SAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.
eff7e22f57554cfb6fb76dc4a0134bc770589d4294f8621e081e553afee5d7daOracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).
db5a5e389d8d3c4c134815cc14599a283f8f6970e50643600808191ba1a9acdfThis vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions. Although this vulnerability is found in the SAP industry solution for healthcare, the functionality is also present in the SAP ERP central component (ECC 6). Thus, customers in other industries are also affected.
04068b72f2c992a2fd3f3c6c9328f3a8d53414cded64945a2d57f759d3167747Red Hat Security Advisory 2013-0747-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system.
9e0aa536e0da762edf8c498c10bb83405607592006ca6d9a7c71cb4b1a98321eRed Hat Security Advisory 2013-0749-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.
ca53255a02a059d91e5a702c6b1219475f8516e8f0f03108ebb607ced43031f8Red Hat Security Advisory 2013-0748-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.
7418bbcc8fbfad8c0d43913ef16a0db8c57fcdeedd65917176af08ab2350df19Red Hat Security Advisory 2013-0741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.
be58c9881dae761f77362629f07bbadce7bacffad49b827014d6616ac8b9ef4fUbuntu Security Notice 1802-1 - It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions.
ddaed35aa51889db85e8e8ee45090e553664fe39dec721fa2b619084f5911060Mandriva Linux Security Advisory 2013-144 - Multiple cross-site scripting vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the visualizationSettings[width] or visualizationSettings[height] parameter. This upgrade provides the latest phpmyadmin version to address this vulnerability.
4b402b15c02d1cce2783b63a6160f83535655f892d79b84d2f266df0895b94e7Mandriva Linux Security Advisory 2013-143 - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via vectors that trigger an invalid memory access in splash/Splash.cc, poppler/Stream.cc. poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. The updated packages have been patched to correct these issues.
b5ae675f08df14c8bc676bdb7b202ab56eacf4377100b3196ff1bd32e3ea2027Ubuntu Security Notice 1801-1 - YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.
ea0c4e42890a1098fca522fa72544604763aef3b197e27a9829c9659c96f3579Red Hat Security Advisory 2013-0742-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. This issue was discovered by Martin Kosek of Red Hat.
d1c8bae030a7c5a20dd7dc9a69ceb44dd2d44cdda1a45f3c1fc50f1f3af0645cRed Hat Security Advisory 2013-0743-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.
447577374687140e0fda8af502e096ed8dde4add99ded2c0a3b1029f0a22ec4cUbuntu Security Notice 1800-1 - It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Yves Lafon discovered that HAProxy incorrectly handled HTTP keywords in TCP inspection rules when HTTP keep-alive is enabled. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
a60d264b8f58648cf2e1c8ac5fae817c04ec3e22d7d7a0a9a2bd2e8003c7f1ffThe Dell EqualLogic PS6110X is vulnerable to a directory traversal. A remote unauthenticated attacker can leverage this vulnerability to traverse out of the web root and retrieve arbitrary system files. Firmware versions 6.0.0 through 6.0.3 are affected.
2455d3ceee803187d508e685d6023afa0a1801f0804da78d4e891a45372511f2AI-Bolit suffers from brute force and information leakage vulnerabilities.
cd659b08454a502774ca7e794c443e308ef7ac01e2ca247b422c8b380af6fd68HP Security Bulletin HPSBUX02864 SSRT101156 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
94d7052e1808f3cc5dffc4cea67d8ea2fa749b0c45b5bee62879235f94f05154HP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.
665670bd5973873632baa834e8dbf771524847c5e81a9fb7b9cd98878e0d98cdThis bulletin summary lists two re-released Microsoft security bulletins for April, 2013.
ff3f2c0b7f350c54a3e95fb2f4d722aedb269b481fa85178d019257b8c7d8f79Mandriva Linux Security Advisory 2013-136 - A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).
c9195b3910f07ceccfadb0fdbba608fed8688c11391191f1397e836c44551d20Mandriva Linux Security Advisory 2013-134 - Updated viewvc packages fix security vulnerabilities. Several other bugs were fixed as well.
47e40b9e1d60e4166d005a6238f3f61b1293cb5260e9b55e75c718861f662289Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
97ef8bcb916420d4415444226f145e62867a5c2ca8b49fbfaeb4914d3e2495a2Mandriva Linux Security Advisory 2013-141 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.
ba105617f9b49c067580043638d41bca274e6de4874426e2495d3f721335ce2eRed Hat Security Advisory 2013-0737-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash.
bf0ca63e524790367e96c86fc60ab52802e57e9de51c4c02705bbc4e7bc38d78ftpd on Mac OS X 10.8.3 suffers from a denial of service vulnerability. This appears to be an old vulnerability that has not been properly addressed.
13b77811aa62fba78277a75249e3609cc4a3861977ccbcd966b983a25d221503
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed