Cisco Unity Express Cross-Site Scripting Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...

SuSE 11.1 Security Update : net-snmp (SAT Patch Number 6517)

This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service application crash via a heap-based out-out-bounds read flaw which could be exploited remotely. CVE-2012-2141 - The snmpd agent should read shared memory information from...

CVE-2012-6437

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and...

CVE-2012-6441

An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality. Rockwell Automation EtherNet/I...

CVE-2012-6442

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communicatio...

Design/Logic Flaw

Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and...

Buffer overflow

Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier...

Red October Attackers Shutting Down C&C Infrastructure

It appears that the attackers behind the Red October cyberespionage campaign are taking their ball and going home. Since the attack came to light on Monday, the attackers have begun shutting down their infrastructure and the hosting providers and registrars involved with some of the...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Cross-site scripting Various core and contributed modules Access bypass Book module printer friendly version Access bypass Image module...

[SECURITY] Fedora 18 Update: pl-6.0.2-5.fc18

ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib Unix process control and sockets, cpp C++ interface, sgml reading XML/SGML, sgml/RDF reading RDF int...

[SECURITY] Fedora 17 Update: pl-6.0.2-4.fc17

ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib Unix process control and sockets, cpp C++ interface, sgml reading XML/SGML, sgml/RDF reading RDF int...

[SECURITY] Fedora 16 Update: pl-5.10.2-9.fc16

ISO/Edinburgh-style Prolog compiler including modules, auto-load, libraries, Garbage-collector, stack-expandor, C/C++-interface, GNU-readline interface, very fast compiler. Including packages clib Unix process control and sockets, cpp C++ interface, sgml reading XML/SGML, sgml/RDF reading RDF int...

Fedora Update for pl FEDORA-2013-0211

Check for the Version of pl OpenVAS Vulnerability Test Fedora Update for pl FEDORA-2013-0211 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the...

Fedora 16 : drupal6-6.27-1.fc16 / drupal7-7.18-1.fc16 (2012-20794)

Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...

CVE-2012-0860

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse 1 deployUtil.py or 2 vdsbootstrap.py Python module in /tmp/...

PT-2013-1518 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M versions prior to 3.1 Description: The issue allows local users to gain privileges via a Trojan horse Python module, specifically deployUtil.py or vds bootstrap.py, in the /tmp/ directory when...

JBoss Enterprise Application Platform: JBoss EAP: JBEAP: JBoss Enterprise Application Platform: Unauthorized EJB access via authorization module bypass

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans EJB access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers JACC permissions from being...

JBoss Enterprise Application Platform: JBoss EAP: JBEAP: JBoss Enterprise Application Platform: Unauthorized EJB access via authorization module bypass

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans EJB access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers JACC permissions from being...

JBoss Enterprise Application Platform: JBoss EAP: JBEAP: JBoss Enterprise Application Platform: Unauthorized EJB access via authorization module bypass

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans EJB access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers JACC permissions from being...

Joomla modules - pm_advancedsearch4 Arbitrary File Upload Vulnerabilit

Exploit for php platform in category web applications ------------------------------------------------------------------------------- Joomla modules - pmadvancedsearch4 Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author =...