Microsoft Internet Explorer removeChild释放后重用远程代码执行漏洞(CVE-2013-0094)(MS13-021)

BUGTRAQ ID: 58348 CVECAN ID: CVE-2013-0094 Microsoft Internet Explorer是微软公司推出的一款网页浏览器 Microsoft Internet Explorer 6/7/8/9/10在removeChild的实现上存在释放后重用远程代码执行漏洞，在用户使用 Internet Explorer 查看特制网页时允许远程执行代码。成功利用这些漏洞的攻击者可以获得与当前用户相同的用户权限。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小 0 Microsoft Internet Explorer 9...

Fedora 18 : python-django-1.4.5-2.fc18 (2013-2843)

Update to Django-1.4.4, security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 18 : gksu-polkit-0.0.3-6.fc18 (2013-3032)

gksu-polkit security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 17 : nginx-1.0.15-9.fc17 (2013-2955)

Make sure nginx directories are not world readable Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 17 : freeipa-2.2.2-1.fc17 (2013-2434)

Update to upstream 2.2.1 GA. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)

Fix for CVE-2013-0276. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 18 : kernel-3.7.9-201.fc18 (2013-2728)

Update to latest upstream stable 3.7.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 18 : openstack-keystone-2012.2.3-2.fc18 (2013-2168)

update to stable folsom release 2012.2.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Microsoft Internet Explorer CPasteComma释放后重用远程代码执行漏洞（ms13-009）

BUGTRAQ ID: 57831 CVECAN ID: CVE-2013-0027 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer 6-10内存在释放后重用漏洞，通过构造特制的网页，并触发访问已删除对象，远程攻击者可执行任意代码。 0 Microsoft Internet Explorer 6 - 10 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS13-009）以及相应补丁: MS13-009：Cumulative Security...

Microsoft Internet Explorer CHTML 释放后重用远程代码执行漏洞（ms13-009）

BUGTRAQ ID: 57833 CVECAN ID: CVE-2013-0029 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer 6-9内存在释放后重用漏洞，通过构造触发访问已删除对象的特制网页，远程攻击者可执行任意代码。 0 Microsoft Internet Explorer 6 - 9 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS13-009）以及相应补丁: MS13-009：Cumulative Security Upda...

Microsoft Internet Explorer Shift JIS字符信息泄露漏洞(CVE-2013-0015) (ms13-009)

BUGTRAQ ID: 57822 CVECAN ID: CVE-2013-0015 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Shift JIS是日本语的字符编码。Internet Explorer 6, 7, 8, 9没有正确执行Shift JIS编码的自动选择，通过构造触发跨域滚动事件的特制网站，远程攻击者可从不同的域或区域读取内容，造成信息泄露。 0 Microsoft Internet Explorer 6 - 9 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 将互联网和局域网安全区域设置为“高”...

Fedora 17 : httpd-2.2.23-1.fc17 (2013-1661)

This update contains the 2.2.23 release of the Apache HTTP Server. http://www.eu.apache.org/dist/httpd/CHANGES2.2.23 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...

Debian DSA-2618-1 : ircd-hybrid - denial of service

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Nagios XI多个远程安全漏洞

Bugtraq ID:57672 Nagios是一款免费开放源代码的主机和服务监视软件 Nagios存在多个安全漏洞，包括： -Alert Cloud组件存在反射型跨站脚本漏洞，可获得敏感信息或劫持用户会话。 -Nagios QL存在存储型跨站脚本漏洞，可获得敏感信息或劫持用户会话。 -Autodiscovery没有正确过滤输入，允许攻击者提交恶意作业执行任意代码。 -'admin/commandline.php'脚本不正确过滤用户提交的参数，允许攻击者利用漏洞注入任意SQL。 -Nagios QL存在跨站请求伪造漏洞，允许攻击者利用漏洞执行恶意操作。...

Fedora 18 : ettercap-0.7.5.1-1.fc18 (2013-0899)

Fix for CVE-2013-0722 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Wordpress Gallery插件'load'参数远程文件包含漏洞

Bugtraq ID:57650 CVE ID: CVE-2012-4919 WordPress Gallery是一款用于Wordpress的图库插件。 通过"load"参数提交给wp-content/plugins/wordpress-gallery/functions/updateorder.ph的输入在用于包含文件之前缺少校验，允许攻击者利用漏洞包含远程文件，并以WEB权限执行任意代码。 0 WordPress Gallery Plugin 1.x 厂商解决方案 目前没有详细解决方案提供：...

JBoss Enterprise Application Platform SecurityAssociation.getCredential() 安全绕过漏洞

BUGTRAQ ID: 57550 CVECAN ID: CVE-2012-3370 JBoss企业应用平台（JBoss Enterprise Application Platform，EAP）是J2EE应用的中间件平台。 JBoss Enterprise Application Platform，如果没有提供安全上下文给SecurityAssociation.getCredential，则其会返回之前的凭证。根据配置的应用，可允许远程攻击者劫持之前经过身份验证的用户凭证。 0 JBoss Group JBoss Enterprise Web Platform for RHEL 5...

Researchers Claim Linksys Routers Vulnerable to Remote Root Exploit

UPDATE – Researchers at security consultancy and vulnerability research firm DefenseCode claim to have uncovered a root exploit zero-day affecting the default installation of an unknown number of Cisco’s Linksys routers. The reseaerchers are urging Cisco to fix the potentially serious vulnerabili...

Apache Axis2/C SSL证书验证安全绕过漏洞

BUGTRAQ ID: 57267 CVECAN ID: CVE-2012-6107 Axis2是一个用C语言实现的Web服务引擎。 Apache Axis2/C在实现上存在安全绕过漏洞，成功利用后可允许攻击者执行中间人攻击或模拟受信任的服务器。 0 Apache Group Axis2/C 厂商补丁： Apache Group ------------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://httpd.apache.org/...

Microsoft Windows 本地权限提升漏洞(MS13-005/CVE-2013-0008)

Bugtraq ID:57135 CVE ID: CVE-2013-0008 Microsoft Windows是一款流行的操作系统 Microsoft内核win32k.sys不正确处理window广播消息，允许本地用户利用漏洞提升权限 0 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows RT Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microsoft Windows Vista 厂商解决方案...