Patch notifications

SysAid Helpdesk blind SQL injection

This patch notification details a high risk vulnerability in SysAid Helpdesk, discovered by Daniel Compton. Download patch notification


SysAid Helpdesk stored XSS

This patch notification details a high risk vulnerability in SysAid Helpdesk, discovered by Daniel Compton. Download patch notification


Virtual Access Monitor Multiple SQL Injection Vulnerabilities

This patch notification details a number of high risk vulnerabilities in Virtual Access Monitor that have been discovered by Ken Wolstencroft Download Patch Notification


Whatsupgold Premium Directory traversal

This patch notification details a high risk vulnerability in Whatsupgold Premium, that has been discovered by Daniel Compton.  Download Patch Notification


Windows USB RNDIS driver kernel pool overflow

This patch notification details a high risk vulnerability discovered by Andy Davis within Microsoft Windows. Download Patch Notification


Image IO Memory Corruption

This patch notification details a high risk vulnerability in Mac OS X Image Raw, this vulnerability was discovered by Paul Harrington.  Download patch notification


Impress Pages CMS Remote Code Execution

This patch notification details a high risk vulnerability, discovered by David Middlehurst, in ImpressPages CMS v1.0.12.  Download patch notification


Lumension Device Control Remote Memory Corruption

This patch notification details a high risk vulnerability, discovered by Andy Davis, in in Lumension Device Control. Download patch notification


McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI

This patch notification details a medium risk vulnerability that has been discovered by Ben Williams in the McAfee Email and Web Security Appliance.  Download patch notification


McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators

This patch notification details a high risk vulnerability discovered by Ben Williams in the McAfee Email and Web Security Appliance.  Download patch notification


McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user

This patch notification details a medium risk vulnerability discovered by Ben Williams in the McAfee Email and Web Security Appliance.  Download patch notification


McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked

This patch notification details a medium risk vulnerability that has been discovered by Ben Williams in the McAfee Email and Web Security Appliance.  Download patch notification


McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens

This patch notification details a high risk vulnerability in the McAfee Email and Web Security Appliance, discovered by Ben Williams.  Download patch notification


McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts

This patch notification details a medium risk vulnerability in the McAfee Email and Web Security Appliance, discovered by Ben Williams.  Download patch notification


Medium Risk Vulnerability in Symantec Enterprise Security Management

This patch notification details a medium risk vulnerability discovered by Gavin Jones in Symantec Enterprise Security Management 9.0.1 Agent (version 9.0.1153.20001) Download patch notification


Medium Risk Vulnerability in Symantec Network Access Control

This patch notification details a medium risk vulnerability discovered by Gavin Jones in Symantec Endpoint Protection Version 12.1.1000.157.105.  Download patch notification


Nagios XI Network Monitor Stored and Reflected XSS

This patch notification details a high risk vulnerability discovered by Daniel Compton in Nagios XI Network Monitor.  Download patch notification


NX Server for Linux Arbitrary Files can be read with root privileges

This patch notification details a high risk vulnerability, discovered by NGS Secure, in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts). Download patch notification


Oracle 11g TNS listener remote Invalid Pointer Read

This patch notification details a high risk vulnerability discovered by Andy Davis in Oracle database 11g. Download patch notification


Oracle 11g TNS listener remote Null Pointer Dereference

This patch notification details a high risk vulnerability discovered by Andy Davis in Oracle database 11g. Download patch notification


Oracle Retail Integration Bus Manager Directory Traversal

This patch notification details a high risk vulnerability in Oracle Retail Integration Bus Manager, discovered by Andy Davis. Download patch notification


Oracle Retail Invoice Manager SQL Injection

This patch notification covers a high risk vulnerability discovered by Andy Davis within Oracle Retail Central Office. Download patch notification


OS X Lion USB Hub Class Descriptor Arbitrary Code Execution

This patch notification details a high risk vulnerability discovered by Andy Davis in Apple OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4. Download patch notification


PRTG Network Monitor Command injection

This patch notification details a high risk vulnerability, discovered by Daniel Compton, in PRTG Network Monitor.  Download patch notification


Samba Andx Request Remote Code Execution

This patch notification details a high risk vulnerability in the Samba service, discovered by Andy Davis.  Download patch notification


Samba on the BlackBerry PlayBook

This patch notification details a high risk vulnerability that has been discovered by Andy Davis in the Samba service running on the Blackberry Playbook.  Download patch notification


Solaris 11 USB hubclass

This patch notification details a high risk vulnerability discovered by Andy Davis in Oracle Solaris. Download patch notification


Symantec Message Filter Session Hijacking via session

This patch notification details a high risk vulnerability in Symantec Message Filter, discovered by Ben Williams. Download patch notification


Symantec Message Filter Unauthenticated verbose software version information disclosure

This patch notification details a low risk vulnerability in Symantec Message Filter, discovered by Ben Williams. Download patch notification


Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF

This patch notification details a high risk vulnerability discovered by Ben Williams in Symantec Messaging Gateway. Download patch notification


Symantec Messaging Gateway – Authenticated arbritary file download

This patch notification details a medium risk vulnerability discovered by Ben Williams in Symantec Messaging Gateway. Download patch notification


Symantec Messaging Gateway – Out of band stored XSS via email

This patch notification details a critical vulnerability discovered by Ben Williams in Symantec Messaging Gateway. Download patch notification


Symantec Messaging Gateway – Unauthenticated detailed version disclosure

This patch notification details a critical vulnerability discovered by Ben Williams in Symantec Messaging Gateway. Download patch notification


Symantec Messaging Gateway – Unauthorised SSH access

This patch notification details a high risk vulnerability in Symantec Messaging Gateway, discovered by Ben Williams. Download patch notification


Symantec PC Anywhere Remote Code Extecution

This patch notification details a critical vulnerability, discovered by Edward Torkington, in Symantec PCAnywhere.  Download patch notification