GetResourceServlet pre-auth arbitrary file download vulnerability

The GetResourceServlet Servlet is vulnerable to an arbitrary file download attack. As the Servlet doesn’t implement its own authorization checks, this can be exploited anonymously. By taking an attacker controlled name parameter and using this in a call to URLConnection.openConnection, an attacke...

Sophos Web Protection Appliance 3.7.8.1 XSS / Command Execution

Sophos Web Protection Appliance version 3.7.8.1 suffers from OS command injection, cross site scripting, and file disclosure vulnerabilities. ======================================================================= title: Multiple vulnerabilities product: Sophos Web Protection Appliance vulnerable...

dedecms local file inclusion and Lilu-path leaked 0day-vulnerability warning-the black bar safety net

Dinner eating support, scan the following code digestion digestion. Recently Php0day group where the brothers are in the discussion of the dede hole more quickly under a jacket, with editplus search for a few keywords, and sure enough found some problems. Saying usually write code also like to us...

CVE-2013-0266

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to...

CVE-2013-0266

CVE-2013-0266 concerns the puppetlabs-cinder PackStack deployment: manifests/base.pp grants world-readable permissions to cinder.conf and api-paste.ini, enabling a local attacker to read OpenStack administrative passwords. Root cause: incorrect file permissions in these configuration files. Affec...

commons-configuration

| | math | | 1.2 | |...

[SECURITY] Fedora 18 Update: php-symfony2-Yaml-2.1.7-1.fc18

The Symfony2 YAML Component parses YAML strings to convert them to PHP arra ys. It is also able to convert PHP arrays to YAML strings. YAML, YAML Ain't Markup Language, is a human friendly data serialization standard for all programming languages. YAML is a great format for your configuration...

Fedora Update for php-symfony2-Yaml FEDORA-2013-1130

Check for the Version of php-symfony2-Yaml OpenVAS Vulnerability Test Fedora Update for php-symfony2-Yaml FEDORA-2013-1130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for corosync FEDORA-2013-1001

Check for the Version of corosync OpenVAS Vulnerability Test Fedora Update for corosync FEDORA-2013-1001 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 17 Update: corosync-2.3.0-1.fc17

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script...

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

Improper access control

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

CVE-2013-0651

The CVE-2013-0651 issue affects GE Intelligent Platforms Proficy Real-Time Information Portal. A misconfiguration in the Portal installation places sensitive files under the web root with insufficient access control, allowing unauthenticated remote retrieval of configuration data and data-source ...

GitHub Search Down After Some Credentials and Crypto Keys Exposed

GitHub’s search capability remains dark Friday after it was discovered that the code-sharing site’s search feature could be used to dredge up passwords, private crypto keys, and other credentials developers use in their projects. GitHub is a popular collaboration site for open source software...

rsh Excessive Trust Vulnerability

Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...

SuSE 11.2 Security Update : IBM Java (SAT Patch Number 6793)

IBM Java 1.5.0 was updated to SR11 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ Also three bugs have been fixed : - fix bnc771808: create symlink /usr/bin/javaws properly - fix bnc666744: mark all configuration files as %confignoreplace - fix bnc773021:...

RHEL 4 : JBoss EAP (RHSA-2009:0346)

Updated JBoss Enterprise Application Platform JBoss EAP 4.2 packages that fix various issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP06. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application...

RHEL 5 : JBoss EAP (RHSA-2009:1145)

Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix various issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP05. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platfor...

CentOS 5 : net-snmp (CESA-2013:0124)

Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...