SMF version 2.0.2 suffers from a cross site scripting vulnerability.
8a24d74ec72c3f3c5a5641aa378d76fba73e19c15a756f998b0b616a548362c2
In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.
b67ff68635b0da527a9389e954b4fa15fc435fa409b274cf649d45bc21db5d36
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.
ea917b03e7a1554b15684bdf3c879c93ffadab2739f8cdd41c0e98cfd264ec09
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.
0c1840f7a89acaf990fbe44ab43b5a65bc48fca9f572401830ddd523cc72dcde
Gentoo Linux Security Advisory 201203-23 - Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. Versions less than 0.10.1 are affected.
3dc6ec677cef70e1de94b2d06ab3401e1e55afa0cbebc37c8c0cb6bceef728e8
Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.
214097b723d5e1016a9378358b8884c8afd2d66057492714e906754204d059dd
Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4
Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
d65d4721c97ea8c2b04ae4bf5108126edba21737d791da66ab764bc731edc55d
Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
fa24d61a1e2ebc2f10bb016c59b802b5caa5ee81f5cd0d430c76d972c159a045
Ubuntu Security Notice 1412-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.
ffa26fc4d4f2107fa0a64ed1c7e866f5a1c4fef22ea503843dc7738efdabb04e
Debian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.
1bf8166f452ce37b8119e22989896e1361e2b04b9065dbab3659079991b8e62c
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622
Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
1b249434937ec1c1ec6432094ca9aca11399fda520e83ee44caaf8e3963ed614
Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.
d0a54650e8efd4c39e79421b011fe738bf7decc8c31ed82b1aed3488ad1654e3
Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36a
HP Security Bulletin HPSBMU02756 SSRT100596 - A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS). Revision 1 of this advisory.
efc98ae21b7578cdda64deb5dc05500c54b69e6f2036619387554bc0530e3ad6
Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.
621d511df36164003264ce4995e8cc2dd26b288bbfe0e1518a4cf0d7dddeebc1
This file documents a proof of concept to demonstrate the cross site scripting vulnerability in the Drupal Activity module version 6.x.
21cff53d4151dcb6cd0a86095cfb274645d44512ecad08ffa9a0c5beb8eac1e5
The Drupal Fusion module version 6.x suffers from a cross site scripting vulnerability.
8311447d5c5e9a519065e8708e1a06e2ea1f83db30ea859607056582c4f49fb0
The Drupal Chaos Tool Suite module version 7.x suffers from a cross site scripting vulnerability.
80d66e0a5170005cb66e1988ba20428a8cdff88a472053008c696562e43d5e13
The Drupal Organic Groups module version 6.x suffers from an access bypass vulnerability.
dbb190a4af2ae746e702f203bad02665c8856d9855a61e43a4847ccb615818d9
Seditio Build 161 suffers from cross site scripting and information disclosure vulnerabilities.
24d00df977e36031d477611c3c82dacf901cc57e002426b7b8ff69be83dee52c
WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.
0c816792c3ca6a0b7d63857f24ed1e793ca83dd33846e3484963e4614bb59655
Cisco Security Advisory - Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities.
788885399c203d07e2f188436e87b949677dbed1fe1b4f9d5901f2a746308dff
The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.
1edd0a6afe6d31147b097c2127b64cc9e88a0013161e4c6fafa7d291d19e8ba8