Low: Red Hat Security Advisory: sos security, bug fix, and enhancement update

An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: rsyslog security, bug fix, and enhancement update

Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

F5 BIG-IP SSH Private Key Exposure

F5 ships a public/private key pair on BIG-IP appliances that allows passwordless authentication to any other BIG-IP box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. This module requires Metasploit: https://metasploit.com/download Current...

Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex/proto/tftp' class Metasploit3 'Microsoft II...

Tor Browser Bundle information leakage

Debugging logging is always on...

Medium: systemtap

Issue Overview: An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kern...

Moderate: Red Hat Security Advisory: systemtap security update

Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

RedHat Update for sos RHSA-2012:0153-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Gentoo Security Advisory GLSA 201201-16 (xkeyboard-config xorg-server)

The remote host is missing updates announced in advisory GLSA 201201-16. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

sudo 1.8.0 - 1.8.3p1 Format String Vulnerability

Exploit for linux platform in category dos / poc Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer is embarrased...

GLSA-201201-16 : X.Org X Server/X Keyboard Configuration Database: Screen lock bypass

The remote host is affected by the vulnerability described in GLSA-201201-16 X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an applicati...

HITB2011KUL - Post Memory Corruption Analysis

Document Title: =============== HITB2011KUL - Post Memory Corruption Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/398.wmv View: http://www.youtube.com/watch?v=kOgarD9KCbg Release Date: ============= 2012-01-26 Vulnerability Laboratory ID VL-ID:...

HITB2011KUL - Post Memory Corruption Analysis

Document Title: =============== HITB2011KUL - Post Memory Corruption Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/398.wmv View: http://www.youtube.com/watch?v=kOgarD9KCbg Release Date: ============= 2012-01-26 Vulnerability Laboratory ID VL-ID:...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Bugzilla Chart Generator Cross Site Scripting

Advisory: Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Bugzilla's chart generator during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an...

VxWorks Debugging Service Security-Bypass Vulnerability

VxWorks is prone to a remote security-bypass vulnerability. Successful exploits will allow remote attackers to perform debugging tasks on the vulnerable device. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. OpenVAS Vulnerability Test $Id:...

VxWorks Debugging Service Security Bypass Vulnerability

VxWorks is prone to a remote security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Carrier IQ Says Bug Can Cause Some SMS to Be Recorded in Coded Form

Carrier IQ, the embattled software company at the center of the controversy over alleged data collection on mobile devices, has released a new document that details the ways in which carriers deploy the software, how it works on devices and what data it is capable of collecting. The company also...

SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid57270; scriptversion"1.6";...

sos: sosreport is gathering certificate-based RHN entitlement private keys

The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes 1 Certificate-based Red Hat Network private entitlement keys and the 2 private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive...