CVE-2013-0301

CVE-2013-0301 affects ownCloud Calendar CSRF in apps/calendar/ajax/settings/settimezone, allowing remote attackers to hijack user sessions to change timezone. Public details show vulnerable versions: ownCloud before 4.0.12 (and related advisories) with this CSRF in the timezone parameter; impact ...

Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1505)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1505 advisory. 1:1.6.0.0-1.68.1.11.14 - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8...

java-1.6.0-openjdk security update

1:1.6.0.0-1.68.1.11.14 - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz1017618 1:1.6.0.1-1.67.1.13.0 - reverted previous update - Resolves: rhbz1017618...

OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029)

Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related ...

Amazon Linux AMI : glibc (ALAS-2012-39)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code wi...

OSX <= 10.8.4 - Local Root Priv Escalation (py)

Exploit for iOS platform in category local exploits !/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s...

Windows Gather Prefetch File Information

This module gathers prefetch file information from WinXP, Win2k3 and Win7 systems and current values of related registry keys. From each prefetch file we'll collect filetime converted to utc of the last execution, file path hash, run count, filename and the execution path. This module requires...

SuSE 11.2 / 11.3 Security Update : java-1_6_0-ibm (SAT Patch Numbers 8105 / 8107)

IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bugs have been fixed : - add Europe/Busingen to tzmappings. bnc817062 - mark files in jre/bin and bin/ as executable bnc823034 %NASLMINLEV...

Oracle Linux 6 : glibc (ELSA-2012-0058)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0058 advisory. 2.12-1.47.el62.5 - Avoid high cpu usage when accept fails with EMFILE 767692 2.12-1.47.el62.4 - Make implementation of ARENASTEST and ARENASMAX match...

Oracle Linux 5 : Moderate: / evolution-data-server (ELSA-2007-0344)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0344 advisory. 1.8.0-15.0.3.el5 - Add patch for RH bug 235289 APOP authentication vulnerability. 1.8.0-15.0.2.el5 - Remove Makefile.in changes that accidentally slipped into t...

DEBIAN-CVE-2009-5029

Integer overflow in the tzfileread function in glibc before 2.15 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted timezone TZ file, as demonstrated using vsftpd...

CVE-2009-5029

Integer overflow in the tzfileread function in glibc before 2.15 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted timezone TZ file, as demonstrated using vsftpd...

CVE-2009-5029

Integer overflow in the tzfileread function in glibc before 2.15 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted timezone TZ file, as demonstrated using vsftpd...

CVE-2009-5029

Integer overflow in the tzfileread function in glibc before 2.15 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted timezone TZ file, as demonstrated using vsftpd...

CVE-2009-5029

Integer overflow in the tzfileread function in glibc before 2.15 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted timezone TZ file, as demonstrated using vsftpd...

java-1_7_0-openjdk: update to 2.3.6 (critical)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...

Server: Multiple CSRF vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions before allows remote attackers to hijack the authentication for users via the "lat" and "lng" POST parameters to guesstimezone.php in /apps/calendar/ajax/settings/ CVE-2013-0299 Commits:...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

CVE-2012-6313

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace...

Stack overflow

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace...