Search

. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used.3. Multiple vulnerabilities in Apache can be exploited by malicious people

. An error exists in the path validation for shares in AFP Server and can be exploited via directory traversal attacks to read or write files accessible by the "nobody" user.5. An error in Apache can

protection in Windows Microsoft Defender Application Guard Microsoft SecCon Framework Modsecurity Module Security for Apache Webknight Application Firewall Suspicious Email Detection System ([email protected]

The vulnerabilities are identified in IBM HTTP Server versions 8.0.0.0 through 8.0.0.6, which can be exploited by malicious people to disclose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information:IBM Global Security ToolKit SSL Information Disclosure WeaknessApache HTTP Server mod_rewrite and mod_dav Vulnerabilities Denial_of_Service Remote_Code_Execution Sensitive_Information_Disclosure IBM HTTP Server 8.0.x Before installation of the software, please visit the software manufacturer web-site for more details.Apply APARs or apply Fix Pack 7. CVE-2013-0169 CVE-2013-1862 CVE-2013-1896 Secunia IBM http://www.ibm.com/support/docview.wss?uid=swg27021867http://secunia.com/advisories/54560/

Multiple vulnerabilities have been identified in Apple OS X. Which can be exploited by attacker to denial of service conditions, spoof IPSec servers, bypass access controls and compromise the target user's system.Some errors exist due to a bundled vulnerable version of Apache.Some errors exist due to a bundled vulnerable version of Bind.Some errors exist due to a bundled vulnerable version of ClamAV.A boundary error in the CoreGraphics component when handling JBIG2 encoded data within PDF files can be exploited to cause a buffer overflow.A boundary error in the ImageIO component when handling JBIG2 encoded data within PDF files can be exploited to cause a buffer overflow.An error in the IPSec component does not verify the DNS name of an IPSec Hybrid Auth server against the certificate and can be exploited to spoof the server.An error in the Kernel component when parsing IGMP packets can be exploited to cause a kernel panic.An error in the Mobile Device Management component when handling a password passed via command-line to mdmclient can be exploited to disclose the password of other users.Some errors exist due to a bundled vulnerable version of OpenSSL.Some errors exist due to a bundled vulnerable version of PHP.Some errors exist due to a bundled vulnerable version of PostgreSQL.A boundary error in the QuickTime component when handling 'idsc' atoms in QuickTime movie files can be exploited to cause a memory corruption.An error in the Screen Lock component can be exploited to bypass the screen lock when another user is logged in. Cross-Site_Scripting Denial_of_Service Remote_Code_Execution Security_Restriction_Bypass Sensitive_Information_Disclosure Spoofing Apple OS X 10.6.x Apple OS X 10.7.x Apple OS X 10.8.x Before installation of the software, please visit the software manufacturer web-site for more details.Apply the vendor patch available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at: http://www.apple.com/support/downloads/ CVE-2012-0883 CVE-2012-2686 CVE-2012-2687 CVE-2012-3499 CVE-2012-3817 CVE-2012-4244 CVE-2012-4558 CVE-2012-5166 CVE-2012-5688 CVE-2013-0166 CVE-2013-0169 CVE-2013-1025 CVE-2013-1026 CVE-2013-1027 CVE-2013-1028 CVE-2013-1029 CVE-2013-1030 CVE-2013-1031 CVE-2013-1032 CVE-2013-1033 CVE-2013-1635 CVE-2013-1643 CVE-2013-1775 CVE-2013-1824 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-2020 CVE-2013-2021 CVE-2013-2110 CVE-2013-2266 AppleSecuniaSecurityTracker http://support.apple.com/kb/HT5880http://secunia.com/advisories/54829/http://securitytracker.com/id/1029028

Multiple vulnerabilities have been identified in IBM WebSphere Application Server Web Services Feature Pack, which can be exploited by malicious people to cause a Denial of Service (DoS).WSRMModule holds on to AxisService references and eventually causes OutOfMemory error.org.apache.commons.logging.LogFactory retaining a reference to an SCAClassLoader cause OutOfMemory error.JAX-WS MTOM requests fail when trace is enabled.JAX-WS applications on Feature Pack for Web Services 6.1.0.37 might malfunction when webservices trace is enabled.Possible security vulnerability in WS-Security enabled JAX-WS applications. Denial_of_Service IBM WebSphere Application Server Web Services Feature Pack 6.1.x Before installation of the software, please visit the software manufacturer web-site for more details. Download Fix Pack 41 http://www.ibm.com/support/docview.wss?rs=180&uid=swg24031034 IBM http://www.ibm.com/support/docview.wss?rs=180&uid=swg24031034

Multiple vulnerabilities have been identified in Apple Mac OS X, which can be exploited to cause elevation of privilege, sensitive information disclosure, security bypass, data manipulation, cross site scripting and remote code excution. These issues are caused by the errors in the following components/functions: ApacheApplication FirewallATSBINDDigital certificatesCFNetworkCoreFoundationCoreMediaCoreProcessesCoreStorageFile SystemsIOGraphicsiChat ServerKernellibsecurityMailmanMediaKitOpen DirectoryPHPpostfixpythonQuickTimeSMB File ServerTomcatUser DocumentationWeb Serverlibpng Cross-Site_Scripting Elevation_of_Privilege Remote_Code_Execution Security_Restriction_Bypass Sensitive_Information_Disclosure Tampering Mac OS X v10.6.8 Mac OS X Server v10.6.8 OS X Lion v10.7 and v10.7.1 OS X Lion Server v10.7 and v10.7.1 Before installation of the software, please visit the software manufacturer web-site for more details. Update through "Software Update". CVE-2011-0419 CVE-2011-3192 CVE-2011-0185 CVE-2011-3437 CVE-2011-0229 CVE-2011-0230 CVE-2011-1910 CVE-2011-2464 CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464 CVE-2011-0231 CVE-2011-3246 CVE-2011-0259 CVE-2011-0187 CVE-2011-0224 CVE-2011-0260 CVE-2011-3212 CVE-2011-3213 CVE-2011-3214 CVE-2011-1755 CVE-2011-3215 CVE-2011-3216 CVE-2011-3227 CVE-2011-0707 CVE-2011-3217 CVE-2011-3435 CVE-2011-3436 CVE-2011-3226 CVE-2011-0226 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471 CVE-2011-0411 CVE-2010-1634 CVE-2010-2089 CVE-2011-1521 CVE-2011-3228 CVE-2011-0249 CVE-2011-0250 CVE-2011-0251 CVE-2011-0252 CVE-2011-3218 CVE-2011-3219 CVE-2011-3220 CVE-2011-3221 CVE-2011-3222 CVE-2011-3223 CVE-2011-3225 CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534 CVE-2011-3224 CVE-2011-2690 CVE-2011-2691 CVE-2011-2692 Apple http://support.apple.com/kb/HT5002

Multiple vulnerabilities have been identified in osCommerce application, which can be exploited by hackers to inject malicious content in vulnerable osCommerce websites. A large scale injection attack targeting osCommerce websites is reported. Injected "<iframe>" and "<script>" pointing to malicious links will infect computers via various exploits. This attack leverages several osCommerce vulnerabilities including osCommerce Remote Edit Site Info Vulnerability [disclosed 10 July 2011] osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability [disclosed 14 May 2011] osCommerce Online Merchant v2.2 File Disclosure And Admin ByPass Vulnerability [disclosed 30 May 2010] Remote_Code_Execution osCommerce Online Merchant v2.xosCommerce Online Merchant v3.x For web administrators, Detection Under the following circumstances, your servers may have been injected / infected Search server logs for access from IPs: 178.217.163.33 , 178.217.165.111 , 178.217.165.71 ,178.217.163.214 and access with agent string: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0) Search your site for the existence of <iframe> or <script> tags with links pointing to hxxp :// willysy . com / images / banners / hxxp :// exero . eu / catalog / jquery . js hxxp :// tiasissi . com . br / revendedores / jquery / hxxp :// adorabletots . co . uk / tmp / js . php This list may change as attacks alter their malware hosting. Please inform us if you find other suspicious scripts. Recovery Find and remove the infected backdoors Find and remove the injected iframes / scripts Prevention Secure you osCommerce installation. http://forums.oscommerce.com/topic/313323-how-to-secure-your-oscommerce-22-site/ Upgrade to the latest version http://www.oscommerce.com/solutions/downloads Use .htaccess and passwords for authentication to protect admin directories (/admin/) http://httpd.apache.org/docs/current/howto/htaccess.html#auth Change your website hosting account and osCommerce admin passwords For end-users, Maintain security patch and security software updated, turning on personal firewall, and staying cautious. Beware of security warnings from browsers or security software. Do not visit any unsolicited websites or disable Javascript in browsers. osCommerce Armorize http://blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.htmlhttp://blog.armorize.com/2011/07/willysycom-mass-injection-has-hit-more.htmlhttp://blog.trendmicro.com/oscommerce-mass-compromise-leads-to-information-theft

A vulnerability has been identified in HP OpenView Operations, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to a hidden account being present within the Tomcat users XML file, which could allow remote attackers to gain unauthorized access to the "org.apache.catalina.manager.HTMLManagerServlet" class and upload a malicious file via a POST request to "/manager/html/upload", leading to code execution with SYSTEM privileges. Remote_Code_Execution HP Operations Manager for Windows version 8.10 Before installation of the software, please visit the software manufacturer web-site for more details.Apply patch OMW_00032 or subsequent : http://support.openview.hp.com/selfsolve/patches CVE-2009-3843 VUPENHPZero Day Initiative http://www.vupen.com/english/advisories/2009/3307 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01931960http://www.zerodayinitiative.com/advisories/ZDI-09-085/

" malicious email attachments, malicious webpage advertisements, legitimate programs containing malware, exploited vulnerabilities of Apache Struts2, exploited vulnerabilities of Magnitude