McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a file download vulnerability.
541d487c0fd9f602725c99856fa3e3627cd412b773bb200ff86822d291aee585
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
83b1fca33c08846e197daa065fc717ff51f5a94766c6b9b25ceeac7ca984be29
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a token disclosure vulnerability.
5e6128752681e8d4144799b7dd87140151481f96ddb6ba769da110dd68f46272
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability.
38b9c98ba1910b6ae86c52cbb72d534f1960caf1fa1e8484b1a424503d4d3a2b
PHP Designer 2007 PE suffers from a remote SQL injection vulnerability.
7f5cd0d29463fed33d4ae2fd9962cde7c0185b25d1e0b37c8635ac96d1105fcd
PTK version 1.0.5 suffers from cross site scripting and direct access bypass vulnerabilities.
73db2993ed1cf68f7e922d7bd762d40bda60592e0f603e13367647097dc3daa2
GetSimple version 3.1 suffers from backup download and shell upload vulnerabilities.
6d7e6bb2dc03c8ee708abf9ebd0c5acdb49191acb3f9a1b447a52889d00c3574
Havalite CMS suffers from database disclosure, shell upload, and remote SQL injection vulnerabilities.
5333f13c7d3a31da5790853e3d445f2ca1d0412733313afc050cc63a50eeae64
The Flexicontent component in E107 version 1.0.0 suffers from a remote SQL injection vulnerability.
415819e480c87949196e8660c90b6a6e0bf85fc7176806049bb428ec4a657981
SMF version 2.0.2 suffers from a cross site scripting vulnerability.
8a24d74ec72c3f3c5a5641aa378d76fba73e19c15a756f998b0b616a548362c2
In 2012, OWASP is holding its Global AppSec Research (EU) Conference in Athens, Greece! The OWASP AppSec Research conference is a premier gathering for Information Security leaders and researchers. It brings together the application security community to share cutting-edge ideas, initiatives and technology advancements. The Call For Papers is now open.
b67ff68635b0da527a9389e954b4fa15fc435fa409b274cf649d45bc21db5d36
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.
ea917b03e7a1554b15684bdf3c879c93ffadab2739f8cdd41c0e98cfd264ec09
McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.
0c1840f7a89acaf990fbe44ab43b5a65bc48fca9f572401830ddd523cc72dcde
Gentoo Linux Security Advisory 201203-23 - Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. Versions less than 0.10.1 are affected.
3dc6ec677cef70e1de94b2d06ab3401e1e55afa0cbebc37c8c0cb6bceef728e8
Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.
214097b723d5e1016a9378358b8884c8afd2d66057492714e906754204d059dd
Red Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4
Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
d65d4721c97ea8c2b04ae4bf5108126edba21737d791da66ab764bc731edc55d
Ubuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
fa24d61a1e2ebc2f10bb016c59b802b5caa5ee81f5cd0d430c76d972c159a045
Ubuntu Security Notice 1412-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.
ffa26fc4d4f2107fa0a64ed1c7e866f5a1c4fef22ea503843dc7738efdabb04e
Debian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.
1bf8166f452ce37b8119e22989896e1361e2b04b9065dbab3659079991b8e62c
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622
Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included.
1b249434937ec1c1ec6432094ca9aca11399fda520e83ee44caaf8e3963ed614
Cisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.
d0a54650e8efd4c39e79421b011fe738bf7decc8c31ed82b1aed3488ad1654e3
Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36a
HP Security Bulletin HPSBMU02756 SSRT100596 - A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS). Revision 1 of this advisory.
efc98ae21b7578cdda64deb5dc05500c54b69e6f2036619387554bc0530e3ad6