Important: Red Hat Security Advisory: rhpki-common security update

Updated rhpki-common packages that fix a security issue are now available for Red Hat Certificate System 7.2. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Certificate System RHCS is an enterprise software system designed to manage...

C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow

Background ----------------- Vendor product information: CIMPLICITY is a powerful and technically advanced HMI/SCADA product. With its open system design approach, true client/server architecture, and the latest web technologies, CIMPLICITY allows you to realize the benefits of digitization for t...

Important: kernel security and bug fix update

2.6.18-53.1.6.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki ORA 6045759 - NET Fix msi issue with kexec/kdump Michael Chan ORA 6219364 - MM Fix allocpagesnode static nid' race made kernel crash Joe Jin ORA 6187457 - splice Fix bad unlockpage in error case Jens Axboe ORA 6263574 ...

[SECURITY] Fedora 8 Update: zabbix-1.4.2-4.fc8

ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...

[SECURITY] Fedora 7 Update: zabbix-1.4.2-3.fc7

ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...

CVE-2007-5413

HP OpenView Radia Integration Server, specifically httpd.tkd, is affected in CM Infrastructure v4.0–4.2i and CCM v2.0. The vulnerability arises from insufficient validation of URLs containing tilde references (e.g., ~root) in the HTTP server bound to TCP port 3465, enabling remote attackers to re...

Security aspects of time synchronization infrastructure

A large number of services on modern corporate network require time to be synchronized within network or with absolute time and may fail if there are any problems with time synchronization. Below are just few examples of services and required time precision. For synchronization within network:...

SmartDefense Profiles Available for Users of VPN-1 NGX R62: Assigning a Profile per Gateway

The most significant enhancement in the NGX R62 release is the enablement of SmartDefense Profiles. SmartDefense Profiles expand the flexibility and granularity of security defenses, while allowing central control and management of the security infrastructure. By defining multiple SmartDefense...

paypalXSScorry.txt

-=--------------------ADVISORY-------------------=- PayPal.com Author:CorryL x0n3-h4ck.org -=----------------------------------------------------=- -=+ Application: PayPal.com -=+ Version: -=+ Vendor's URL: www.paypal.com -=+ Platform: Linux\Unix -=+ Bug type: XSS -=+ Exploitation: Remote/Local -...

CVE-2006-3589

The CVE-2006-3589 issue affects VMware products on Linux: VMware Player/Workstation/Server for Linux, VMware ESX Server 2.x, and VMware Infrastructure 3. vmware-config.pl does not check the return code of Perl chmod, and lacks using safe_chmod, which can leave SSL key files with an unsafe umask a...

Security Best Practice: SNMP Protocol Enforcement

SNMP is part of the internet protocol suite that provides a coherent framework for the management of various network devices. SNMPv2 and SNMPv3 provide security enhancements over SNMPv1. SNMP vulnerability makes it the target of information modification. For example, a remote attacker can capture...

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites,...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= Plume CMS 1.1.3 dbinstall.php Remote File Include Vulnerability =================================================================...

Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management, multiple authors with different righ...

Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability

Trend Micro Control Manager TMCM Persistent XSS Vulnerability June 23, 2006 Product Overview: Trend Micro Control Manager is a centralized, web-based outbreak management console designed to simplify enterprise-wide coordination of outbreak security actions and management of Trend Micro products a...

[VulnWatch] iDefense Security Advisory 01.17.06: Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability

Cisco Systems IOS 11 Web Service CDP Status Page Code Injection Vulnerability iDefense Security Advisory 01.17.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=372 January 17, 2006 I. BACKGROUND Cisco IOS Software is the world's leading network infrastructure software,...

Research in Motion (RIM) BlackBerry Router vulnerable to denial of service via Server Routing Protocol (SRP)

Overview The Research in Motion RIM BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol SRP packets. By sending specially crafted SRP packets to the router, an attacker could cause a denial of service. Description The BlackBerry Router is a component o...

Debian Security Host Bandwidth Saturation

------------------------------------------------------------------------ The Debian Project http://www.debian.org/ Security Host Bandwidth Saturation [email protected] September 20th, 2005 http://www.debian.org/News/2005/20050920 -...

CVE-2004-0093

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure DRI...

CVE-2004-0094

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure DRI...