Mandriva Linux Security Advisory 2012-016 - A File Inclusion vulnerability was discovered and corrected in GLPI. This advisory provides the latest version of GLPI that is not vulnerable to this issue.
OnxShop CMS version 1.5.0 suffers from multiple cross site scripting vulnerabilities.
This is an advance notification of 9 security bulletins that Microsoft is intending to release on February 14, 2012.
CubeCart versions 3.0.20 and below suffer from an open URL redirection vulnerability.
The D-Link DAP 1150 suffers from cross site request forgery, cross site scripting and denial of service vulnerabilities.
Zen-Cart version 1.3.9h suffers from a cross site request forgery vulnerability.
The Astaro Security Gateway suffers from a whitelist bypass vulnerability due to a poorly formed regex.
Dolibarr CMS version 3.2.0 Alpha suffers from a remote SQL injection vulnerability.
Dolibarr CMS version 3.2.0 Alpha suffers from multiple local file inclusion vulnerabilities.
Pfile version 1.02 suffers from cross site scripting and remote SQL injection vulnerabilities.
Nova CMS suffers from multiple remote file inclusion vulnerabilities.
This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.
Kloxo LxCenter Server CP version 6.1.10 suffers from multiple cross site scripting vulnerabilities.
STHS v2 Web Portal version 2.2 suffers from a remote SQL injection vulnerability.
MachForm version 2.4 suffers from multiple remote file inclusion vulnerabilities.
BASE version 1.4.5 suffers from multiple remote file inclusion vulnerabilities and a shell creation vulnerability.
Gocart version 1.0.2 suffers from multiple remote file inclusion vulnerabilities.
The Indianapolis Superbowl 2012 website suffered from multiple remote SQL injection vulnerabilities.
GLPI versions 0.80.61 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
BeWelcome suffers from a cross site scripting vulnerability.
DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
SMW+ version 1.5.6 suffers from a cross site scripting vulnerability.