CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

ManageEngine Password Manager MetadataServlet.dat SQL Injection Exploit

This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to...

ManageEngine Password Manager MetadataServlet.dat SQL Injection

...

Huawei CloudEngine Switch Security Bypass (HWPSIRT-2013-1256)

The remote host is a Huawei switch running a firmware version that is affected by a security bypass vulnerability due to a failure of access control. An authenticated attacker can exploit this vulnerability to execute commands with higher-level...

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module...

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

...

Ubuntu: Security Advisory (USN-2310-1)

The remote host is missing an update for...

Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2310-1)

It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly...

Kerberos vulnerabilities

Releases Ubuntu 14.04 ESM Ubuntu 12.04 Ubuntu 10.04 Packages krb5 - MIT Kerberos Network Authentication Protocol Details It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a...

Fedora Update for krb5 FEDORA-2014-8176

The remote host is missing an update for...

[SECURITY] Fedora 19 Update: krb5-1.11.3-24.fc19

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted...

Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities

No description provided by...

LBreakOut2 2.x Login Remote Format String Vulnerability

No description provided by...

Gopherd <= 3.0.5 FTP Gateway Remote Overflow Exploit

No description provided by...

University of Minnesota Gopherd 2.0.x/2.3/3.0.x FTP Gateway Buffer Overflow Vulnerability

No description provided by...

WinVNC Web Server <= 3.3.3r7 - GET Overflow

No description provided by...

HPUX 10.20/11 Wall Message Buffer Overflow Vulnerability

No description provided by...

Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)

No description provided by...

BEA Weblogic Transfer-Encoding Buffer Overflow

No description provided by...

Fedora 20 : python-2.7.5-13.fc20 (2014-7800)

Fix for CVE-2014-4616 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Netris 0.3/0.4/0.5 - Remote Memory Corruption Vulnerability

No description provided by...

Fedora Update for python FEDORA-2014-7800

The remote host is missing an update for...

Ultr@VNC <= 1.0.1 VNCLog::ReallyPrint Remote Buffer Overflow PoC

No description provided by...

GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)

The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly...

IcedTea JDK: Multiple vulnerabilities

Background IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Description Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1663-1)

Update to icedtea 2.4.3 (bnc#846999) synchronized OpenJDK 7 support with the upstream u45 b31 fixes the following issues : S8006900, CVE-2013-3829: Add new date/time capability S8008589: Better MBean permission validation S8011071, CVE-2013-5780: Better crypto provider handling S8011081,...

IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)

The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January...

IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)

According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation,...

IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities

The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January...

TigerVNC < 1.3.1 ZRLE Heap-based Buffer Overflow

According to its self-identified version number, the TigerVNC install hosted on the remote web server is affected by a heap-based buffer overflow vulnerability. A flaw exists when performing bounds check during ZRLE decoding. This could allow a remote attacker with a malicious server and a...

JVN#81739241: sp mode mail issue when accessing attachments in incoming mail

sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. ## Impact If a malicious Android application is installed on the device, attachments...

JVN#05951929: sp mode mail issue where emails in the process of creation may be accessed

sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Android...

GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)

The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An...

Oracle JRE/JDK: Multiple vulnerabilities

Background The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). Description Multiple vulnerabilities have been reported in the Oracle Java.....

Ubuntu Update for openjdk-7 USN-2089-1

Check for the Version of...

Ubuntu: Security Advisory (USN-2089-1)

The remote host is missing an update for...

Ubuntu 12.10 / 13.04 / 13.10 : openjdk-7 vulnerabilities (USN-2089-1)

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the...

OpenJDK 7 vulnerabilities

Releases Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Packages openjdk-7 - Open Source Java implementation Details Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the...

Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

...

Linux Kernel (Ubuntu 11.1012.04) - binfmt_script Stack Data Disclosure

Linux Kernel (Ubuntu 11.1012.04) - binfmt_script Stack Data...

Huawei CloudEngine系列交换机安全绕过漏洞

BUGTRAQ ID: 64634 CloudEngine系列是华为公司面向下一代数据中心和高端园区推出的“云”级高性能交换机。 Huawei CloudEngine系列交换机的HWTACACS模块在实现上存在多个安全限制绕过漏洞。若攻击者拥有低权限的用户名称和密码并能够登录受影响设备，则可以利用这些漏洞绕过服务器身份验证检查，提升用户权限并执行任意命令。 0 Huawei CloudEngine Series Switches CE6800 Huawei CloudEngine Series Switches CE5800 Huawei CloudEngine Series...

Security Advisory-A Vulnerability on the HWTACACS Authorization Module of the CloudEngine

The HWTACACS modules of some Huawei CloudEngine series switches have vulnerabilities. Attackers can execute the commands that can be used by users with higher-level permissions by bypass the right check of HWTACACS server. (HWPSIRT-2013-1256). This Vulnerability has been assigned Common...

GLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201312-12 (MIT Kerberos 5: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. ...

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...

Multiple Java vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed Dec 11 10:53:34 CST 2013 | Updated: Mon Feb 3 10:36:58 CST 2014 | Updated: Sections II and III modifications | Updated: Includes VIOS The most recent version of this document is available here:...

Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities

Quarterly update fixes over 130 vulnerabilities in different...

Fedora Update for krb5 FEDORA-2013-21786

The remote host is missing an update for...

Fedora Update for krb5 FEDORA-2013-21786

Check for the Version of...

[SECURITY] Fedora 19 Update: krb5-1.11.3-13.fc19

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted...

Security update for IBM Java 7 (important)

IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ ...

SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)

IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on:...