection attacks.
c8fda48a7353ea59a174c87b3fae62cf8dfb2794eca405bf88fbcdebf42da219
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed