what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-04-16

HP Security Bulletin HPSBUX02866 SSRT101139
Posted Apr 16, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-6750, CVE-2012-2687, CVE-2012-2733, CVE-2012-3499, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-4557, CVE-2012-4558, CVE-2012-4929, CVE-2012-5885
SHA-256 | d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087
SAP BASIS Communication Services Command Execution
Posted Apr 16, 2013
Authored by Ertunga Arsal | Site esnc.de

SAP Basis Components versions 4.6B through 7.30 suffer from a remote command injection vulnerability.

tags | advisory, remote
advisories | CVE-2013-3063
SHA-256 | 439e261026af63ba9c8aeee51164c2ae9e2259c65267679fcd1b65b7fa4df04f
SAP Production Planning / Control Privilege Escalation
Posted Apr 16, 2013
Authored by Ertunga Arsal, Mert Suoglu | Site esnc.de

SAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.

tags | advisory
advisories | CVE-2013-3062
SHA-256 | eff7e22f57554cfb6fb76dc4a0134bc770589d4294f8621e081e553afee5d7da
Oracle Java SE 7 Update 21 Information
Posted Apr 16, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Oracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).

tags | advisory, java, vulnerability
SHA-256 | db5a5e389d8d3c4c134815cc14599a283f8f6970e50643600808191ba1a9acdf
SAP Healthcare Industry Solution Privilege Escalation
Posted Apr 16, 2013
Authored by Ertunga Arsal | Site esnc.de

This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions. Although this vulnerability is found in the SAP industry solution for healthcare, the functionality is also present in the SAP ERP central component (ECC 6). Thus, customers in other industries are also affected.

tags | advisory
advisories | CVE-2013-3061
SHA-256 | 04068b72f2c992a2fd3f3c6c9328f3a8d53414cded64945a2d57f759d3167747
Red Hat Security Advisory 2013-0747-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0747-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system.

tags | advisory, denial of service, kernel
systems | linux, redhat
advisories | CVE-2012-6537, CVE-2012-6542, CVE-2012-6546, CVE-2012-6547, CVE-2013-0216, CVE-2013-0231, CVE-2013-1826
SHA-256 | 9e0aa536e0da762edf8c498c10bb83405607592006ca6d9a7c71cb4b1a98321e
Red Hat Security Advisory 2013-0749-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0749-01 - Apache CXF is an open source services framework. It was found that the Apache CXF UsernameTokenPolicyValidator and UsernameTokenInterceptor allowed a UsernameToken element with no password child element to bypass authentication. A remote attacker could use this flaw to circumvent access controls applied to web services by omitting the password in a UsernameToken. This flaw was exploitable on web services that rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users. It was not exploitable when using hashed passwords or WS-Security without WS-SecurityPolicy.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-5633, CVE-2013-0239
SHA-256 | ca53255a02a059d91e5a702c6b1219475f8516e8f0f03108ebb607ced43031f8
Red Hat Security Advisory 2013-0748-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0748-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1416
SHA-256 | 7418bbcc8fbfad8c0d43913ef16a0db8c57fcdeedd65917176af08ab2350df19
Red Hat Security Advisory 2013-0741-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0741-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-2133, CVE-2013-0871
SHA-256 | be58c9881dae761f77362629f07bbadce7bacffad49b827014d6616ac8b9ef4f
Ubuntu Security Notice USN-1802-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1802-1 - It was discovered that Samba incorrectly handled CIFS share attributes when SMB2 was used. A remote authenticated user could possibly gain write access to certain shares, bypassing the intended permissions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0454
SHA-256 | ddaed35aa51889db85e8e8ee45090e553664fe39dec721fa2b619084f5911060
Mandriva Linux Security Advisory 2013-144
Posted Apr 16, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-144 - Multiple cross-site scripting vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the visualizationSettings[width] or visualizationSettings[height] parameter. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2013-1937
SHA-256 | 4b402b15c02d1cce2783b63a6160f83535655f892d79b84d2f266df0895b94e7
Mandriva Linux Security Advisory 2013-143
Posted Apr 16, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-143 - poppler before 0.22.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via vectors that trigger an invalid memory access in splash/Splash.cc, poppler/Stream.cc. poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1788, CVE-2013-1790
SHA-256 | b5ae675f08df14c8bc676bdb7b202ab56eacf4377100b3196ff1bd32e3ea2027
Ubuntu Security Notice USN-1801-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1801-1 - YAMADA Yasuharu discovered that libcurl was vulnerable to a cookie leak when doing requests across domains with matching tails. curl did not properly restrict cookies to domains and subdomains. If a user or automated system were tricked into processing a specially crafted URL, an attacker could read cookie values stored by unrelated webservers.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-1944
SHA-256 | ea0c4e42890a1098fca522fa72544604763aef3b197e27a9829c9659c96f3579
Red Hat Security Advisory 2013-0742-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0742-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. This issue was discovered by Martin Kosek of Red Hat.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-1897
SHA-256 | d1c8bae030a7c5a20dd7dc9a69ceb44dd2d44cdda1a45f3c1fc50f1f3af0645c
Red Hat Security Advisory 2013-0743-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0743-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
SHA-256 | 447577374687140e0fda8af502e096ed8dde4add99ded2c0a3b1029f0a22ec4c
Ubuntu Security Notice USN-1800-1
Posted Apr 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1800-1 - It was discovered that HAProxy incorrectly handled configurations where global.tune.bufsize was set to a value higher than the default. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Yves Lafon discovered that HAProxy incorrectly handled HTTP keywords in TCP inspection rules when HTTP keep-alive is enabled. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, tcp
systems | linux, ubuntu
advisories | CVE-2012-2942, CVE-2013-1912, CVE-2012-2942, CVE-2013-1912
SHA-256 | a60d264b8f58648cf2e1c8ac5fae817c04ec3e22d7d7a0a9a2bd2e8003c7f1ff
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close