5160 matches found
AWS XMS 2.5 Path Traversal
Advisory ID: HTB23147 Product: AWS XMS Vendor: http://www.aws-dms.com Vulnerable Versions: 2.5 and probably prior Tested Version: 2.5 Vendor Notification: March 6, 2013 Vendor Patch: March 16, 2013 Public Disclosure: March 27, 2013 Vulnerability Type: Path Traversal CWE-22 CVE Reference:...
[SECURITY] Fedora 17 Update: euca2ools-2.1.3-1.fc17
Euca2ools are command line tools used to interact with Eucalyptus, a service overlay designed to be interface-compatible with Amazon Web Services AWS, as well as AWS itself...
[SECURITY] Fedora 18 Update: euca2ools-2.1.3-1.fc18
Euca2ools are command line tools used to interact with Eucalyptus, a service overlay designed to be interface-compatible with Amazon Web Services AWS, as well as AWS itself...
Path Traversal in AWS XMS
High-Tech Bridge Security Research Lab discovered path traversal vulnerability in AWS XMS, which can be exploited to read contents of arbitrary files. 1 Path Traversal in AWS XMS: CVE-2013-2474 The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to...
RHEL 6 : jboss-ec2-eap (RHSA-2012:1376)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2012:1376 advisory. jboss-ec2-eap provides JBoss Operations Network JBoss ON scripts for JBoss Enterprise Application Platform running on the Amazon Web Services AWS...
PHP PDO内存访问冲突拒绝服务漏洞
BUGTRAQ ID: 54777 PHP是一种HTML内嵌式的语言,PHP与微软的ASP颇有几分相似,都是一种在服务器端执行的嵌入HTML文档的脚本语言,语言的风格有类似于C语言,现在被很多的网站编程人员广泛的运用。 PHP 5.4.3及其他版本在实现上存在远程拒绝服务漏洞,攻击者可利用此漏洞造成Web服务器崩溃,拒绝服务合法用户。 0 PHP 5.3.x PHP 5.2.x 厂商补丁: PHP --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.php.net ?php try $db = new...
Windows Gather Unattended Answer File Enumeration
This module will check the file system for a copy of unattend.xml and/or autounattend.xml found in Windows Vista, or newer Windows systems. And then extract sensitive information such as usernames and decoded passwords. Also checks for '.vmimport' files that could have been created by the AWS EC2...
Accidentally invented - Dos attack using Google Spreadsheets
Panos Ipeirotis, a computer scientists working at New York University,attack on his Amazon web service using Google Spreadsheets and Panos Ipeirotis checked his Amazon Web Services bill last week - its was $1,177.76 ! He had accidentally invented a brand new type of internet attack, thanks to an...
Cloudworm - Candidate MS12-020 - POC
Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall...
AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AdaCore Security Advisory ========================= SA-2012-L119-003 Hash collisions in AWS Problem: Impacted versions of AWS store key/value pairs from submitted form data in hash tables using a hash function that has predictable collisions. As a...
apr / aws libraries DoS
resources consumption because of collisions in a hash function...
CVE-2012-1035
AdaCore Ada Web Services AWS before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
Code injection
AdaCore Ada Web Services AWS before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
CVE-2012-1035
AdaCore Ada Web Services (AWS) before 2.10.2 is affected by a denial-of-service vulnerability where hash values for form parameters can be triggered to collide predictably, leading to CPU exhaustion under crafted input. The issue stems from how AWS computes hashes for form parameters and can be e...
CVE-2012-1035
AdaCore Ada Web Services AWS before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
Amazon Web Service Down, No Timeline for Remedy
Amazon Web Service’s AWS Elastic Compute Cloud EC2, based in Northern Virginia, went offline early this morning, taking with it a number of popular sites including, news aggregator Reddit and question and answer site and TechCrunch darling, Quora.The Web hosting firm’s Relational Database Service...
Amazon Cloud Can Be Used to Hack Into Networks !
A Germany-based security researcher says he can hack into protected networks using software that runs on Amazon's cloud-based computers, according to a Reuters report. Thomas Roth, a computer security consultant based in Cologne, Germany, says he has "figured out a quick and inexpensive way to...
Fedora 14 Introduces libjpegturbo for Faster Image Processing
Fedora 14, known as "Laughlin," officially launched on Tuesday, offering numerous new features aimed at enhancing the user experience for this open-source desktop operating system. Usability Focus In recent releases, Fedora, sponsored by Red Hat, has concentrated on improving usability. According...
Directory traversal
Directory traversal vulnerability in awstmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to upload arbitrary files, and execute arbitrary code, via directory traversal sequences in requests to T...
[SA12732] AWS MySQLguest Script Insertion Vulnerability
TITLE: AWS MySQLguest Script Insertion Vulnerability SECUNIA ADVISORY ID: SA12732 VERIFY ADVISORY: http://secunia.com/advisories/12732/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: MySQLguest http://secunia.com/product/4008/ DESCRIPTION: BliZZard has...