Advisories | SEC Consult. Multiple critical vulnerabilities in Sawmill Enterprise log file analysis software[2. Backdoor and Vulnerabilities in Xerox Work. Centre Printers Web Interface[2. Local file inclusion/execution and multiple Cross- Site- Request- Forgery vulnerabilities in Leto. DMS (formerly My. DMS)2. 00. 9[2. 00. Authentication bypass and file manipulation in Sitecore Staging Module[2. Multiple Vulnerabilities in RADactive I- Load[2. JSFTemplating, Mojarra Scales and Glass. Fish Application Server v. Admin console[2. 00. Symbian S6. 0 / Nokia firmware media codecs multiple memory corruption vulnerabilities[2. Apache Tomcat User Enumeration Vulnerability[2. Nortel Contact Center Manager Server Authentication Bypass[2. Nortel Contact Center Manager Server Password Disclosure[2. Sonic. WALL Global Security Client Local Privilege Escalation Vulnerability[2. Sonic. WALL Global VPN Client Local Privilege Escalation Vulnerability[2. Sonic. OS Format String Vulnerability[2. Proxy bypass vulnerability & plain text passwords in Level. One AMG- 2. 00. 0[2. Novell Teaming Multiple Vulnerabilities[2. Nortel Application Gateway 2. Weekly Edition Daily updates Events Calendar Book reviews Penguin Gallery. About LWN.net: The LWN.net Linux Distribution List You have found the LWN.net Linux.Password Disclosure Vulnerability[2. Next. App Echo XML Injection Vulnerability[2. IBM Director CIM Server Remote Denial of Service Vulnerability[2. Director CIM Server Local Privilege Escalation Vulnerability. Fujitsu- Siemens Web. Transactions remote command injection vulnerability[2. Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability[2. Remote command execution in Instant Expert Analysis signed Java applet and Active. X Control. 20. 07[2. Sonic. WALL Global VPN Client Format String Vulnerability[2. Multiple Vulnerabilities in Sonic. WALL SSL- VPN Client[2. Perdition IMAP Proxy Format String Vulnerability[2. Madwifi xrates element remote DOS[2. Remote command execution in Joomla! CMS[2. 00. 7- 0. 6- 0. The OSCI-transport library 1.2, a core component of Germany’s e-government infrastructure, is affected by XXE, padding oracle and signature wrapping. How the Pass the Hash attack technique works and a demonstration of the process that can be used to take stolen password hashes and use them successfully without. PHP chunk_split() integer overflow[2. Multiple vulnerabilities in Nokia Intellisync Mobile Suite[2. Apache HTTP Server / Tomcat directory traversal[2. My. SQL 5 Single Row Subselect Denial 0f Service[2. File Disclosure in Pagesetter for Post. Nuke. 20. 06[2. 00. TYPO3 Remote Command Execution Vulnerability[2. Outlook Web Access Cross Site Scripting Vulnerability – Vulnerability Details[2. Outlook Web Access Cross Site Scripting Vulnerability[2. Symantec Enterprise Firewall NAT/HTTP Proxy Private IP Exposure[2. Opera Browser CSS Attribute Integer Wrap / Buffer Overflow. File Disclosure im Oracle AS Discussion Forum Portlet[2. Oracle AS Discussion Forum Portlet XSS[2. Nortel SSL VPN Cross Site Scripting/Command Execution[2. Horde Cross Site Scripting[2. Webmail Security and Browser related XSS Bugs[2. Cross Site Scripting in GMX Webmail[2. Multiple Vulnerabilities in v. Tiger CRM[2. 00. 5- 1. Macromedia Flash Player Action. Define. Function Memory Corruption[2. CMS multiple vulnerabilities[2. RSA ACE Web Agent XSS[2. Snoopy Remote Code Execution[2. Yahoo / IE6 XSS[2. IE6 javaprxy. dll COM instantiation heap corruption[2. Source Code Disclosure in Yaws Webserver[2. Arbitrary File Inclusion in php. CMS 1. 2. x[2. 00. Exhibit Blind SQL Injection[2. Yahoo Webmail Cookie Theft. PHP Input Validation Vulnerabilities[2. Multiple Vulnerabilities in Sugar. Sales[2. 00. 4- 1. Password Disclosure for SMB Shares in KDE’s Konqueror[2. Motorola Wireless Router WR8. G Authentication Circumvention[2. PHP escapeshellarg Windows Vulnerability[2. Multiple Vulnerabilities in Lin. Box. 20. 03[2. 00. Internet Transaction Server Multiple Vulnerabilities[2. File. DB 3. 1 OS- Cmd execution[2. W- Angora Multiple Vulnerabilities[2. Invision Powerboard V. Multiple Vulnerabilities[2. Axis Webcam DOS[2. Typo. 3 3. 5b. 5 Security Check Results[2. Multiple critical vulnerabilities in Sawmill Enterprise log file analysis software. Sawmill suffers from multiple vulnerabilities that allow an attacker e. Backdoor and Vulnerabilities in Xerox Work. Centre Printers Web Interface. Xerox Work. Centre 5. Backdoor that allows access to any folder. The Software has also a flawed user validation. In some cases it is possible to access multiple pages that would require authentication.[2. Local file inclusion/execution and multiple Cross- Site- Request- Forgery vulnerabilities in Leto. DMS (formerly My. DMS)Leto. DMS (formerly My. DMS) is prone to local file inclusion/execution and multiple cross- site- request- forgery vulnerabilities. The file inclusion vulnerability can be used to read files from the web server and to execute malicious PHP- code.[2. Authentication bypass and file manipulation in Sitecore Staging Module. The Sitecore Staging Webservice is vulnerable to authentication bypass and therefore files can be uploaded in arbitrary directories on the server.[2. Multiple Vulnerabilities in RADactive I- Load. RADactive I- Load 2. JSFTemplating, Mojarra Scales and Glass. Fish Application Server v. Admin console. JSFTemplating, Mojarra Scales and the admin console of Glass. Fish Application Server v. Symbian S6. 0 / Nokia firmware media codecs multiple memory corruption vulnerabilities. Multiple memory corruption vulnerabilities have been identified in multimedia codecs used by the Real. Player and MMS viewer on Nokia’s Symbian/S6. An attacker could leverage these bugs to gain control of the program counter register and execute arbitrary code on a target smartphone. The bugs can be triggered directly inside the MMS viewer of the target, by sending an MMS with an embedded video file.[2. Apache Tomcat User Enumeration Vulnerability. Due to insufficient error checking in some authentication classes, Apache Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. The attack is possible if form based authenticiaton (j_security_check) is used.[2. Nortel Contact Center Manager Server Authentication Bypass. The Nortel Contact Center Manager Server web application relies on client side cookies to check the roles of authenticated users. Authentication can be bypassed by manually setting the required cookies. By exploiting this vulnerability, an attacker can bypass authentication and access the Nortel Contact Center Manager Server.[2. Nortel Contact Center Manager Server Password Disclosure. The Nortel Contact Center Manager Server web application provides a SOAP interface. This interface does not need authorisation and responds to certain requests with sensitive information.[2. Sonic. WALL Global Security Client Local Privilege Escalation Vulnerability. Local exploitation of a design error in Sonic. WALLs Global Security Client could allow attackers to obtain increased privileges.[2. Sonic. WALL Global VPN Client Local Privilege Escalation Vulnerability. A local privilege escalation vulnerability exists in Sonic. WALL Global VPN client. By exploiting this vulnerability, a local attacker could execute code with Local. System privileges.[2. Sonic. OS Format String Vulnerability. A format string vulnerability exists in the logfile parsing function of Sonic. OS. An attacker could crash the system or execute arbitrary code by injecting format string metacharacters into the logfile, if an administrator subsequently uses the Sonic. OS GUI to view the log.[2. Proxy bypass vulnerability & plain text passwords in Level. One AMG- 2. 00. 0The wireless LAN gateway AMG- 2. Level. One uses a misconfigured Squid proxy which allows an attacker to access the admin interface and the internal network. Furthermore the administration interface shows the passwords of all users and other sensitive settings in plain text.[2. Novell Teaming Multiple Vulnerabilities. Multiple vulnerabilities have been identified in Novell Teaming. These include enumeration of usernames, information disclosure, and cross site scripting flaws. An attacker could leverage these vulnerabilities to collect information about the system and its users and conduct effective (XSS supported) hybrid phishing attacks.[2. Nortel Application Gateway 2. Password Disclosure Vulnerability. The Nortel Application Gateway provides a web based administration interface. This interface responds with sensitive information to unauthorized users.[2. Next. App Echo XML Injection Vulnerability. Unverified XML Data is passed from the client (Webbrowser) to the Next. App Echo Engine and consequently to an underlying XML Parser. This leading to a typical XML Injection scenario.[2. IBM Director CIM Server Remote Denial of Service Vulnerability. The CIM server contained in the IBM Director suite for Microsoft Windows is vulnerable to a remote denial of service attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |