[SECURITY] Fedora 16 Update: gitolite3-3.04-4.fc16

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

CVE-2012-3153

CVE-2012-3153 affects Oracle Fusion Middleware’s Oracle Reports Developer (11.1.1.4/11.1.1.6/11.1.2.0). It involves an unspecified vulnerability in the Reports Servlet that can compromise confidentiality and integrity via unknown vectors related to the Report Server component; the vulnerability m...

CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

CVE-2012-3152

CVE-2012-3152/3153 affect Oracle Fusion Middleware’s Oracle Reports Developer component (11.1.1.4, 11.1.1.6, 11.1.2.0). An unspecified vulnerability in the Report Server/Servlet can allow remote attackers to affect confidentiality and integrity; one note indicates possible file read/upload of a ....

CVE-2012-3152

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...

Firefox 16 pulled just after release to address security vulnerabilities

The latest version of Mozilla's Firefox browser has been taken offline after a security vulnerability was discovered. Mozilla's Firefox 16 web browser got its regular six-weekly update yesterday but the organisation decided to pull the browser hours after the release. The outfit claimed it became...

Megapolis.Portal Manager Cross Site Scripting

Hello list! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...

CVE-2012-1618

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standardconformingstrings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to...

Some WordPress Themes, Thousands of Sites Open to XSS Vulnerability

A number of WordPress themes being distributed by the developer Parallelus are vulnerable to cross-site scripting XSS attacks, reports said. Themes, bits of PHP and HTML code that alter the look and functionality of sites, are usually installed via WordPress’ dashboard tool or by FTP. According t...

Information disclosure

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product...

CVE-2012-3319

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product...

CVE-2012-3319

CVE-2012-3319 affects IBM Rational Business Developer 8.x prior to 8.0.1.4. The vulnerability allows remote attackers to obtain potentially sensitive information via a connection to a web service created with Rational Business Developer. The NVD entry notes a Information Disclosure impact (Confid...

CVE-2012-3319

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product...

JVN#42014489: Trend Micro Control Manager vulnerable to SQL injection

Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Impact An arbitrary SQL command may be executed in the backend database the product is referencing. Solution Apply a patch Apply the appropriate patch according to the information...

WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities

Exploit Title: WP-TopBar 4.02 CSRF Date: 2012-09-13 Author: Blake Entrekin Version: 4.02 Download Link: http://downloads.wordpress.org/plugin/wp-topbar.4.02.zip Vendor Link: http://wordpress.org/extend/plugins/wp-topbar/ ------------------- CSRF ------------------- The wp-topbar.php does not...

USN-1548-2: Firefox regression

USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherlan...

SAP NetWeaver Dispatcher - DiagTraceR3Info Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SAP NetWeaver Dispatcher...

Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)

Security issues were identified and fixed in mozilla firefox : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow

Exploit for windows platform in category local exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...