[PSA-2013-1022-1] Microsoft Silverlight Invalid Typecast / Memory Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-1022-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title:...

Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in the Impact server Java process of Cisco Prime Central for Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to crash the Impact server Java process. The vulnerability is due to the Impact server Java process consuming available resources. An...

Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability

A vulnerability in the Service Module for Cisco Catalyst 3750-X Series Switches could allow an authenticated, local attacker to gain root access to the kernel running on the Cisco Service Module. The vulnerability is due to default credentials on the Cisco Service Module. An attacker could exploi...

Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation

Exploit Title: Avira internet security avipbb.sys filter bypass and privilege escalation - 0Day Date: 2013-10-17 Exploit Author: Ahmad Moghimi http://mallocat.com , https://twitter.com/mall0cat Vendor Homepage: http://www.avira.com/ Software Link:...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by executi...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to view arbitrary files on the underlying filesystem. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect Arbitrary File Creation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute commands with elevated privileges. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Cisco Unified Computing System Fabric Interconnect Privilege Escalation Vulnerability

A vulnerability in the fabric interconnect of the Cisco Unified Computing System could allow an authenticated, local attacker to execute scripts with elevated privileges. The vulnerability occurs because all scripts are executed at the same privilege level. An attacker could exploit this...

Cisco IOS Software DHCP Server remember Functionality Vulnerability

An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit...

Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability

A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in the input parsing of Cisco NX-OS Software could allow an unauthenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to poor processing of parameters that include special characters. An attacker could exploit this vulnerabili...

Cisco NX-OS Software Input Validation Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to create or overwrite files. The vulnerability is due to improper input filtering. An attacker could exploit this vulnerability by using a shell output redirection. A...

Cisco NX-OS Local Write Redirection Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to create files in any location that they have access. The vulnerability is due to improper input filtering of file name input. An attacker could exploit this vulnerabilit...

Cisco NX-OS Software Arbitrary Code Execution Vulnerability

A vulnerability in the input parsing of Cisco NX-OS Software could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to poor processing of parameters that include special characters. An attacker could exploit this vulnerability...

Cisco NX-OS Software Information Disclosure Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of configuration files that can be viewed by users assigned to the network-operator role. An attacker could exploit this...

Cisco Unified Computing System Fabric Interconnect create certreq Command Injection Vulnerability

A vulnerability in the create certreq command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input. A...

Cisco Unified Computing System Fabric Interconnect activate firmware Command Injection Vulnerability

A vulnerability in the activate firmware command of the Cisco Unified Computing System fabric interconnect could allow an authenticated, local attacker to execute commands and obtain an interactive Linux shell as the root user. The vulnerability is due to a failure to properly sanitize user input...

Cisco Unified Computing System Baseboard Management Controller Arbitrary File Access Vulnerability

A vulnerability in the Baseboard Management Controller BMC local file editor of the Cisco Unified Computing System could allow an authenticated, local attacker to modify the contents of arbitrary files on the fabric interconnect. The vulnerability is due to a failure to properly sanitize user...

Cisco Unified Communications Domain Manager Blind SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to impact the integrity and availability of the affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied inp...