Exploit the possiblities
Showing 1 - 25 of 278 RSS Feed

Files

IBM Lotus Notes 8.5.3 Code Execution
Posted Apr 30, 2013
Authored by Alexander Klink | Site nruns.com

The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.

tags | advisory, java, remote, vulnerability
advisories | CVE-2013-0127
MD5 | 95cf0bdf3e81e3e7e835b24e233812fa
HP Security Bulletin HPSBMU02872 SSRT101185
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02872 SSRT101185 - Potential security vulnerabilities have been identified with HP Service Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable to remote disclosure of information and cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, remote, web, vulnerability, xss
systems | windows
advisories | CVE-2012-5222, CVE-2013-2321
MD5 | 2ae19913767ed1c1a9706352d49d1847
WowzaMediaServer Properties Information Disclosure
Posted Apr 30, 2013
Authored by Michal J.

WowzaMediaServer allows for direct getting and setting of properties which in turn can enable an attacker the ability to mount further attacks.

tags | advisory, bypass
MD5 | 877152591ccfb69fd635e06f8c5add2c
Security Notice For CA ControlMinder - Update
Posted Apr 30, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a potential risk with CA ControlMinder. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued remediation to address the vulnerability. The vulnerability occurs due to the default JBoss Application Server configuration not correctly enforcing authentication. A remote attacker can bypass authentication, which may result in arbitrary code execution and server compromise. This vulnerability only affects the server components.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2010-0738
MD5 | ccdd7b27926890f3014dc5a7a13caab2
HP Security Bulletin HPSBMU02874 SSRT101184
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02874 SSRT101184 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 1 of this advisory.

tags | advisory, java, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-3342, CVE-2012-4301, CVE-2012-4305, CVE-2013-0169, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0436, CVE-2013-0437, CVE-2013-0438, CVE-2013-0439, CVE-2013-0440
MD5 | 79c70c37adbfafb90017b4fa51428c59
HP Security Bulletin HPSBMU02873 SSRT101182
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
MD5 | 134f8575c9609064436934f44a5277bd
FreeBSD Security Advisory - NFS Server Input Validation
Posted Apr 30, 2013
Site security.freebsd.org

FreeBSD Security Advisory - When processing READDIR requests, the NFS server does not check that it is in fact operating on a directory node. An attacker can use a specially modified NFS client to submit a READDIR request on a file, causing the underlying filesystem to interpret that file as a directory.

tags | advisory
systems | freebsd
advisories | CVE-2013-3266
MD5 | d5b275c0b0d0f8421881f2955da1da5d
Mandriva Linux Security Advisory 2013-159
Posted Apr 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-159 - ClamAV 0.97.8 addresses several reported potential security bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2020, CVE-2013-2021
MD5 | e7305358b3dc61842a9f6010a0b2e9fb
Debian Security Advisory 2665-1
Posted Apr 30, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2665-1 - Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2944
MD5 | 19ebdad978bc65eebdd05b02b74ea4d0
Mandriva Linux Security Advisory 2013-158
Posted Apr 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-158 - The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-1416
MD5 | ca60d6fbc13226ad0707b77ab02e4037
Mandriva Linux Security Advisory 2013-157
Posted Apr 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-157 - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center in MIT Kerberos 5 before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request. The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-1415, CVE-2013-1416
MD5 | fc8acde75392e9321dc50b088b187a89
HP Security Bulletin HPSBPI02869 SSRT100936
Posted Apr 29, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02869 SSRT100936 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-5221
MD5 | b201067c605941cade500769e7768eae
HP Security Bulletin HPSBPI02868 SSRT101017
Posted Apr 29, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02868 SSRT101017 - A potential security vulnerability has been identified with HP Managed Printing Administration (MPA). The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
advisories | CVE-2012-5219
MD5 | 20db771c6d1359fea811b9a8da816ad5
Mandriva Linux Security Advisory 2013-154
Posted Apr 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-154 - An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. Additionally for Mandriva Enterprise Server 5 a patch was added to support a new --no-canonicalize switch for mount to support the fix for in fuse. The updated packages have been patched to correct these issues.

tags | advisory, local, info disclosure
systems | linux, mandriva
advisories | CVE-2013-0157
MD5 | bed5e8519f2b1347bc63b28770e00b20
Mandriva Linux Security Advisory 2013-156
Posted Apr 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-156 - ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity vulnerability. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1915
MD5 | 502ae6f452a8a57dce4b933af50d7fe7
Mandriva Linux Security Advisory 2013-155
Posted Apr 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-155 - FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2010-3879
MD5 | a239ab511379018f676ab86a4be349b5
Mandriva Linux Security Advisory 2013-153
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-153 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. Subversion's mod_dav_svn Apache HTTPD server module will crash when a log REPORT request receives a limit that is out of the allowed range. This can lead to a DoS. There are no known instances of this problem being used as a DoS in the wild. The updated packages have been upgraded to the 1.7.9 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884
MD5 | 1b76fc8f8318d05662cbd8772ebffd21
Mandriva Linux Security Advisory 2013-152
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-152 - Subversion's mod_dav_svn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a LOCK request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash in some circumstances when a LOCK request is made against a non-existent URL. This can lead to a DoS. There are no known instances of this problem being observed in the wild. Subversion's mod_dav_svn Apache HTTPD server module will crash when a PROPFIND request is made against activity URLs. This can lead to a DoS. There are no known instances of this problem being observed in the wild, but the details of how to exploit it have been disclosed on the full disclosure mailing list. The updated packages have been upgraded to the 1.6.21 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849
MD5 | c3b21ed8e4e56f1c3eadff4fafb24404
Mandriva Linux Security Advisory 2013-151
Posted Apr 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-151 - libcurl is vulnerable to a cookie leak vulnerability when doing requests across domains with matching tails. This vulnerability can be used to hijack sessions in targetted attacks since registering domains using a known domain's name as an ending is trivial.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1944
MD5 | 4d4a3d293c2bcde61e955cf16eed1506
HP Security Bulletin HPSBMU02830 SSRT100889 2
Posted Apr 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02830 SSRT100889 2 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be locally exploited to allow an increase of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5220
MD5 | 8d8fafbe347e514bac90d09aecf19290
Borland Silk Central 12.1 TeeChart Pro Code Execution
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Silk Central version 12.1 TeeChart Pro active-x control suffers from an AddSeries remote code execution vulnerability.

tags | advisory, remote, code execution, activex
MD5 | 45837754a8588c6683cf86b29fc35b22
Borland Caliber 11.0 Quiksoft EasyMail Buffer Overflow
Posted Apr 26, 2013
Authored by rgod | Site retrogod.altervista.org

Borland Caliber version 11.0 Quiksoft EasyMail SMTP object suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-4607, CVE-2009-4663
MD5 | 015e4efd83f5a8cb7dfacb483b67e996
Red Hat Security Advisory 2013-0772-01
Posted Apr 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0772-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.1.69.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
MD5 | 430a7a49346740fee9d6ddd9b02b6bc5
Ubuntu Security Notice USN-1808-1
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1808-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.

tags | advisory, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2013-0228, CVE-2013-0349, CVE-2013-1774, CVE-2013-1796
MD5 | 68ea26cb76b7b153db4f5cee5ce01041
Ubuntu Security Notice USN-1807-2
Posted Apr 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1807-2 - USN-1807-1 fixed vulnerabilities in MySQL. This update provides MySQL 5.5.31 for Ubuntu 13.04. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.69 in Ubuntu 10.04 LTS and Ubuntu 11.10. Ubuntu 12.04 LTS and Ubuntu 12.10 have been updated to MySQL 5.5.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0553, CVE-2013-1492, CVE-2013-1502, CVE-2013-1506, CVE-2013-1511, CVE-2013-1512, CVE-2013-1521, CVE-2013-1523, CVE-2013-1526, CVE-2013-1532, CVE-2013-1544, CVE-2013-1552, CVE-2013-1555, CVE-2013-1623, CVE-2013-2375, CVE-2013-2376, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392
MD5 | cf1a434c45a099d21158906b40e0411c
Page 1 of 12
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close