Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities

Document Title: =============== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=571 Release Date: ============= 2012-09-30 Vulnerability Laboratory ID VL-ID: ====================================...

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been found in Puppet: Puppet uses predictable file names for temporary files CVE-2012-1906. REST requests for a file in a remote filebucket are not handled properly by overriding...

Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities

Exploit for multiple platform in category web applications Details: ======== Multiple persistent input validation vulnerabilities are detected in Endpoint Protector v4.0.4.0 Appliance Application. The bugs allow remote attackers to implement/inject malicious script code on the application side...

GAO Calls out the FDIC

It’s not always malicious hackers and purported state actors that expose weaknesses in government systems. Sometime it’s other government agencies as well. This was the case when federal watchdog, the Government Accountability Office, audited and subsequently called out the Federal Deposit...

PT-2012-3885 · Mcafee · Mcafee Web Gateway

Name of the Vulnerable Software and Affected Versions: McAfee Web Gateway version 7.0 Description: The issue allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. It is noted that this issue might not ...

CVE-2012-2053

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different...

Design/Logic Flaw

The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different...

CVE-2012-2053

Summary: CVE-2012-2053 affects F5 FirePass 6.0.0–6.1.0 and 7.0.0, where the sudoers configuration allows passwordless sudo for root, enabling local privilege escalation if an attacker gains OS access (e.g., via a PHP-executing user). The issue is a separate vulnerability from CVE-2012-1777. Root ...

Fedora Update for setup FEDORA-2011-10889

Check for the Version of setup OpenVAS Vulnerability Test Fedora Update for setup FEDORA-2011-10889 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

DEBIAN-CVE-2011-4405

The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle MITM attack...

PT-2011-40: Multiple CSRF vulnerabilities in Citrix License Administration Console

Positive Research Center has discovered a multiple CSRF vulnerabilities in Citrix License Administration Console. All web interface forms are vulnerable to CSRF attacks. One can exploit these vulnerabilities to change the system configuration. How to fix Update your software up to the latest...

PT-2011-35: Multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller

Positive Research Center has discovered a multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller. All web interface forms are vulnerable to CSRF attacks. One can exploit these vulnerabilities to change the system configuration. How to fix Update your software up to the latest...

IT-Grundschutz M4.244: Sichere Systemkonfiguration von Windows Client-Betriebssystemen - Windows

IT-Grundschutz M4.244: Sichere Systemkonfiguration von Windows Client-Betriebssystemen Windows. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94221 Diese Prüfung...

aspcms Station system injection 0day-vulnerability warning-the black bar safety net

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...

[SECURITY] Fedora 16 Update: setup-2.8.36-1.fc16

The setup package contains a set of important system configuration and setup files, such as passwd, group, and profile...

About Dedecms variable coverage exploits-vulnerability warning-the black bar safety net

Someone recently broke the dedecms variable coverage holes,it is also a quite interesting vulnerability, and in some cases dedecms this variable vulnerability to exist for so long in some people are many years,about six months ago I also independently discovered by 本文 [email protected] Write ...

[Manual] Безопасный web-сервер. (chroot,mod-security2,etc)

1. Теория 1.0. Постановка задачи Нам требуется построить максимально безопасный web-сервер на основе минимального дистрибьютива Ubuntu, а именно: 1. Создать chroot "песочницу" с помощью debootstrap 2. Установить в песочнице apache2, php5, mysql 3. Установить и настроить mod-security2, а также...

RootRepeal – Rootkit Detector v1.3.5 Download Now

RootRepeal – Rootkit Detector v1.3.5 Download Now RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind: Easy to use – a user with little to no computer experience should be able to use it. Powerful – it should be able to detect all publicl...

MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-005 MIT krb5 Security Advisory 2011-005 Original release: 2011-07-05 Topic: FTP daemon fails to set effective group ID CVE-2011-1526 CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:O/RC:C CVSSv2 Base Score: 6.5 Access Vector: Network...

H3C ER5100 enterprise-grade Dual-Core Broadband Router web Management page exists validation vulnerability-vulnerability warning-the black bar safety net

Brief description: H3C ER5100 enterprise-level Broadband Router web Management page exists validation vulnerability, unauthorized visitors may modify, restart, and view most of the system configuration. Vulnerability proof: ! http://222.223.5.218:8080/home.asp?userLogin.asp...