The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.
Monthly Archives: November 2015
CVE-2015-7820
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
CVE-2015-8113
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492.
R-Scripts VRS 7R Cross Site Request Forgery / Cross Site Scripting
PHP Vacation Rental Script version 7R suffers from cross site request forgery and cross site scripting vulnerabilities.
FBZX 2.10 Local Buffer Overflow
FBZX versions 2.10 and below are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker could exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial of service condition.
WP Fastest Cache 0.8.4.8 Blind SQL Injection
WordPress WP Fastest Cache plugin version 0.8.4.8 suffers from a remote blind SQL injection vulnerability.
IBM Installation Manager 1.8.1 Race Condition
The install script for IBM Installation Manager version 1.8.1 suffers from a /tmp race condition.
HP Security Bulletin HPSBGN03507 2
HP Security Bulletin HPSBGN03507 2 – Potential security vulnerabilities have been identified in HP ArcSight Management Center and HP ArcSight Logger. The vulnerability could be exploited remotely resulting in remote Cross-Site Scripting (XSS). Revision 2 of this advisory.
Red Hat Security Advisory 2015-2024-01
Red Hat Security Advisory 2015-2024-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
Debian Security Advisory 3397-1
Debian Linux Security Advisory 3397-1 – Several vulnerabilities have been discovered in wpa_supplicant and hostapd.