Xymon 4.x File Deletion

Hi, a security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool https://sourceforge.net/projects/xymon/. Impact ------ The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymondrrd". File deletion is done wi...

Heap Corruption in Nitro Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Nitro Pro version 7.5.0.22 and earlier versions and Nitro Reader version 2.5.0.36 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated...

Vulnerability in SumatraPDF Reader Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting SumatraPDF Reader version 2.1.1 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

PonyOS 0.4.99-mlp Privilege Escalation

Advisory: PonyOS Security Issues John Cartwright Introduction ------------ Like countless others, I was pretty excited about PonyOS yesterday April 1st 2013 and decided to give it a go. After wasting a lot of time nyan'ing, I knew this was the future of desktop OSes. However, I wondered how secur...

Attackers Shifting to Delivering Unknown Malware Via FTP and Web Pages

The bulk of “unknown” malware is being delivered to systems via Web-based attacks, proxies and FTP sessions, according to a study released by Palo Alto Networks this week. The study dubbed “The Modern Malware Review,” found more than 26,000 malware samples, and focuses on what the firm calls...

ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities

Vulnerability Report Author: Matthew R. Bucci Date: 18 March, 2013 CVE-2013-2294 Description of Vulnerability: ----------------------------- ViewGit "is a git web repository viewer that aims to be easy to set up and upgrade, light on dependencies, and comfortable to use."...

TinyMCE 3.5.8 Cross Site Scripting

Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Description of Vulnerability: ----------------------------- "TinyMCE in itself can not be insecure" http://www.tinymce.com/wiki.php/Security "TinyMCE is a platform independent web based Javascript HTML WYSIWYG...

Vulnerability in VMware VMCI.sys Could Allow Local Elevation of Privilege

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting VMware Workstation version 8.0.4 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, VMware...

CVE-2012-5161 - Vulnerability in Citrix XenApp could result in arbitrary code execution

Description of Problem A vulnerability has been identified in the XML Service interface of XenApp that could potentially be used by a remote, unauthenticated attacker to execute arbitrary code in the context of a service account on a XenApp server. The vulnerability could potentially be exploited...

Vulnerabilities in FFmpeg Libavcodec Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of three vulnerabilities in the FFmpeg codec library software version 0.10 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected...

Vulnerabilities in SumatraPDF Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting SumatraPDF Reader software version 2.0.1 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor...

PCI DSS Compliance : Handling False Positives

Note that per PCI Security Standards Council PCI SSC standards, if the version of the remote software is known to contain flaws, a vulnerability scanner must report it as vulnerable. The scanner must still flag it as vulnerable, even in cases where a workaround or mitigating configuration option ...

Vulnerability in LongTail Video JW Player Could Allow Cross-Site Scripting

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting LongTail Video JW Player software version 5.9.2145 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the...

Driving Up the Cost of Exploit Development Becomes a Key Defensive Strategy

CANCUN–The skill of attackers, combined with the difficulty and cost of finding and fixing vulnerabilities in software–especially after deployment–has reached the point that it’s now more effective and efficient for vendors to concentrate on making life more difficult for those attackers looking ...

Vulnerability in Google Picasa Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Picasa for Windows version 3.6 build 105.61 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendo...

Drupal With Webform Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Original Date of Vendor Notification: April 19, 2011 15:15 GMT - 4:00 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The...

Drupal Custom Pagers Module XSS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Custom Pagers module http://drupal.org/project/custompagers "allows administrators to...

Drupal Embedded Media Field Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are also available at http://www.madirish.net/?article=472 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...

Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010 CVE: CVE-2010-3654 BID: 44504 OSVDB: 68932 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Apply...

Adobe Flash Player Flash Content Parsing Code Execution

Added: 11/16/2010 CVE: CVE-2010-3654 BID: 44504 OSVDB: 68932 Background Adobe Reader is free software for viewing PDF documents. Problem Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. Resolution Apply...