2590 matches found
IBM WebSphere eXtreme Scale Denial of Service Vulnerability
IBM WebSphere eXtreme Scale is a distributed caching solution from IBM USA. The solution provides high-performance, scalable caching framework and grid technology to handle massive transactions, reduce database performance limitations and so on. A security vulnerability exists in IBM WebSphere...
NTPD - MON_GETLIST Query Amplification Denial of Service
NTPD - MONGETLIST Query Amplification Denial of Service !/usr/bin/perl ntp MONGETLIST query amplification ddos Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg A Network Time Protocol NTP Amplification attack is an emergin...
Threat Outbreak Alert RuleID15980: Email Messages Distributing Malicious Software on October 7, 2015
Medium Alert ID: 39551 First Published: 2015 June 30 13:19 GMT Last Updated: 2015 October 7 19:54 GMT Version: 14 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID15980 and...
Elasticsearch Arbitrary Code Execution Vulnerability
Elasticsearch is a set of open source distributed RESTful search engine built on Lucene , it is mainly used in cloud computing , and supports data indexing via HTTP using JSON . A security vulnerability exists in Elasticsearch that allows a remote attacker to submit a special request to execute...
The vulnerability of the distributed network access control device of SolarWinds Firewall Security Manager allows a hacker to elevate their privileges and execute arbitrary code within the client session.
The vulnerability of the userlogin.jsp module in the SolarWinds Firewall Security Manager distributed network access control system allows a malicious actor to escalate their privileges and execute arbitrary code within the client session...
I2P - The Invisible Internet Project
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based a la IP, but there is a library available to allow reliable streaming communication on top of it a la TCP. All...
[SECURITY] [DLA 237-1] mercurial security update
Package : mercurial Version : 1.6.4-1+deb6u1 CVE ID : CVE-2014-9390 CVE-2014-9462 CVE-2014-9462 Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command...
Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03487)
IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...
Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03496)
IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...
[SECURITY] Fedora 22 Update: quassel-0.11.0-2.fc22
Quassel IRC is a modern, distributed IRC client, meaning that one or multiple clients can attach to and detach from a central core -- much like the popular combination of screen and a text-based IRC client such as WeeChat, but graphical...
[SECURITY] [DSA 3258-1] quassel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3258-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 12, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3258-1 (quassel - security update)
It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection e.g. when the backend PostgreSQL server is restarted. OpenVAS Vulnerability Test $Id: deb3258.nasl 6609...
Debian DSA-3257-1 : mercurial - security update
Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian Security Advisory DSA 3241-1 (elasticsearch - security update)
John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. OpenVAS Vulnerability Test $Id: deb3241.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3241-1 using nvtgen 1.0 Script version: 1.0 Author:...
Vulnerabilities in the operating system openSUSE, which allow a malicious individual to compromise the accessibility of protected information
The drbd-kmp-trace package of the OpenSUSE operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
UBUNTU-CVE-2015-0405
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA...
[SECURITY] Fedora 20 Update: nodejs-0.10.36-3.fc20
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
[SECURITY] Fedora 21 Update: nodejs-0.10.36-3.fc21
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
Debian Security Advisory DSA 3149-1 (condor - security update)
Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to...
DSA-3149-1 condor - security update
Bulletin has no description...