Cisco Security Advisory - The Cisco AnyConnect Secure Mobility Client, previously known as the Cisco AnyConnect VPN Client, is affected by arbitrary program execution and local privilege escalation vulnerabilities. There are no workarounds for the vulnerabilities described in this advisory.
b6f62c24ad600052d82c60490ef64ffb9b47d1a6b4fbb76139a5453a3b92aadf
Easy FTP Server version 1.7.0.2 post authentication buffer overflow exploit.
2a6596bad306c2f92f31a99a5af952a2ecb1fa44c6c4f1578665dd5c22713689
Mandriva Linux Security Advisory 2011-105 - This advisory updates wireshark to the latest version. A large/infinite loop exists in the DICOM dissector. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Diameter dictionary file could crash Wireshark. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted snoop file could crash Wireshark. David Maciejak of Fortinet's FortiGuard Labs discovered that malformed compressed capture data could crash Wireshark. Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered that a corrupted Visual Networks file could crash Wireshark.
2f38c38e6d308c7c93fb99b72c981e9702b7cee1649aa9258e4d92c6c5b9ac01
Icinga versions 1.3.0 and 1.4.0 suffer from a cross site scripting vulnerability.
0f2fcc0f2a5004f0756b8053320d1d9036538af9cf5fd71f737e368eb0f56a37
Cisco Security Advisory - Cisco Media Experience Engine (MXE) 5600 devices that are running Cisco Media Processing Software releases prior to 1.2 ship with a root administrator account that is enabled by default with a default password. An unauthorized user could use this account to modify the software configuration and operating system settings or gain complete administrative control of the device. A software upgrade is not required to resolve this vulnerability. Customers can change the root account password by issuing a configuration command on affected engines. The workarounds detailed in this document provide instructions for changing the root account password.
a9b9f6b84efd5f5410ccfdf9fc190f25c02e24a757639b8c1c38c6f42d3997fd
Vibrant Creations suffers from multiple remote SQL injection vulnerabilities.
21a32b3c8444e9da7647764ff7da708c99fe8429fdbf2caee691fc400498df72
MediaCluster (mcCMS) suffers from a shell upload vulnerability.
06d93cc6955871384b4f90c0f60d2c884f75c514a2d5fd549c9b5b121b8fd2e7
Netgear WNDAP350 versions 2.0.1 and 2.0.9 suffers from a remote root password and WPA2 key disclosure vulnerability.
cb5e3cabb4d54afcb646e5bcc9fe38768fc1bdbdea54fd02f0c0b642142df4c3
Nagios version 3.2.3 suffers from a cross site scripting vulnerability.
a056b66c21311b190b7d847ea2b1659d52af13a17ea0e33a820d155730122899
Cisco Security Advisory - Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.
a5da1041cf885eced48a7af3b7acdb0686e61e90f3ff3a0f850f27a77b7a7177
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
6c73501b3f4ee218038777f46b6592c27d8398fe0ea571b5943f57bb082bc5a3
Mandriva Linux Security Advisory 2011-104 - Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service via a negative response containing large RRSIG RRsets.
508ee1aa8ffd4f27a9758171dac332d4d481de68724feca7f6f389471dc75d4c
A Really Simple Chat (ARSC) version 3.3-rc2 suffers from cross site scripting and remote SQL injection vulnerabilities.
249904eba1bb0a21fd20acb8fdb72e6d7161acae6fb1b1e2924b0fd886fc5e27
Innovative Web suffers from a remote SQL injection vulnerability.
2617b117c0d794f9db284cf8cd1804c0c06743144af640c952c8fb51e06f0067
Post Revolution version 0.8.0c suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
c326ab8cc2255d5e582a5a5c103cc9b9e6e64ac1effb215d3c8e08c05d0b1799
The Cherokee server admin configuration web interface suffers from a cross site request forgery vulnerability.
586c995fad51dc5bd0787f10314d084e145efaa7e2f61ce7bc8aa7c1bf5970d3
The VALID 2011 Call For Papers has been announced. This conference will be held in Barcelona, Spain from October 23rd through the 28th, 2011.
41576e3a99041238e6564d80dbda242c65c6cc165b2ca56696674b2f3d0bc356
CodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.
37b2d92023e5ba909975303fa7fb686f9e8f69afae90052f86672f0c13a993cc
Debian Linux Security Advisory 2250-1 - Wouter Coekaerts discovered that the jabber server component of citadel, a complete and feature-rich groupware server, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
0f0e08b40a952cc7e46f5001f5c290c85367e3af53eb2c045331c0fa34fa926f
Debian Linux Security Advisory 2249-1 - Wouter Coekaerts discovered that jabberd14, an instant messaging server using the Jabber/XMPP protocol, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
a991672c4d34580ef442852169e167e37d426325361127f31153c7141950080f
Debian Linux Security Advisory 2248-1 - Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it.
de1900df9f3c9ee82372dc03eef9a63db5a89024f5837f7f77fe44f4b9d4e27b
Secunia Security Advisory - A vulnerability has been reported in SecureSphere Web Application Firewall, which can be exploited by malicious people to conduct script insertion attacks.
8a05dd7d363bab7a969f9f78a5ffd7ce694af4ec1bd403cdee37f087a82a512d
Secunia Security Advisory - Debian has issued an update for ejabberd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
416cc993727e0d1cb7f187e732f831942c207e6d0d78711736624bcd6b67a98f
Secunia Security Advisory - SUSE has issued an update for gdm. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
81b430b2401177c84af1f31faf7a31a37276151469150f0bc56185a7c5470013
Secunia Security Advisory - Georg Fritsch has reported a vulnerability in Wyse ThinOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
4ddbda0f1acb2346bd9b032e11411db32a486be77699d2474aec09fb48af53cc