38 matches found
VulnCheck KEV: CVE-2014-125123
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel developed by LXCenter prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbin/webcommand.php, which fails to properly sanitize input, allowing an attacker to extract the...
Oracle Siebel CRM (January 2014 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2014 CPU advisory. - Vulnerability in the Siebel Life Sciences component of Oracle Siebel CRM subcomponent: Clinical Trip Report. Supported versions that are affect...
Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014
Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...
Windows 8.1 Store improvements: January 2014
Windows 8.1 Store improvements: January 2014 Summary This article describes the update rollup for Windows RT 8.1 and Windows 8.1 that is dated January 2014. This update package includes performance and reliability improvements. We recommend that you apply this update rollup as part of your regula...
DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison
A 23-year-old hacker from Utah who launched a series of DDoS attacks against multiple online services, websites, and online gaming companies between December 2013 and January 2014 has been sentenced to 27 months in prison. Austin Thompson, a.k.a. "DerpTroll," pledged guilty back in November 2018...
Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK, Java™ Technology Edition
Summary Java SE issues disclosed in the Oracle January 2014 Critical Patch Update Vulnerability Details CVE IDs: CVE-2014-0428 CVE-2014-0422 CVE-2013-5907 CVE-2014-0415 CVE-2014-0410 CVE-2013-5889 CVE-2014-0417 CVE-2014-0387 CVE-2014-0424 CVE-2013-5878 CVE-2014-0373 CVE-2014-0375 CVE-2014-0403...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - January 2014
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updat...
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)
Summary IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a January 2014 Critical Patch Update CPU that contains security vulnerability...
Security Bulletin: Rational Insight - Oracle CPU January 2014 (CVE-2014-0416, CVE-2014-0423)
Summary Multiple security vulnerabilities exist in the IBM JRE that is shipped with Rational Insight. The same security vulnerabilities also exist in the IBM Java SDK that is shipped with the IBM WebSphere Application Server WAS. Vulnerability Details | Subscribe to My Notifications to be notifie...
Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014
Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and is included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: January 2014
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: January 2014 Important When you install this update 2911106 from Windows Update, update 2914218 are included in the installation. Summary This article describes the update rollup for Windows RT 8.1, Windows 8.1, and Windows...
A hotfix is available to update the Daylight Saving Time for the “(UTC+12:00) Fiji” time zone for Windows Operating Systems
A hotfix is available to update the Daylight Saving Time for the “UTC+12:00 Fiji” time zone for Windows Operating Systems Introduction Fiji has announced changes to its daylight saving time DST schedule. This hotfix updates the DST start and end dates for the “UTC+12:00 Fiji” time zone. More...
IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)
According to its version, the IBM Domino formerly IBM Lotus Domino on the remote host is 9.x prior to 9.0.1 Fix Pack 1 FP1. It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation, which...
IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)
The remote host has a version of IBM Domino formerly Lotus Domino 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014...
OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on...
Immunity Debugger Stack Overflow Vulnerability – PoC
Title : Immunity Debugger – Crash POC Name: Immunity Debugger v1.85 SEH Chain Stack Overflow Discoverer: Veysel HATAŞ email protected Vendor: Immunity Inc Systems Affected: Windows Risk: Low Status: Not Fixed Discovered: 05 January 2014 Reported: 06 January 2014 Published: 20 March 2014...
Kloxo SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel,...
ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure
ASUS routers, which are enabled with the AiCloud service SSL ports, are vulnerable to bypass of authentication and sensitive file disclosure. This vulnerability has been observed in all firmware versions, though the latest version increases the complexity of the attack. By sending a special craft...
Oracle Secure Global Desktop Multiple Vulnerabilities (January 2014 CPU)
The remote host has a version of Oracle Secure Global Desktop installed that is affected by multiple vulnerabilities : - Specially crafted requests sent with chunked transfer encoding could allow a remote attacker to perform a 'limited' denial of service attack on the Tomcat server. CVE-2012-3544...
OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...