ATENTION‼ New - CVE-2012-2714
📖 Read
via "National Vulnerability Database".
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-1261
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-1260
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-1259
📖 Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-1258
📖 Read
via "National Vulnerability Database".
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.📖 Read
via "National Vulnerability Database".
🔐 Patscan platform detects hidden weapons, chemicals and bombs 🔐
📖 Read
via "Security on TechRepublic".
At CES 2020, Patriot One Technologies explained its Patscan platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.📖 Read
via "Security on TechRepublic".
TechRepublic
Patscan platform detects hidden weapons, chemicals and bombs
At CES 2020, Patriot One Technologies explained its Patscan platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.
🕴 Chinese Malware Found Preinstalled on US Government-Funded Phones 🕴
📖 Read
via "Dark Reading: ".
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.📖 Read
via "Dark Reading: ".
Darkreading
Chinese Malware Found Preinstalled on US Government-Funded Phones
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
ATENTION‼ New - CVE-2012-5558
📖 Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML via a smiley acronym.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-4434
📖 Read
via "National Vulnerability Database".
fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3810
📖 Read
via "National Vulnerability Database".
Samsung Kies before 2.5.0.12094_27_11 has registry modification.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3809
📖 Read
via "National Vulnerability Database".
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3808
📖 Read
via "National Vulnerability Database".
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3807
📖 Read
via "National Vulnerability Database".
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3806
📖 Read
via "National Vulnerability Database".
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3490
📖 Read
via "National Vulnerability Database".
The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-2950
📖 Read
via "National Vulnerability Database".
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-2931
📖 Read
via "National Vulnerability Database".
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-2226
📖 Read
via "National Vulnerability Database".
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-2142
📖 Read
via "National Vulnerability Database".
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-1915
📖 Read
via "National Vulnerability Database".
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2010-3282
📖 Read
via "National Vulnerability Database".
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.📖 Read
via "National Vulnerability Database".