Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/28593/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to...

JVN#79114735 Google Desktop cross-site scripting vulnerability

Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the web browser of a user who uses Google Desktop. Solution According to the vendor, this vulnerability has been fixed in Google...

Microsoft Excel Style Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Integrity Clientless Security (ICS) Update 3.7.211.0

Check Point Integrity ™ Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...

Novell ZENworks ESM Security Client STEngine Privilege Escalation

Novell ZENworks Endpoint Security Management ESM Security Client is installed on the remote host. It provides a centrally-managed, policy-based firewall for enterprise computers. The version of this software on the remote host dynamically generates various scripts which are then executed by the...

Panda AdminSecure Communications Agent Detection

The remote service is a Communications Agent, which manages communications between Panda AdminSecure and client computers for centralized management of Panda antivirus software. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if...

Authentication flaw

The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using 1...

CVE-2007-3011

The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter...

[Full-disclosure] Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure

Advisory: Fujitsu-Siemens PRIMERGY BX300 Switch Blade Information Disclosure RedTeam Pentesting discovered an information disclosure in the Fujitsu- Siemens BX300 Switch Blade during a penetration test. By accessing URLs of the web interface directly and aborting the authentication dialog, one is...

[security bulletin] HPSBPI02226 SSRT061274 rev.1 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01077085 Version: 1 HPSBPI02226 SSRT061274 rev.1 - HP Help and Support Center Running on HP Notebook Computers Running with Windows XP, Remote Unauthorized Access NOTICE: The information in this...

Apple Mac OSX 10.4.9 - VPND Local Format String

source: https://www.securityfocus.com/bid/24208/info Apple Mac OS X's VPN service daemon is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Attackers may exploit this issue...

ZoneAlarm 6.1.744.0016.5.737.000 - Vsdatant.SYS Driver Local Denial of Service

ZoneAlarm 6.1.744.0016.5.737.000 - Vsdatant.SYS Driver Local Denial of Service // source: https://www.securityfocus.com/bid/23494/info ZoneAlarm is prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver. A loc...

Symantec SYMTDI.SYS Device Driver - Local Denial of Service

Symantec SYMTDI.SYS Device Driver - Local Denial of Service source: https://www.securityfocus.com/bid/22977/info Symantec 'SYMTDI.SYS' device driver is prone to a local denial-of-service vulnerability. A local authenticated attacker may exploit this issue to crash affected computers, denying...

Symantec 'SYMTDI.SYS' Device Driver - Local Denial of Service

source: https://www.securityfocus.com/bid/22977/info Symantec 'SYMTDI.SYS' device driver is prone to a local denial-of-service vulnerability. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users. This issue is similar to the one...

Integrity Clientless Security (ICS) Update 3.7.135.0

Check Point Integrity ™ Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...

Integrity Clientless Security (ICS) Update 3.7.131.0

Check Point Integrity ™ Clientless Security ICS protects your Web site by detecting and disabling spyware processes and allowing you to enforce security policies before a user logs onto your network. Using ICS you can prevent users with potentially harmful software from accessing your Web site, a...

avm-traversal.txt

Description The "AVM IGD CTRL Service", a Universal Plug and Play UPNP service for windows, which is part of the software package "Fritz!DSL Software 02.02.29" provides the possibility to read any file on the windows system partition for any user - no matter how much restricted rights the user...

Rixstep Undercover - Local Privilege Escalation

// source: https://www.securityfocus.com/bid/22071/info Rixstep Undercover is prone to a local privilege-escalation vulnerability because of a design error in the affected application. An attacker can exploit this issue to execute arbitrary code with superuser privileges, completely compromising...

Oracle ORADC - ActiveX Control Remote Code Execution

source: https://www.securityfocus.com/bid/22026/info Oracle ORADC ActiveX control is prone to a remote code-execution vulnerability. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to...

Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the application. The attacker could leverage the issue to compromise affected computers. Technologies Affected...