CVE-2010-2911

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

Merdeka special - FREE network assessment!

Tweets

nginx redirect www to non-www http://goo.gl/GZOj — 8 hours 18 min ago
10.8HGz CPU http://goo.gl/buvf — 8 hours 19 min ago
10.8GHz CPU http://goo.gl/JTL5 — 8 hours 45 min ago
nginx + Drupal + Boost == almost 6k requests / seconds http://adamantsys.com/content/working-config-nginx-drupal-boost — 6 weeks 2 days ago
Merdeka special - FREE network assessment - http://eepurl.com/KYhP — 6 weeks 3 days ago

Security alerts

CVE-2010-3264

The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.

CVE-2010-3198

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.

CVE-2010-3005

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors.

CVE-2010-3004

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.

CVE-2010-2960

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function.

CVE-2010-2911

Newsletter

Tweets

Security alerts