Rapid 7 Security Advisory - SSH servers and clients from several vendors contain vulnerabilities in the greeting and key-exchange-initialization phases of the SSHv2 transport layer that allow denial of service attacks and/or arbitrary code execution. OpenSSH, SecureCRT, and LSH are not affected - vulnerable versions include F-Secure 3.1.0 and below for unix and v5.2 and below for Windows, SSH 3.2.2 and below for windows and unix, putty v0.53 and below, WinSCP 2.0.0 and below, and more.
4e0095d93035f5f570e62c687c4ba8324db7f74b95ef0d6aad64c3c1651a3e9c
Rapid 7 Advisory R7-0008 - IBM Web Traffic Express Caching Proxy server is vulnerable to cross site scripting. The Caching Proxy server allows script code to be injected into pages using standard cross-site scripting techniques. A second, variant attack allows the HTTP headers to be manipulated.
2b24d3cf784653c24b81047d80228ae940e783257cf9ce49567fa86d564bdaeb
Rapid 7 Advisory R7-0007 - The Caching Proxy component of IBM's WebSphere Edge Server v2.0 is vulnerable to a denial-of-service attack against one of the default CGI programs. A malformed HTTP request for /cgi-bin/helpout.exe will cause ibmproxy.exe to crash and cease functioning.
d5444f4faa351e594a4559c2bf2fb5cf0491766c5ae89f6adfc2ce7c94802ffe
Rapid 7 Advisory R7-0006 - Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service. Oracle 8i (8.1.x), Oracle 9i Release 1 (9.0.x), and Oracle 9i Release 2 (9.2.x) can be crashed via the SERVICE_CURLOAD command. Fix available here.
c3f7eb6deb3d0642c420524eaf6a2d34915d5bfd56f39c76f63c3b9b6b262ccb
Rapid 7 Advisory R7-0005 - Granite Software ZMerge Administration Database Has Insecure Default ACLs. In the default configuration, the ZMerge administration database grants Manager access to all users (including anonymous web users). If the administrator neglects to change the database ACLs to something more appropriate, an unauthorized user could modify the data import/export scripts which might then be run by an administrator or scheduled agent.
fca3273915d5d225f6ed4dc2ee16b9d6643cd52d21160ebe5fc11fc9524bc748