PT-2012-1502 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.0 Description: The issue allows local users with root privileges to modify arbitrary kernel memory locations by writing to the /sys/kernel/debug/acpi/custom method file. This is due to an incomplete fix for a...

Fedora 16 : python3-3.2.3-2.fc16 (2012-9135) (BEAST)

Fixes debug build systemtap support. Rebase of python3 from 3.2.1 to 3.2.3 bringing in security fixes, along with many other bug fixes. The compiled .pyc and .pyo files are now properly compiled so python3 doesn't try to recompile them over and over on runtime anymore. Note that Tenable Network...

[SECURITY] Fedora 17 Update: android-tools-20120510gitd98c87c-1.fc17

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

FlexNet License Server Manager lmgrd Buffer Overflow

This module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of...

CVE-2012-2904

player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting XSS attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter...

Cross site scripting

player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting XSS attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter...

CVE-2012-2904

player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting XSS attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter...

[SECURITY] Fedora 15 Update: android-tools-20120510gitd98c87c-1.fc15

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

[SECURITY] Fedora 16 Update: android-tools-20120510gitd98c87c-1.fc16

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

Apple Legacy filevault barn door...

As someone said here recently, carefully built crypto has a unfortunate tendency to consist of three thick impregnable walls and a picket fence in the back with the gate left open. That seems to have happened to Apple's older "legacy" Filevault in the current release of MacOX Lion 10.7.3...

Flaw in OS X Lion Encryption Leaves User Credentials in Plaintext

There’s a serious weakness in certain versions of Apple OS X that causes the operating system to store users’ login credentials for the FileVault encrypted storage in plaintext. The bug, which is found in older versions of FileVault present on OS X Lion 10.7.3 systems, enables anyone with admin...

Skype Vulnerability Exposing User IP Addresses

Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github...

Crystal Office Suite 1.43 Buffer Overflow

Title: ====== Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=489 VL-ID: ===== 489 Introduction: ============= Crystal Office is the essential office suite ideal for home and business user...

Java Debug Wire Protocol Detection

A Java Debug Wire Protocol JDWP server was detected on the remote host. This is a network protocol that allows debugging of a remote Java virtual machine. Authentication is not required to access this service. A remote, unauthenticated attacker could connect to this service and execute arbitrary...

Apple Fixes 81 Security Holes in iOS 5.1 including Siri and Passcode Flaws

Cupertino, California-based Apple released fixes for a bevy of security flaws in its iOS mobile operating system, including security flaws affecting the Siri personal assistant, the iOS passcode feature, and more than five dozen flaws in the WebKit Web rendering enging used by both iOS and Androi...

Mandriva Update for rpm-mandriva-setup MDVA-2012:024 (rpm-mandriva-setup)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

kernel: xfs: potential buffer overflow in xfs_readlink()

Buffer overflow in the xfsreadlink function in fs/xfs/xfsvnodeops.c in XFS in the Linux kernel 2.6, when CONFIGXFSDEBUG is disabled, allows local users to cause a denial of service memory corruption and crash and possibly execute arbitrary code via an XFS image containing a symbolic link with a...

kernel-rt: stack corruption when task gets scheduled out using the debug stack

The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service stack corruption and panic via a crafted application that triggers certain lock contention...

Microsoft SQL Server Payload Execution

This module executes an arbitrary payload on a Microsoft SQL Server by using the "xpcmdshell" stored procedure. Currently, three delivery methods are supported. First, the original method uses Windows 'debug.com'. File size restrictions are avoided by incorporating the debug bypass method present...

OpenSSH < 5.7 Multiple Vulnerabilities

Binary data 6300.prm...