#sql

The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916.

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

Today, as part of Update Tuesday, we released nine securityupdates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on the Critical updates first.

Today we released nine security bulletins addressing 37 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other seven have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS14-051(Internet Explorer) Victim browses to a malicious webpage.

Today, we provide advance notification for the release of nine Security Bulletins. Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer. As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, August 12, 2014, at approximately 10 a.

Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.