Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
HP Security Bulletin – A potential vulnerability has been identified with HP Performance Insight. The vulnerability could be exploited remotely to execute arbitrary commands.
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
Zero Day Initiative Advisory 10-026 – This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the Performance Insight web server. Insufficient input validation and authentication allows for arbitrary JSP pages to be uploaded which can be leveraged to execute arbitrary OS commands. Exploitation of this vulnerability allows an attacker to gain control of the affected system under SYSTEM credentials.
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
Mandriva Linux Security Advisory 2010-058 – Multiple vulnerabilities have been found and corrected in PHP. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
Core Security Technologies Advisory – A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution.
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
Core Security Technologies Advisory – A memory corruption occurs on Microsoft Office Excel 2002 when parsing a .XLS file with a malformed DbOrParamQry record. This vulnerability could be used by a remote attacker to execute arbitrary code in the context of the currently logged on user, by enticing the user to open a specially crafted file.
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
Technical Cyber Security Alert 2010-68A – Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office.
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
Microsoft Excel Object Type Confusion Remote Code Execution Vulnerability
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 09-03-2010
Zero Day Initiative Advisory 10-025 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the decompression of XLSX files. The XLSX file is a ZIP archive of the associated content making up the new Open XML Document. Due to the lack of validation on the ZIP header when decompressing certain XML elements it is possible to execute uninitialized memory. Successful exploitation can lead to remote code execution under the credentials of the currently logged in user.
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
[security bulletin] HPSBMA02489 SSRT090065 rev.1 – HP Performance Insight , Remote Execution of Arbitrary Commands
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 09-03-2010
SQL injection vulnerability in wILD CMS
Posted by LinuxSecurity.com - Security Advisories | Posted in Advisories | Posted on 09-03-2010
LinuxSecurity.com: It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...]
Posted by LinuxSecurity.com - Security Advisories | Posted in Advisories | Posted on 09-03-2010
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in php:
* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Fixed safe_mode validation inside tempnam() when the directory
path does not end with a /). (Martin Jansen)
[More...]
Posted by Packet Storm Security Advisories | Posted in Advisories | Posted on 08-03-2010
Debian Linux Security Advisory 2008-1 – Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked.
Posted by LinuxSecurity.com - Security Advisories | Posted in Advisories | Posted on 08-03-2010
LinuxSecurity.com: Multiple vulnerabilities have been fixed in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user’s system.
Posted by LinuxSecurity.com - Security Advisories | Posted in Advisories | Posted on 08-03-2010
LinuxSecurity.com: A security issue has been fixed in sudo, which can be exploited by malicious, local users to gain escalated privileges.
Posted by SecurityFocus Vulnerabilities | Posted in Advisories | Posted on 08-03-2010
Re: phpinfo() XSS Vulnerability