Monthly Archive: April 2012

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related...

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain...

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for...

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,...

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via...

Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. Date published : 2012-04-04...

SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. Date published : 2012-04-04 http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html http://seclists.org/fulldisclosure/2012/Mar/324

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers...

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers...

Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers...

Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-04-04 http://www.securityfocus.com/bid/52447 http://jvn.jp/en/jp/JVN93406632/index.html

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2012-04-04 http://www.securityfocus.com/bid/52880 http://www.securityfocus.com/archive/1/522204

HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. Date published : 2012-04-04 http://www.securityfocus.com/bid/52862 http://www.securityfocus.com/archive/1/522176

HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. Date published : 2012-04-04 http://www.securityfocus.com/bid/52862 http://www.securityfocus.com/archive/1/522176