Gentoo Linux Security Advisory GLSA 200902-01 - A vulnerability in sudo may allow for privilege escalation. Harald Koenig discovered that sudo incorrectly handles group specifications in Runas_Alias (and related) entries when a group is specified in the list (using %group syntax, to allow a user to run commands as any member of that group) and the user is already a member of that group. Versions less than 1.7.0 are affected.
d01204ca7b1ec791afe19e396723b1fda8d1c4789820abb625608d995c41aecdphpYabs version 0.1.2 suffers from a remote file inclusion vulnerability.
2f3f0d369d804ebd7eac71f460b568e4e47337083033efb7b8b2a65d8846526ciDefense Security Advisory 02.06.09 - Remote exploitation of a BSS based buffer overflow vulnerability in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the 'ovlaunch' CGI application, which is used to launch the remote user interface. iDefense has confirmed the existence of this vulnerability in Network Node Manager version 7.53 for Windows. Previous versions may also be affected. The Linux version of 'ovlaunch' contains the vulnerable code, but it is not triggered. The actual hostname is used instead of the attacker supplied 'Host' parameter.
26dfc28bbbebe64ce9d4722f1ae740edae5d75f638211f1f9d97f2ca4be3afd3iDefense Security Advisory 02.06.09 - Remote exploitation of multiple information disclosure vulnerabilities in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to gain access to sensitive information. Two vulnerabilities exist within the CGI applications distributed with NNM. iDefense has confirmed the existence of these vulnerabilities in Network Node Manager version 7.53 for Linux and Windows. Previous versions may also be affected.
1383b8f6f00f24494f4b27b8e42ff950034a86a07d5a4f362f2eb9297c90ce50iDefense Security Advisory 02.06.09 - Remote exploitation of multiple command injection vulnerabilities in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager, could allow an attacker to execute arbitrary code with the privileges of the affected service. Multiple command injection vulnerabilities are present in NNM CGI applications. The vulnerabilities are very similar and occur in the webappmon.exe and OpenView5.exe program. iDefense has confirmed the existence of these vulnerabilities in Network Node Manager version 7.53 for Linux. Previous versions, as well as versions for other Unix based operating systems, may also be affected.
7205e1f402b8dbdefe11b8330ff0cc23eca2e06cc1fe98d35bfcdc3e4fd65979HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running NFS. This vulnerability could be exploited locally resulting in a Denial of Service (DoS).
345d0891e061a15b69734a5fb488bc92249bc57b1717a226b6f0789b051b2af8HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to allow execution of arbitrary code.
9eea2238d5bb38c2561a378ed08d0dc9d8069d0cc76378f7d65fe316cbc80f02HP Security Bulletin - A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files.
1a6f2a2a7e4e6b06961ffdcd0c11103c84cc9c5d74501a570184405da9ba97aaSilverNews version 2.04 suffers from authentication bypass, local file inclusion, and remote command execution vulnerabilities.
8a2ae6971c78605fddf72f8563149c737bd0db4e6da361499b8fe4beaff590f8Ilch CMS versions 1.1L and below suffer from a SQL injection vulnerability due to not sanitizing input from the X-Forwarded-For header.
79b2b624cd15c8c18f0bb8872e3736da562ad68e27c0f902f8df0ea8d7e65f13CamFrog Video Chat version 5.0 and CamFrog Pro version 5.2 apparently keep login and password information unencrypted in memory.
8edd20c761bae5ed32f88301c3343513010ca3b2344d47c19df17e74f761e057Proof of concept tool called SFX-SQLi that implements an extremely fast method of extracting MS-SQL server information.
7c38c7998b0304f46aaa56b1055a38cf8fe36cf5babcd2b3ee7ffc33a27f8790Whitepaper called SFX-SQLi - Fast data extraction using SQL injection and XML statements.
ae97266f3b883dab25125e4ab583e17a7545ba6a9d60283d9bf7b3fac53d0de3Stanford.edu suffers from a remote SQL injection vulnerability.
9a9621de89ca6c600e90bbe229e829cf8a31da1b4cbea04108e14c889b3cd1f3RealNetworks RealPlayer version 11 suffers from multiple code execution vulnerabilities when processing IVR files.
72e4e1e0d9144e2f6ac6fd0c86635d4392f59bb349d2bd69c4b436d1e28da9561024 CMS versions 1.4.4 and below remote command execution exploit using remote file inclusion.
019fcd602629fe932e3c63ad19b96766af61bb432cb2d92af537e4a502459a9dCafe Engine suffers from a remote SQL injection vulnerability in index.php.
7542576d404d3b7b3a47516a5ba04245a65ab94330faf83b98b9679cffbaf886Mailist version 3.0 suffers from insecure backup and local file inclusion vulnerabilities.
a3d7cbc5177664e2c8b00580d6679b3cabc1e1e4f070a210ccb2e9d9ee8d1bcePHP-Calendar suffers from an information disclosure vulnerability due to old update php files being left behind.
cbdb6e27a0f7e1f710c10c367f22d58f81f830bdca81b9de7ce942d5a228d804Orbit Downloader version 2.8.5 malformed URL buffer overflow exploit that spawns calc.exe, can add a user, or binds a shell to port 4444.
71c893ad1dd1876d071cdd705e17b2d651f69540f59d554ee72bd1a1dc797207ZeroBoard4 pl8 (07.12.17) suffers from local file inclusion, blind SQL injection, cross site scripting, and authentication bypass vulnerabilities.
0ef49cff0260bee1072b65864128cd4b397e7d3306abfbeb006d005e0cec0ec7WikkiTikkiTavi version 1.11 suffers from a remote php shell upload vulnerability.
22154b136691fa72fbdd57f6d1c86154003c9988e64f18c181111c43a19f88f6Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
829ad01ef97a5f8d00c60dd232c3635d882d76893074de065c31c28c96ebd119Secunia Security Advisory - Some vulnerabilities have been discovered in Simple PHP News, which can be exploited by malicious people to compromise a vulnerable system.
b39ee4c152b5a9e11c2942fa496f013d07b052a909142d58e42af3181d79ae4aSecunia Security Advisory - Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.
de6287a4b842828c7e9c1887e2a5c6a562a4d39be7fddf13fa0f716e51553a03
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed