Unbreakable Enterprise kernel Security update

2.6.32-400.29.1 - KVM: add missing void user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to accessok call Heiko Carstens Orabug:...

wsdl_finder

This plugin finds new web service descriptions and other web service related files by appending "?WSDL" to all URLs and checking the response. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests,...

Monkey 1.2.0 Buffer Overflow

Title CVE-2013-3843 Monkey HTTPD 1.2.0 - Buffer Overflow DoS Vulnerability With Possible Arbitrary Code Execution 2. Introduction Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low memory and CPU consumption, the perfect solution for...

Oracle Document Capture BlackIceDevMode.ocx ActiveX Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Document Capture. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

APPLE-SA-2013-05-22-1 QuickTime 7.7.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-05-22-1 QuickTime 7.7.4 QuickTime 7.7.4 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted TeXML file may lead to an unexpected application...

JVN#39699406: EC-CUBE vulnerable to information disclosure as a result of improper input checking

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue with checking input values, which may result in information disclosure. Impact A remote, unauthenticated attacker may obtain information stored in the product. Solution Apply the update...

SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 7723 / 7726 / 7727)

This update to the SUSE Linux Enterprise 11 SP2 kernel fixes the following critical security issue : - A bounds checking problem in the perf systemcall could be used by local attackers to crash the kernel or execute code in kernel context. CVE-2013-2094 %NASLMINLEVEL 70300 C Tenable Network...

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.23.1 - Parallel mtrr init between cpus Zhenzhong Duan Orabug: 16777774 - Merge tag 'v2.6.39-400.21.1.16748891' of git://ca-git.us.oracle.com/linux-uek-2.6.39-ofed into uek-2.6.39-400 Maxim Uvarov Orabug: 16748891 - xen-blkfront: use a different scatterlist for each request Roger Pau...

Qualcomm acdb audio buffer overflow

The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An...

Mozilla Firefox 7.0 Multiple Vulnerabilities

Binary data 801321.prm...

Mozilla Thunderbird < 8.0 Multiple Vulnerabilities

Binary data 6789.prm...

EMC AlphaStor Device Manager Buffer Overflow (CVE-2013-0930)

A stack-based buffer overflow vulnerability has been reported in EMC AlphaStor Device Manager. The vulnerability is due to a lack of boundary checking when processing certain opcode messages in rrobotd.exe. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code in the...

EMC AlphaStor Device Manager Buffer Overflow - High Confidence (CVE-2013-0930)

A stack-based buffer overflow vulnerability has been reported in EMC AlphaStor Device Manager. The vulnerability is due to a lack of boundary checking when processing certain opcode messages in rrobotd.exe. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code in the...

Unbreakable Enterprise kernel Security update

2.6.39-400.21.2 - KVM: x86: Convert MSRKVMSYSTEMTIME to use gfntohvacache functions CVE-2013-1797 Andy Honig Orabug: 16711660 CVE-2013-1797 - Bluetooth: Fix incorrect strncpy in hidpsetuphid Anderson Lizardo Orabug: 16711065 CVE-2013-0349 - USB: ioti: Fix NULL dereference in chaseport Wolfgang...

Joomla! -- XXS and DDoS vulnerabilities

The JSST and the Joomla! Security Center report: 20130405 - Core - XSS Vulnerability Inadequate filtering leads to XSS vulnerability in Voting plugin. 20130403 - Core - XSS Vulnerability Inadequate filtering allows possibility of XSS exploit in some circumstances. 20130402 - Core - Information...

Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow

A stack buffer overflow vulnerability has been identified in Foxit Reader Plugin for Firefox. The vulnerability is due to a lack of bounds checking in an essential dll file, and affects handling of URLs. A remote attacker could exploit this vulnerability by enticing a target user to load a...

Apple QuickTime Plugin Content-Type Buffer Overflow - Improved Performance (CVE-2012-3753)

A stack buffer overflow vulnerability has been reported in Apple QuickTime plugin. The vulnerability is due to insufficient bounds checking. A remote attacker could exploit this vulnerability by enticing the target user to view a specially crafted web page. Successful exploitation would allow...

Apple QuickTime rnet Box Parsing Heap Buffer Overflow - Improved Performance (CVE-2012-3756)

A heap buffer overflow vulnerability has been reported in Apple QuickTime. The vulnerability is due to a bounds-checking error while parsing QuickTime reference movie files. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted QuickTime movie fi...

Mandriva Linux Security Advisory : usbmuxd (MDVSA-2013:133)

Updated usbmuxd packages fix security vulnerability : It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the...