CVE-2012-3973

CVE-2012-3973 affects Mozilla Firefox before 15.0, where the debugger in the developer-tools subsystem fails to properly restrict access to the remote-debugging service when remote debugging is disabled. This allows remote attackers to execute arbitrary code by leveraging the HTTPMonitor extensio...

CVE-2012-3973

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and...

Firefox < 15.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 15.0 and thus, is potentially affected by the following security issues : - An error exists related to 'Object.defineProperty' and the location object and can allow cross-site scripting attacks. CVE-2012-1956 - Unspecified memory safety issues exis...

HTTPMonitor extension allows for remote debugging without explicit activation — Mozilla

Mozilla security researcher Mark Goodwin discovered an issue with the Firefox developer tools' debugger. If remote debugging is disabled, but the experimental HTTPMonitor extension has been installed and enabled, a remote user can connect to and use the remote debugging service through the port...

[SECURITY] Fedora 16 Update: gdb-7.3.50.20110722-16.fc16

GDB, the GNU debugger, allows you to debug programs written in C, C++, Java, and other languages, by executing them in a controlled fashion and printing their data...

jdwp-info NSE Script

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script injects and execute a Java class file that returns remote system information. Example Usage nmap -sT -p...

jdwp-inject NSE Script

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script allows injection of arbitrary class files. After injection, class' run method is executed. Method run has no parameters,...

Scientific Linux Security Update : brltty on SL5.x i386/x86_64

It was discovered that a brltty library had an insecure relative RPATH runtime library search path set in the ELF Executable and Linking Format header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with...

Scientific Linux Security Update : systemtap on SL5.x, SL6.x i386/x86_64 (20120308)

SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When...

Scientific Linux Security Update : gfs2-utils on SL5.x i386/x86_64

Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities typically root with the output of the utilities via a symbolic link attack. CVE-2008-6552 Thi...

Scientific Linux Security Update : sos on SL6.x

Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included aspects of TUV's Certificate-based private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the key...

CVE-2011-4591

Cross-site scripting XSS vulnerability in the printobject function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states...

CVE-2011-4591

Cross-site scripting XSS vulnerability in the printobject function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states...

sos security update

CentOS Errata and Security Advisory CESA-2012:0958 An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

Default credentials

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

CVE-2012-2664

CVE-2012-2664 affects the sosreport utility in the Red Hat sos package prior to 2.2-29. The root user password information found in the Kickstart configuration file (/root/anaconda-ks.cfg) is not removed when creating an archive of debugging information, potentially allowing an attacker to obtain...

Quagga < 0.99.9 BGPD Multiple Denial of Service Vulnerabilities

According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability can be triggered by a malformed OPEN message from an explicitly configured BGP peer. ...

rsyslog security, bug fix, and enhancement update

5.8.10-2 - add patch to update information on debugging in the man page Resolves: 820311 - add patch to prevent debug output to stdout after forking Resolves: 820996 - add patch to support ssl certificates with domain names longer than 128 chars Resolves: 822118 5.8.10-1 - rebase to rsyslog 5.8.1...

Отладка ядра FreeBSD 9.0 посредством VMWare 8.0

First things first Первым делом следует установить исходники ядра. Если в /usr/src/sys/ пусто и есть установочный dvd, то следует распаковать src.txz: Цитата: mount -t cd9660 /dev/cd0 /cdrom tar -C / -xvzf /cdrom/usr/freebsd-dist/src.txz --- Если dvd нет, то исходники можно скачать с сайта freebs...

RHEL 6 : rsyslog (RHSA-2012:0796)

Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...