Kaseya VSA version 6.5.0.0 suffers from cross site scripting and brute forcing vulnerabilities.
7fe218cd1c415fe7ecf706fc430277ad0a16b68a9d7aa68e327097eb8897004bRed Hat Security Advisory 2013-0997-01 - This is the 5-Month notification of the End Of Life plans for Red Hat Storage Software Appliance 3.2 and Red Hat Virtual Storage Software Appliance 3.2. In accordance with the Red Hat Storage Software Appliance Support Life Cycle Policy, support will end on November 30, 2013. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat Storage Server product once the life cycle for SSA and VSA is complete. If customers cannot migrate, the product will become unsupported. In addition, after November 30, 2013, technical support through Red Hat’s Global Support Services will no longer be provided. We encourage customers to plan their migration from Storage Software Appliance 3.2 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
f027ef4acb05402b88530668fa3538e2e6c30aefee4fda63be63ff6f1ef48accMandriva Linux Security Advisory 2013-032 - A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditional command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. NOTE: This advisory was previously given the MDVSA-2013:019 identifier by mistake.
be4cc49cd24a196a81801507077493f6d5b6505240cbd1cdcad5ea0b1cf45094Mandriva Linux Security Advisory 2013-032 - A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability. NOTE: This advisory was previousely given the MDVSA-2013:019 identifier by mistake.
be4cc49cd24a196a81801507077493f6d5b6505240cbd1cdcad5ea0b1cf45094Mandriva Linux Security Advisory 2013-031 - A race condition in automake could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck. The updated packages have been patched to correct this issue. NOTE: This advisory was previously given the MDVSA-2013:018 identifier by mistake.
e294d443c461ab3a4eaac2eb48442781bfd88f63dd38656ad8f01d4ca0aaa535Mandriva Linux Security Advisory 2013-030 - arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. The updated packages have been patched to correct this issue. NOTE: This advisory was previously given the MDVSA-2013:017 identifier by mistake.
0505a196f55926f15d6cb566bcc0fa6443081e9103253277a4f228afe93a8f0cMandriva Linux Security Advisory 2013-029 - A vulnerability has been discovered and corrected in ModSecurity versions equal to and less than 2.6.8 are vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0. The updated packages have been patched to correct this issue. NOTE: This advisory was previously given the MDVSA-2013:016 identifier by mistake.
3a4c8cb2ec8cbb188a3b45c1fe8be3d087b363870ba1049dddb28977edd910bcE-Mail Security Virtual Appliance (EVSA) suffers from a remote command execution vulnerability. Versions prior to 2.0.6 are affected.
6e4b74507cc0d89132a2039f65a75dcfe8903fdc24f6e4e066324b6bdfab2cacMandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.
c7875eb533c9d6beb3425c1a97fe6ed841b9a1c6086b68f13fd555c85ebb7760This Metasploit module exploits a vulnerability found in HP's StorageWorks P4000 VSA on versions prior to 9.5. By using a default account credential, it is possible to inject arbitrary commands as part of a ping request via port 13838.
1f354fd80321e3a8c75c32db994ccf7fbd51de54814d94d9641e5bfccae9d6f6HP VSA remote command execution exploit.
e2634c82bf61b7660279ef87efb9959dc4f17ce4f09dbbb9b22dc962a374b58eMandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.
5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3fMandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
6c745d9d52173219392680d02b0a80f2ccd95e95f7941c4746e37f33fda62cebMandriva Linux Security Advisory 2011-176 - A vulnerability was discovered and corrected in bind. Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. Packages provided for Mandriva Enterprise Server 5.2 and Mandriva Linux 2010.2 with the MDVSA-2011:176 and MDVSA-2011:176-1 advisory had wrong release numbers effectively preventing installation without excessive force due previous packaging mistakes. This advisory provides corrected packages to address the problem.
ccd137aa0b24aef21172472dc46e7a951f9dd172c796924eb97f853d35de3735Mandriva Linux Security Advisory 2011-176 - A vulnerability was discovered and corrected in bind. Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. The updated packages have been upgraded to bind 9.7.4-P1 and 9.8.1-P1 which is not vulnerable to this issue. Packages provided for Mandriva Enterprise Server 5.2 and Mandriva Linux 2010.2 with the MDVSA-2011:176 advisory had a faulty release number effectively preventing installation without excessive force due to a previous packaging mistake. This advisory provides corrected packages to address the problem.
197ccaed81762b5688aa08d8c25598393a3c9ed56dc71e6aabe506eccc2b58e4Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fbMandriva Linux Security Advisory 2011-166 - A vulnerability has been identified and fixed in php. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version for 2011. The updated packages have been patched to correct this issue.
c82b9c418c80f0f149ed58d135c718ec945f901a518961f084309b77bc46bd53Mandriva Linux Security Advisory 2011-131 - Multiple vulnerabilities has been discovered and corrected in libxml/libxml2. Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. The updated packages have been patched to correct this issue. Packages were missing for Mandriva Linux 2011 with the MDVSA-2011:131 advisory which are now being provided.
e6cf0847e37d39db25858e766f84194b4d7ce1cce729ac0012f875a0297b2e65Mandriva Linux Security Advisory 2011-072 - It was discovered that gwenhywfar was using an old private copy of the ca-bundle.crt file containing the root CA certs, this has now been resolved so that it uses the system wide and up to date /etc/pki/tls/certs/ca-bundle.crt file last updated with the MDVSA-2011:068 advisory.
363dac4277a07cf0f6cdeee455bb79b6761da6dfa41cfb4776e3d87b4ddaf589Mandriva Linux Security Advisory 2011-071 - kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. Additionally it was discovered that kdelibs4 for 2009.0 was using an old private copy of the ca-bundle.crt file containing the root CA certs, this has now been resolved so that it uses the system wide and up to date /etc/pki/tls/certs/ca-bundle.crt file last updated with the MDVSA-2011:068 advisory.
ca74073a54bdf3fa6ed44368aeb87bf7fa79b29e76ea5a6dff0258a6cfd9f7fdMandriva Linux Security Advisory 2011-017 - It was discovered that tetex suffered from the same vulnerability as previously addressed in Evince with MDVSA-2011:005. As a precaution tetex has been patched to address this flaw.
e9ce1cb956381283faee9dea18cfb7473ce35d4ecff0d10df3d957c01cf1366fMandriva Linux Security Advisory 2011-016 - It was discovered that t1lib suffered from the same vulnerability as previously addressed in Evince with MDVSA-2011:005.As a precaution t1lib has been patched to address this flaw.
4b2bea635449b5c844cab0983e16844ae7c387e11040b308523a9d29955b3fbaMandriva Linux Security Advisory 2010-225 - A vulnerability was discovered and corrected in libmbfl (php). The updated packages have been patched to correct these issues. The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream patch.
2203cef88168e2a77c3c7b7ba0c8963ffdbbd9e4cd234e5ebd370f2a7b74d1adMandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue. Update packages for MES5 were missing with the MDVSA-2010:202 advisory. This advisory provides the update packages.
4a338f887721e9895a8e3e6036743fdb11f3dc56f4b0b2a8e338f76f0aa24b5aMandriva Linux Security Advisory 2010-134 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133.
3d73e4babfd4b5c82e8bde7f78c70aac24ac68d203e10354a9d51ebf133af653Mandriva Linux Security Advisory 2010-136 - Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 The updated packages have been patched to correct this issue.
9fe83cb142b2975efe8bfd4f0a6a6b22652cf1016190aea60be397f92ce3eedd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed