File Explorer vulnerable to directory traversal

Overview File Explorer provided by NextApp, Inc. contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Oracle Critical Patch Update - July 2014

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are generally cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

Google Releases Security Updates for Chrome and Chrome OS

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system or cause a denial of service. Updates available include: Chrome 35.0.1916.153 for Windows, Mac...

VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities

VMware product updates address OpenSSL security vulnerabilities. OpenVAS Vulnerability Test $Id: gbVMSA-2014-0004.nasl 6759 2017-07-19 09:56:33Z teissa $ VMSA-2014-0004: VMware product updates address OpenSSL security vulnerabilities Authors: Michael Meyer Copyright: Copyright c 2014 Greenbone...

Microsoft Releases Security Update for Internet Explorer Use-After-Free Vulnerability

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessa...

VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities

VMware vSphere Client updates address security vulnerabilities OpenVAS Vulnerability Test $Id: gbVMSA-2014-0003.nasl 6663 2017-07-11 09:58:05Z teissa $ VMSA-2014-0003: VMware vSphere Client updates address security vulnerabilities Authors: Michael Meyer Copyright: Copyright c 2014 Greenbone...

Adobe Releases Security Update for Reader Mobile

Adobe has released a security update to address a vulnerability in Adobe Reader Mobile 11.1.3 and earlier versions for Android. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code via a crafted PDF document. US-CERT recommends that users and administrators...

Google Releases Chrome Update

Google has released Google Chrome 33.0.1750.149 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome release blog ent...

Oracle Identity Manager Identity Console (January 2014 CPU)

The remote host is missing the January 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, potentially affected by multiple, unspecified vulnerabilities in the Identity Console sub-component of Oracle Identity Manager. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (remote check)

VMware ESXi and ESX unauthorized file access through vCenter Server and ESX OpenVAS Vulnerability Test $Id: gbVMSA-2013-0016remote.nasl 6074 2017-05-05 09:03:14Z teissa $ VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX remote check Authors: Michael Meyer...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 26 Firefox ESR 24.2 Thunderbird 24.2 SeaMonkey 2.23 These vulnerabilities could allow a remote attacker to bypass intended security restrictions, conduct a spoofing attack, execute...

VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation (remote check)

VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems. OpenVAS Vulnerability Test $Id: gbVMSA-2013-0014remote.nasl 6093 2017-05-10 09:03:18Z teissa $...

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Gen Sato reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

MongoDB server-side injection-vulnerability warning-the black bar safety net

Security researchers agixid in the MongoDB database 2. 2. 3 version on found a security vulnerability, and represents a Metasploit exploit payload being developed. The vulnerability is mainly MongoDB incorrect use SpiderMonkey Javascript NativeHelper function, the result can be injected into the...

SuSE 11.2 / 11.3 Security Update : PHP5 (SAT Patch Numbers 8087 / 8088)

The following security issues have been fixed : - bnc828020:. CVE-2013-4635 - Integer overflow in SdnToJewish - bnc829207:. CVE-2013-4113 - heap corruption due to badly formed xml %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

JBoss RichFaces vulnerable to remote code execution

Overview JBoss RichFaces contains a remote code execution vulnerability due to an issue with deserialization. JBoss RichFaces is a framework for integrating Ajax into web applications. JBoss RichFaces applications contain a deserialization interface where end users may provide input. This interfa...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 22.0 Firefox ESR 17.0.7 Thunderbird 17.0.7 Thunderbird ESR 17.0.7 These vulnerabilities could allow a remote attacker to execute arbitrary code and potentially cause a cross-site...

PT-2013-3724 · Oracle +3 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.1.68 and earlier Oracle MySQL versions 5.5.30 and earlier Oracle MySQL versions 5.6.10 and earlier Description: The issue affects the availability of the system, allowing remote authenticated users to exploit it via...

PT-2013-2069 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 9 Description: The issue is related to a use-after-free condition that allows remote attackers to execute arbitrary code via a crafted web site, triggering access to a deleted object. This may corrupt memor...

JVN#78305073: @WEB ShoppingCart vulnerable to cross-site scripting

@WEB ShoppingCart provided by WEBLOGIC CORPORATION. is a system for creating shopping websites. @WEB ShoppingCart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the appropriate patch according to th...