redmine -- multiple vulnerabilities

Redmine reports: Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability...

kernel: kvm: device assignment DoS

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

kvm security and bug fix update

kvm-83-249.0.1.el5 - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch - modify kversion to fix build failure kvm-83-249.el5 - kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch bz770101 - CVE: CVE-2011-4622 - Resolves: bz770101...

kernel: kvm: device assignment DoS

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

Microsoft Windows CSRSS SrvDeviceEvent Code Execution (MS11-063; CVE-2011-1967)

A code execution vulnerability has been reported in Windows CSRSS. The vulnerability is due to a CSRSS memory assignment issue. An attacker can exploit this vulnerability by convincing an unsuspecting user to open a malicious executable file. Successful exploitation of this vulnerability may enab...

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem aka CSRSS in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service memory corruption via a crafted application that triggers an incorrect...

Nmap NSE net: whois

Queries the WHOIS services of Regional Internet Registries RIR and attempts to retrieve information about the IP Address Assignment which contains the Target IP Address. In using this script your IP address will be sent to iana.org. Additionally your address and the address of the target of the...

Fingerprinting the author of the ZeuS Botnet !

The source code of the ZeuS Botnet is now available for Download. Derek Jones the author this article imagine there are a few organizations who would like to talk to the authors of this code. All developers have coding habits, that is they usually have a particular way of writing each coding...

Spirit news enterprise website system v1. 1 SQL injection exploit-vulnerability warning-the black bar safety net

Spirit news Business Site System 1. 1 version fixes search single box of the parameter assignment problem. Rewrite the product display page in the parameters passed, now don't pass parameters you can also directly open the product display page, by default shows all products. productview. the asp...

Code injection

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

CVE-2010-3835

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service mysqld server crash by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be...

[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities

------------------------------------------------------------------------- Debian Security Advisory DSA-2143-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 14, 2011 http://www.debian.org/security/faq -...

kvm security update

kvm-83-164.0.1.el55.25 - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-add-oracle-workaround-for-libvirt-bug.patch kvm-83-164.el55.25 - Adding loadgsindex to kmod symbol greylist - Related: bz639886 CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic rhel-5.5.z...

MySQL Community Server 5.1 < 5.1.51 Multiple Denial of Service Vulnerabilities

Binary data 5677.prm...

FreeBSD : slim -- insecure PATH assignment (68c7187a-abd2-11df-9be6-0015587e2cc1)

SLiM assigns logged on users a PATH in which the current working directory './' is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

SA-CONTRIB-2010-045 - Auto Assign Role - Access bypass

The Auto Assign Role serves three primary purposes. The first is to provide an automatic assignment of roles when a new account is created. The second is to allow the end user the option of choosing their own role or roles when they create their account. The third is to provide paths that will...

slim -- insecure PATH assignment

SLiM assigns logged on users a PATH in which the current working directory "./" is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2...

ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities

Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting all of them Credit : ItSecTeam Remote : Yes Status : Bug mail : [email protected] Dork : "ATutor 1.6.4" Special Tnx : am!rkh@n, Amin ShokohiPejvak, C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members Website : WwW.ITSecTeam.com...

Code injection

Xerver 4.32 allows remote authenticated users to cause a denial of service daemon crash via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657...

CVE-2009-4658

Xerver 4.32 allows remote authenticated users to cause a denial of service daemon crash via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657...