Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
6460873f00b577cedf5575de38336ed5b35c232763e43c4f3ba5cd658bda5260
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
fec8de30d9a13e864c8782e2ff393e22e10ea0ab37d406f19da75aed82c5b643
This Metasploit module exploits a buffer overflow in the unique_service_name() function of libupnp's SSDP processor. The libupnp library is used across thousands of devices and is referred to as the Intel SDK for UPnP Devices or the Portable SDK for UPnP Devices. Due to size limitations on many devices, this exploit uses a separate TCP listener to stage the real payload.
a7af761c0a55f9166f6f6555c6b5bf62d458d99f52fd09af4ef8ec52d41ace3b
Secunia Security Advisory - Multiple vulnerabilities have been discovered in AdaptCMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
cfe99d89e7026e32f6242b294aac518f95da5cead98c53040f850299523e5618
Secunia Security Advisory - Some vulnerabilities have been reported in Apple OS X Server, which can be exploited by malicious people to compromise a vulnerable system.
58ce80e4f872613d349d6be86f92419379ccc8ed32e2ebeaa7984abba711a85b
Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
f803227e23aa56c4af64b57e0e01b253c15ba8f5f3b4f9168ed02d54c8effa30
Secunia Security Advisory - Debian has issued an update for libupnp. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
93fb3a5e72c264605175992725cf5d58f588952ec39b466ef4ff8b7f5288bdd3
Secunia Security Advisory - A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
da0e56bf036f3b37528e2c72c2c42363cee6d13931224391c95b480bca86aaac
D-Link DIR-600 and DIR-300 suffer insecure cryptographic storage, remote command execution, information disclosure, and insecure password changing vulnerabilities.
0d610f0e7ac87b76802448b2ddefebf0a4f7d53a027f9b0de1b8a4e6d745c155
These are the technical details surrounding security issues reported by Security Explorations to Oracle and addressed in the Feb 2013 SE CPU update.
ccd58e7acc715c85b1b15f83532e23d25e3fd385be0fae2a1ca2e5abcde6cd00
Symantec Enterprise Security Management versions 10.x and below suffer from a privilege escalation vulnerability.
c443df4d121433a3485da2ff9539b52207d42460b04ff347a8310a636a91ccbc
Symantec Network Access Control versions 12.1 and below suffer from a privilege escalation vulnerability.
bc4b02b6cf1503ad7e787cb5dfa879912224f4fa3c21df82d20411b4bc1df961
Red Hat Security Advisory 2013-0237-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
d4bedf2364b83851cb91c489170b04820b7fa26d21e5eccf3e3aabb339dba90c
Red Hat Security Advisory 2013-0236-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
b81da7ace092ec9e47e889bb1f2ca5faa122146a5111a5bc4e2a5578d81420a7
Red Hat Security Advisory 2013-0232-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7dbdd0df2b0837fcd242674ab859d51fea5c2572bd356f80af817d0420b5d9a1
Red Hat Security Advisory 2013-0235-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
ca074056766087df519dd6519a7f8e413079572d4dad9c909e5cd513f43a580c
Red Hat Security Advisory 2013-0234-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. When using LDAP authentication with either the "ldap" configuration entry or the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
05fbf5e9799195b832475b087a021984907d6a24f8e56a2d7fd27ee4ffc94468
Red Hat Security Advisory 2013-0233-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
b7d3b8a02a1f8c6ab35c7602e38206465252b8d0ab40fb14d583816dea8566fb
Red Hat Security Advisory 2013-0230-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
ff9fa7c329f6c313132637d412894d99d04fb2baac3a3ff226b3a010b5844f84
Red Hat Security Advisory 2013-0231-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. When using LDAP authentication with either the "ldap" configuration entry or the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7a55e18c14409d7e71117993e7cc7187493ae79ffaf0c9fba0d158410ce27ce5
Red Hat Security Advisory 2013-0211-01 - The Red Hat Enterprise Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Red Hat Enterprise Virtualization Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface .
502fad1d23c4a89956234de05968a675c907a69685a967c00f226e4a43a88803
Red Hat Security Advisory 2013-0229-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
4180426ee867b8104f2a973dd460f060bc79620a74ec1194e3d3c0e8951dda09
SIP library for Metasploit is developed to help SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 5 different modules with authentication support: options tester, brute forcer, enumerator, invite tester and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.
41632950e1dfb5c8f4747d0ec339c406fcdc45963d3dde7254720e67bc738c64
PayPal.com suffered from a persistent script injection vulnerability.
78b411185ab53a68bc10186aba852db431f423e2dfc3f8a1eac2830b4fc64b2c
Free Monthly Websites version 2.0 suffers from administrative login bypass and remote shell upload vulnerabilities.
7dff8f85bd24d0a360959644e73a994d3f3c19b656937df8fc49f27ae18c7a7f