[SECURITY] [DSA 2358-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2358-1 [email protected] http://www.debian.org/security/ December 05, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------...

CVE-2011-4435

The web-server component in the Consolidation and Analysis Engine CAE Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests...

Directory traversal

The web-server component in the Consolidation and Analysis Engine CAE Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests...

CVE-2011-4435

The web-server component in the Consolidation and Analysis Engine CAE Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests...

CVE-2011-4435

The web-server component in the Consolidation and Analysis Engine CAE Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests...

Debian: Security Advisory (DSA-2311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2311-1 : openjdk-6 - several vulnerabilities

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code including applets to...

Multiple vulnerabilities in Help Desk Software

Vulnerability ID: HTB23041 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinhelpdesksoftware.html Product: Help Desk Software Vendor: freehelpdesk.org http://freehelpdesk.org/ Vulnerable Version: 1.1b and probably prior Tested Version: 1.1b Vendor Notification: 17 August 2011...

Important: Red Hat Security Advisory: httpd and httpd22 security update

Updated httpd and httpd22 packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Progea Movicon / PowerHMI 11.2.1085 Heap Overflow

Luigi Auriemma Application: Progea Movicon / PowerHMI http://www.progea.com Versions: = 11.2.1085 Platforms: Windows Bug: heap overflow Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== ...

progea movicon / powerhmi 11.2.1085 - Multiple Vulnerabilities

Luigi Auriemma Application: Progea Movicon / PowerHMI http://www.progea.com Versions: = 11.2.1085 Platforms: Windows Bug: memory corruption Exploitation: remote Date: 13 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix...

TIBCO Security Advisory: September 13, 2011 - TIBCO® Managed FileTransfer

TIBCO® Managed File Transfer vulnerability Original release date: Sep 13, 2011 Last revised:-- CVE-2011-3423, CVE-2011-3424 Source: TIBCO SoftwareInc. TIBCO Managed File Transfer vulnerability Original release date: Sep 13, 2011 Last revised: -- Source: TIBCO Software Inc. Systems Affected TIBCO...

Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS

A flaw was found when modproxyajp is used together with modproxybalancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service...

Oracle GlassFish Server Administration Console GET Request Authentication Bypass

The version of GlassFish Server running on the remote host has an authentication bypass vulnerability. The server fails to enforce authentication on HTTP requests that contain lower case method names e.g. 'get'. A remote, unauthenticated attacker could exploit this to upload and execute arbitrary...

Apache APR apr_fnmatch Stack Overflow Denial of Service (CVE-2011-0419)

A stack overflow vulnerability has been reported in Apache Portable Runtime APR library. Apache is a popular HTTP web server. The vulnerability is due to an error in the way the APR parses certain requests with a user specified filter. A remote attacker could exploit this vulnerability by sending...

CentOS Update for tomcat5 CESA-2010:0580 centos5 i386

Check for the Version of tomcat5 OpenVAS Vulnerability Test CentOS Update for tomcat5 CESA-2010:0580 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.002 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Heap Corruption in Citrix XML Service Risk: HIGH Vendor...

SA500 vulnerabilities - details

Hi Advisory by Cisco was published a few days ago Bugtraq ID: 48810. Now more details: 1. Unathenticated access to web management any user - including admin. Due to blind SQLi in the login form of web management port 443, https, login field, embedded sqlite DB, there is possible to obtain: a all...

Citrix XenApp / XenDesktop Stack-Based Buffer Overflow

No description provided by source. n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.001 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Stack-Based Buffer...