8222 matches found
Design/Logic Flaw
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console...
CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities
Get Ready to update your Java program as Oracle has released its massive patch package for multiple security vulnerabilities in its software. The United States software maker Oracle releases its security updates every three months on Tuesday, which it referred to as "Critical Patch Updates" CPU...
CVE-2014-6526
CVE-2014-6526 concerns Oracle Directory Server Enterprise Edition (ODSEE) Admin Console in Oracle Fusion Middleware 7.0. The vulnerability is described as unspecified and allows remote attackers to affect integrity via unknown vectors related to the Admin Console. No concrete root cause, affected...
Oracle Releases January 2015 Security Advisory
Oracle has released its Critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products. This update contains the following security fixes: 8 for Oracle Database Server 36 for Oracle Fusion Middleware 10 for Oracle Enterprise Manager Grid Control 10 for Oracle...
Moderate: Red Hat Security Advisory: python-keystoneclient security update
Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Updated perl-Plack package fixes security vulnerability
Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files CVE-2014-5269...
Device42 DCIM Appliance Manager Ping Command Injection Exploit
Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages ping. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core'...
Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update
Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Citadel Variant Targets Password Managers
The Citadel Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products. Researchers from IBM Trusteer today said they’ve notified makers of the nexus Personal Security Client, Password Safe and KeePa...
Directory traversal
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when servestaticassets is enabled, allows remote attackers to determine the existence o...
[SECURITY] Fedora 21 Update: libetpan-1.6-1.fc21
The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...
[SECURITY] Fedora 20 Update: libetpan-1.6-1.fc20
The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...
DEBIAN-CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/actiondispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when servestaticassets is enabled, allows remote attackers to determine the existence o...
CVE-2014-7818
CVE-2014-7818 affects Ruby on Rails Action Pack, with a directory traversal in actionpack/lib/action_dispatch/middleware/static.rb when serve_static_assets is enabled. Affected: Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3. The underlying flaw all...
CVE-2014-6552
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console...
CVE-2014-6522
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via vectors related to ADF Faces...
CVE-2014-6534
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect integrity via vectors related to WLS Console...
CVE-2014-6499
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector...