Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
6460873f00b577cedf5575de38336ed5b35c232763e43c4f3ba5cd658bda5260Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
fec8de30d9a13e864c8782e2ff393e22e10ea0ab37d406f19da75aed82c5b643This Metasploit module exploits a buffer overflow in the unique_service_name() function of libupnp's SSDP processor. The libupnp library is used across thousands of devices and is referred to as the Intel SDK for UPnP Devices or the Portable SDK for UPnP Devices. Due to size limitations on many devices, this exploit uses a separate TCP listener to stage the real payload.
a7af761c0a55f9166f6f6555c6b5bf62d458d99f52fd09af4ef8ec52d41ace3bSecunia Security Advisory - Multiple vulnerabilities have been discovered in AdaptCMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
cfe99d89e7026e32f6242b294aac518f95da5cead98c53040f850299523e5618Secunia Security Advisory - Some vulnerabilities have been reported in Apple OS X Server, which can be exploited by malicious people to compromise a vulnerable system.
58ce80e4f872613d349d6be86f92419379ccc8ed32e2ebeaa7984abba711a85bSecunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
f803227e23aa56c4af64b57e0e01b253c15ba8f5f3b4f9168ed02d54c8effa30Secunia Security Advisory - Debian has issued an update for libupnp. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
93fb3a5e72c264605175992725cf5d58f588952ec39b466ef4ff8b7f5288bdd3Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
da0e56bf036f3b37528e2c72c2c42363cee6d13931224391c95b480bca86aaacD-Link DIR-600 and DIR-300 suffer insecure cryptographic storage, remote command execution, information disclosure, and insecure password changing vulnerabilities.
0d610f0e7ac87b76802448b2ddefebf0a4f7d53a027f9b0de1b8a4e6d745c155These are the technical details surrounding security issues reported by Security Explorations to Oracle and addressed in the Feb 2013 SE CPU update.
ccd58e7acc715c85b1b15f83532e23d25e3fd385be0fae2a1ca2e5abcde6cd00Symantec Enterprise Security Management versions 10.x and below suffer from a privilege escalation vulnerability.
c443df4d121433a3485da2ff9539b52207d42460b04ff347a8310a636a91ccbcSymantec Network Access Control versions 12.1 and below suffer from a privilege escalation vulnerability.
bc4b02b6cf1503ad7e787cb5dfa879912224f4fa3c21df82d20411b4bc1df961Red Hat Security Advisory 2013-0237-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
d4bedf2364b83851cb91c489170b04820b7fa26d21e5eccf3e3aabb339dba90cRed Hat Security Advisory 2013-0236-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
b81da7ace092ec9e47e889bb1f2ca5faa122146a5111a5bc4e2a5578d81420a7Red Hat Security Advisory 2013-0232-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7dbdd0df2b0837fcd242674ab859d51fea5c2572bd356f80af817d0420b5d9a1Red Hat Security Advisory 2013-0235-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
ca074056766087df519dd6519a7f8e413079572d4dad9c909e5cd513f43a580cRed Hat Security Advisory 2013-0234-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. When using LDAP authentication with either the "ldap" configuration entry or the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
05fbf5e9799195b832475b087a021984907d6a24f8e56a2d7fd27ee4ffc94468Red Hat Security Advisory 2013-0233-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
b7d3b8a02a1f8c6ab35c7602e38206465252b8d0ab40fb14d583816dea8566fbRed Hat Security Advisory 2013-0230-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
ff9fa7c329f6c313132637d412894d99d04fb2baac3a3ff226b3a010b5844f84Red Hat Security Advisory 2013-0231-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. When using LDAP authentication with either the "ldap" configuration entry or the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7a55e18c14409d7e71117993e7cc7187493ae79ffaf0c9fba0d158410ce27ce5Red Hat Security Advisory 2013-0211-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Red Hat Enterprise Virtualization Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface .
502fad1d23c4a89956234de05968a675c907a69685a967c00f226e4a43a88803Red Hat Security Advisory 2013-0229-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
4180426ee867b8104f2a973dd460f060bc79620a74ec1194e3d3c0e8951dda09SIP library for Metasploit is developed to help SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 5 different modules with authentication support: options tester, brute forcer, enumerator, invite tester and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.
41632950e1dfb5c8f4747d0ec339c406fcdc45963d3dde7254720e67bc738c64PayPal.com suffered from a persistent script injection vulnerability.
78b411185ab53a68bc10186aba852db431f423e2dfc3f8a1eac2830b4fc64b2cFree Monthly Websites version 2.0 suffers from administrative login bypass and remote shell upload vulnerabilities.
7dff8f85bd24d0a360959644e73a994d3f3c19b656937df8fc49f27ae18c7a7f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed