Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in OrangeHRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
eb219852c3aefcdc5db063c355fbff898ceda0e80deb44275b83bd4b359a5b34Secunia Security Advisory - Two vulnerabilities have been reported in ExpressionEngine, which can be exploited by malicious people to conduct cross-site scripting attacks.
056ede08de3dc44886959e15aeceabba7608b018483061de3952f26855693840Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Netcool/Reporter, which can be exploited by malicious people to compromise a vulnerable system.
31759ac076e7a3be02e0d8c383713947484c5cd21714307f93a72b1f93a2d608Secunia Security Advisory - A vulnerability has been reported in Hastymail2, which can be exploited by malicious people to conduct cross-site scripting attacks.
3598771b86a5881e30b50640c13c044e6ae7f0cff36a61f1de4fe01c0b5de4c6Secunia Security Advisory - Multiple vulnerabilities have been discovered in Manx, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks and compromise a vulnerable system.
3773ddd68a60a69e018cd4f8b0d76bdea3eeef9749a015d0c89f4f41650526a9Secunia Security Advisory - Multiple vulnerabilities have been discovered in HP Network Node Manager i, which can be exploited by malicious people to conduct cross-site scripting attacks.
97b559a67b9599709c41548f98ae43ac3f1b9cb9c76ac015050604c9eccfd864Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
ac3e47d5874fd1d4daad7534970506cf6afc9f213d1d90f20086b45e813dcbbdThese are the slides from the Hacking Hollywood presentation given at Ruxcon 2011. It documents vulnerabilities that the researcher discovered in various pieces of software in use by large Hollywood studios. Be sure to check out the related files for this presentation as there are multiple proof of concept exploits and advisories.
011cfd9dd1552c8137cc5620c4e38a3b1986aa931e278523ef781e70dd75adf5Ubuntu Security Notice 1285-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
6758df4905be75681d391dbdf0a22a6c0d585b02d7ae0b95ce6c9f405177ab7dWhitepaper called Certificate Authority Transparency and Auditability. The goal of this paper is to make it impossible (or at least very difficult) for a Certificate Authority (CA) to issue a certificate for a domain without the knowledge of the owner of that domain. A secondary goal is to protect users as much as possible from mis-issued certificates.
baa285ffbc1c0f086a22438517cd8c203c13124a4eb655414ea8a04b440b3651Red Hat Security Advisory 2011-1496-01 - A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.
01c14c945ffcae4533481835e75743d048c84069db1e3acf5a44f0949b46b159Sites created by Schok Creative suffer from a remote SQL injection vulnerability.
7dc0055c5274ec7437bf95c76e36a43b0359c3cbaf719121cde6e20ed1e6a1f9Red Hat Security Advisory 2011-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Various other issues were also addressed.
ed68520a6ee2920e3e52edf771936c03f68718a31b6a9055d5cb9d1c38a033e13S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.
9f18a5df23671b7b00bdf05e10758b4e56ae625a309b1451df702bc5cf7e4932This is a Call For Papers for a special issue of Elsevier called "Botnet Activity: Analysis, Detection and Shutdown".
9e5e819ce3f960b6d5ddfe8af658c90c1cd78e77afda587dd786dc5ecf3d9012Video Girls BiZ Video Chat script suffers from cross site scripting and remote SQL injection vulnerabilities.
f08affdc5afc926fe3dc84284f7bab1c69b9a826f7b4c5b18d73b619062ce184Go Null Yourself E-zine Issue 6 - Topics in this issue include Floating Point Numbers Suck, How Skynet Works, Defeating NX/DEP With return-to-libc and ROP, and more.
9738a7cab2a945caf04b2be29f7f4be491056cae4ee3b27e48909f9a0e3eb88cExpressionEngine version 2.2.2 and CodeIgniter version 2.0.3 suffer from filter bypass and cross site scripting vulnerabilities.
fdab17029ae48b80689e4ddd515edc23100d07a8f55741743dc18b289e5b7a22Ajax Script suffers from cross site scripting and remote SQL injection vulnerabilities.
4b9b807cf31978b23900da02089db7c0593e9b3d9d8818e73b8619fa6d5324e1Toshiba.com and Compaq.com suffer from cross site scripting vulnerabilities.
d20994a6ef3ff7ce5d7076c9ff08e0cb8eff2bb0a686c23fd54a38d799d17bc5ModenaCam, the Adult Turnkey Flash Live Chat Software script, suffers from remote SQL injection and cross site scripting vulnerabilities.
effbed27188e2b0a4ceac3cf54c68aac13e6f3a4b929f812bc21ab058843771dOxide M0N0X1D3 HTTP server suffers from a directory traversal vulnerability.
7694156615ff57d99bddebea6200de1b9b25ddfeddd5b34a34bdac2063c47cf7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed