exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-04-16

HP Security Bulletin HPSBUX02866 SSRT101139
Posted Apr 16, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-6750, CVE-2012-2687, CVE-2012-2733, CVE-2012-3499, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-4557, CVE-2012-4558, CVE-2012-4929, CVE-2012-5885
MD5 | 68b2f8bb3e9e36c2788256913e850100
SAP BASIS Communication Services Command Execution
Posted Apr 16, 2013
Authored by Ertunga Arsal | Site esnc.de

SAP Basis Components versions 4.6B through 7.30 suffer from a remote command injection vulnerability.

tags | advisory, remote
advisories | CVE-2013-3063
MD5 | b713a4cd83003a7551248ee42324d01c
SAP Production Planning / Control Privilege Escalation
Posted Apr 16, 2013
Authored by Ertunga Arsal, Mert Suoglu | Site esnc.de

SAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.

tags | advisory
advisories | CVE-2013-3062
MD5 | b9116841eb1d8f0d74af8814cc8437bc
Oracle Java SE 7 Update 21 Information
Posted Apr 16, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Oracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).

tags | advisory, java, vulnerability
MD5 | e0160be8fcb86576d553129b539d8ffc
SAP Healthcare Industry Solution Privilege Escalation
Posted Apr 16, 2013
Authored by Ertunga Arsal | Site esnc.de

This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions. Although this vulnerability is found in the SAP industry solution for healthcare, the functionality is also present in the SAP ERP central component (ECC 6). Thus, customers in other industries are also affected.

tags | advisory
advisories | CVE-2013-3061
MD5 | 1466f3669d8342e62bc330912fa8b877
Red Hat Security Advisory 2013-0747-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0747-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2012-6537, CVE-2012-6542, CVE-2012-6546, CVE-2012-6547, CVE-2013-0216, CVE-2013-0231, CVE-2013-1826
MD5 | 334add4616b04f64adc7092d668ab47b
Red Hat Security Advisory 2013-0749-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0749-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-5633, CVE-2013-0239
MD5 | ae69c3cc447170f99e037c27f31cd40a
Red Hat Security Advisory 2013-0748-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0748-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1416
MD5 | e4bb286fed7d2597420adc6cf9613d87
Red Hat Security Advisory 2013-0741-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-2133, CVE-2013-0871
MD5 | 8218e741c03aab3ebe1339676e240369
Ubuntu Security Notice USN-1802-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1802-1 - It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0454
MD5 | 9cf2ae6bd397e7516289cbb3daa7381a
Mandriva Linux Security Advisory 2013-144
Posted Apr 16, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-144 - Multiple cross-site scripting vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the visualizationSettings[width] or visualizationSettings[height] parameter. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2013-1937
MD5 | df0ee99f7bd6a76c4f818459578a8d28
Mandriva Linux Security Advisory 2013-143
Posted Apr 16, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-143 - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via vectors that trigger an invalid memory access in splash/Splash.cc, poppler/Stream.cc. poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1788, CVE-2013-1790
MD5 | 4e8b595f07f5c75b1033a0e6cf3ef99e
Ubuntu Security Notice USN-1801-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1801-1 - YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1944
MD5 | c4d4d8f9452c1513702c9add4065e74c
Red Hat Security Advisory 2013-0742-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0742-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. This issue was discovered by Martin Kosek of Red Hat.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-1897
MD5 | d91675a3765e10d2981e7d195f720b88
Red Hat Security Advisory 2013-0743-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0743-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | ec0eb67fa9d8573c12301acae3dfd666
Ubuntu Security Notice USN-1800-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1800-1 - It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Yves Lafon discovered that HAProxy incorrectly handled HTTP keywords in TCP inspection rules when HTTP keep-alive is enabled. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, tcp
systems | linux, ubuntu
advisories | CVE-2012-2942, CVE-2013-1912, CVE-2012-2942, CVE-2013-1912
MD5 | bf561122bfce44c1e4f76500b5b66a4d
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close