Cisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
25ea801f2bf5e839abd7519bd4099987iCloudCenter JobSite PHP Script version 1.1 suffers from a remote SQL injection vulnerability. The author of this software claims this only affects the demo version.
57c32d8b0343624467ca5ac1a29d076dHT Editor versions 2.0.18 and below file opening stack overflow exploit.
168e1104d0bee121be32f6c2ec6b9c57Andy's PHP Knowledgebase version 0.95.2 suffers from a remote SQL injection vulnerability.
3bc7941e99b8ba4774079ca38351f475Debian Linux Security Advisory 2208-1 - It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer (IXFR). Such an update while processing a query could result in deadlock and denial of service.
0d7b8fad9cfe5f882faa5640facec194PHPBoost version 3.0 suffers from a remote backup download vulnerability.
02afa49edfa10c713577227a8b8a883aCisco Security Advisory - Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network. Cisco has released free software updates that address this vulnerability.
82f852f8537b251715887a935685082cA vulnerability exists in EMC Replication Manager which is embedded in NetWorker Module for Microsoft Applications (NMM). The vulnerability may allow arbitrary code execution on vulnerable installations of the product. Versions affected include EMC NetWorker Module for Microsoft Applications 2.1.x / 2.2.x.
dc245cc7888a0e5d3b03833c6d30192cThis is a brief whitepaper called Faster Blind MySQL Injection Using Bit Shifting.
5f7afc16b7b53ae598f47abd1efd3782Pligg CMS version 1.1.3 suffers from multiple vulnerabilities including access bypass and privilege escalation.
9fd7638ce680f67b6349c5ea1579bb8dGOM Player version 2.1.28.5039 .avi file denial of service proof of concept exploit.
42303389104990adfda2aec75ce3d0dfWindows Explorer version 6.0.2900.5512 Shmedia.dll denial of service proof of concept exploit.
0fe697b8ce6ac1c6a516d68ad8f9e44cWinamp version 5.61 .avi file denial of service proof of concept exploit.
6f6c55b649b06d4636d4d6d446fd52c6Media Player Classic Home Cinema version 1.5.0.2827 .avi file denial of service proof of concept exploit.
30005f24ecb8d6c58783ebb73fee3959Zend Java Bridge version 3.1 remote code execution exploit that takes advantage of a specific flaw in the javamw.jar service.
42af9d72b56fcd5644aadf31213b3bdbYaCOMAS version 0.3.6 suffers from information disclosure and cross site scripting vulnerabilities.
a0ee0f26612c0d8d6e53cec6237154f4CosmoQuest suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8045dcced30ab4e005075f40ea35c701Bigace version 2.7.5 suffers from an arbitrary file upload vulnerability.
c8eceb0fe1f378c183f4f4aefbf14d79IrIran Shopping Script suffers from a remote SQL injection vulnerability.
e4e30ff493a8818c9a1be5dd174a7436Snortalog is a powerful Perl script that summarizes Snort logs, making it easy to view any network attacks detected by Snort. It can generate charts in HTML, PDF, and text output. It works with all versions of Snort, and can analyze logs in three formats: syslog, fast, and full snort alerts. Moreover, it is able to summarize other logs like Fw-1 (NG and 4.1), Netfilter, and IPFilter in a similar way.
83b07c1f0ae06f81d04a862704cf83a4Minveli suffers from multiple remote SQL injection vulnerabilities in index_1.php and inner.php.
1f8d59c052cbc2834033f8df915eb573Mandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.
163855e28dd547d30ccf2fe21546492eMandriva Linux Security Advisory 2011-055 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field.
7e8fa8300fb8a5afdc20cc30018442dfGrapecity DataDynamics Report Library versions 1.6.1871.61 and below suffer from a cross site scripting vulnerability.
e1ed122a417aa2bc2e373199c3f2ac79VMware Security Advisory 2011-0006 - The VMware vmrun utility is susceptible to a local privilege escalation in non-standard configurations.
2a1d16db56e395bf18e79736b86f46a5
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed