vTiger CRM AddEmailAttachment arbitrary file upload

Added: 01/10/2014 CVE: CVE-2013-3214 BID: 61558 OSVDB: 95902 Background vTiger CRM is a customer relationship management application written in PHP. Problem An arbitrary file upload vulnerability when handling SOAP AddEmailAttachment requests allows remote attackers to execute arbitrary commands ...

SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)

IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed : - mark files in jre/bin and bin/ as executable bnc823034 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

CVE-2013-1879

Cross-site scripting XSS vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."...

Oracle July 2013 Critical Patch Update patches 89 Flaws

It may not be the highest priority patch among the 89 released by Oracle yesterday in its July Critical Patch Update CPU, but a fix for an Outside In Technology vulnerability in Oracle’s Fusion middleware merits some extra attention. Oracle provides the technology in several of its products in...

CentOS Update for httpd CESA-2013:0815 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zendesk security breach, "We've been hacked"

Customer service software provider Zendesk announced a security breach, that affected three major Zendesk clients i.e Tumblr, Pinterest and Twitter and allowed hackers into their systems. The hacks come just days after Apple ,Twitter and Facebook revealed that their employees computers fell victi...

CentOS Update for tcl CESA-2013:0122 centos5

Check for the Version of tcl OpenVAS Vulnerability Test CentOS Update for tcl CESA-2013:0122 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CentOS Update for ruby CESA-2013:0129 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

91736cms cookie injection vulnerability-vulnerability warning-the black bar safety net

Re-read under 9 1 7 3 6 before that getip vulnerability has been patch on. 漏洞 文件 :system/modules/member/index.php public function edit ifempty$COOKIE'memberuser'||empty$COOKIE'memberuserid' showmsgC"adminnotexist","index. php? m=member&f=login"; $userid=$COOKIE'memberuserid';...

Microsoft XML Core Services远程代码执行漏洞

CVE ID: CVE-2012-1889 Microsoft XML Core Services MSXML是一组服务，可用JScript、VBScript、Microsoft开发工具编写的应用构建基于XML的Windows-native应用。 Microsoft XML Core Services 3.0、4.0、5.0、6.0在实现上存在漏洞，可能导致访问未初始化内存对象进而发生内存破坏，远程攻击者可利用该漏洞在用户通过IE查看恶意网页时执行任意代码。 0 Microsoft XML Core Services 6.0 Microsoft XML Core Services 5.0...

Ubuntu 8.04 LTS : samba vulnerability (USN-1374-1)

Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block...

Cloupia End-To-End FlexPod Management Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides...

Cogent DataHub Vulnerabilities

Overview This Advisory is a follow-up to the Alert, “ICS-ALERT-11-256-03—COGENT DATAHUB VULNERABILITIES,” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team ICS-CERT web page. ICS-CERT is aware of a public report of multiple vulnerabilities in...

RedHat Update for cyrus-imapd RHSA-2011:0859-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Internet System Consortium releases BIND patches

The Internet System Consortium has released updates for BIND to address a vulnerability in BIND versions 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, and 9.8.0 and later. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition...

[Bkis] sNews 1.7.1 XSS vulnerability

General Information sNews is a free content management system CMS written in PHP and MySQL. It is available at http://snewscms.com/. In April 2011, Bkis Security discovered an XSS Cross-site Scripting vulnerability in sNews CMS version 1.7.1 Taking advantage of this vulnerability, hacker might...

ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability

ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-151 April 29, 2011 -- CVE ID: CVE-2011-1735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected...

Mandriva Linux Security Advisory : wireshark (MDVSA-2011:044)

This advisory updates wireshark to the latest version 1.2.15, fixing several security issues : Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service memory corruption o...

Trojan Exploiting Adobe Flash Bug Has Some Odd Traits

The piece of malware that’s being used to exploit the unpatched Adobe Flash bug that was disclosed Thursday looks like sort of a run-of-the-mill Trojan, but an analysis shows that it does have some unique features. The Trojan is known by a couple of names, including Sykipot, and its infection...

RedHat Update for kdegraphics RHSA-2010:0753-01

Check for the Version of kdegraphics OpenVAS Vulnerability Test RedHat Update for kdegraphics RHSA-2010:0753-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...