Scientific Linux Security Update : brltty on SL5.x i386/x86_64

It was discovered that a brltty library had an insecure relative RPATH runtime library search path set in the ELF Executable and Linking Format header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with...

CVE-2011-4591

Cross-site scripting XSS vulnerability in the printobject function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states...

CVE-2011-4591

Cross-site scripting XSS vulnerability in the printobject function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states...

sos security update

CentOS Errata and Security Advisory CESA-2012:0958 An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

Default credentials

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

CVE-2012-2664

CVE-2012-2664 affects the sosreport utility in the Red Hat sos package prior to 2.2-29. The root user password information found in the Kickstart configuration file (/root/anaconda-ks.cfg) is not removed when creating an archive of debugging information, potentially allowing an attacker to obtain...

Quagga < 0.99.9 BGPD Multiple Denial of Service Vulnerabilities

According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability can be triggered by a malformed OPEN message from an explicitly configured BGP peer. ...

rsyslog security, bug fix, and enhancement update

5.8.10-2 - add patch to update information on debugging in the man page Resolves: 820311 - add patch to prevent debug output to stdout after forking Resolves: 820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: 822118 5.8.10-1 - rebase to rsyslog 5.8.1...

Отладка ядра FreeBSD 9.0 посредством VMWare 8.0

First things first Первым делом следует установить исходники ядра. Если в /usr/src/sys/ пусто и есть установочный dvd, то следует распаковать src.txz: Цитата: mount -t cd9660 /dev/cd0 /cdrom tar -C / -xvzf /cdrom/usr/freebsd-dist/src.txz --- Если dvd нет, то исходники можно скачать с сайта freebs...

RHEL 6 : rsyslog (RHSA-2012:0796)

Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Low: Red Hat Security Advisory: sos security, bug fix, and enhancement update

An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update

Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

F5 BIG-IP SSH Private Key Exposure

F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. This module requires Metasploit: https://metasploit.com/download Current...

Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/proto/tftp' class Metasploit3 'Microsoft II...

Tor Browser Bundle information leakage

Debugging logging is always on...

Medium: systemtap

Issue Overview: An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kern...

Moderate: Red Hat Security Advisory: systemtap security update

Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

RedHat Update for sos RHSA-2012:0153-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Gentoo Security Advisory GLSA 201201-16 (xkeyboard-config xorg-server)

The remote host is missing updates announced in advisory GLSA 201201-16. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

sudo 1.8.0 - 1.8.3p1 Format String Vulnerability

Exploit for linux platform in category dos / poc Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer is embarrased...