Belkin Wemo Arbitrary Firmware Upload

Exploit Title: Belkin Wemo Arbitrary Firmware Vulnerability Date: 4/3/13 Exploit Author: Daniel Buentello Vendor Homepage: http://www.belkin.com/us/wemo Version: Any version prior to WeMoUS2.00.2176.PVT CVE : CVE-2013-2748 Hello Im independently working with Mitre and Belkin on this matter so...

[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

[SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

Editing "Global Templates" possible without admin login

If you are logged in to the admin panel you get the following line: quoteYou have temporary access to administrative functions. Drop access if you no longer require it. For more information, refer to the documentation.quote Pressing "Drop access" redirects you to the normal Wiki page, away from t...

Editing "Global Templates" possible without admin login

If you are logged in to the admin panel you get the following line: quoteYou have temporary access to administrative functions. Drop access if you no longer require it. For more information, refer to the documentation.quote Pressing "Drop access" redirects you to the normal Wiki page, away from t...

Editing "Global Templates" possible without admin login

If you are logged in to the admin panel you get the following line: quoteYou have temporary access to administrative functions. Drop access if you no longer require it. For more information, refer to the documentation.quote Pressing "Drop access" redirects you to the normal Wiki page, away from t...

Mozilla Firefox - Cookie Verification Denial of Service

Mozilla Firefox - Cookie Verification Denial of Service source: https://www.securityfocus.com/bid/62969/info Mozilla Firefox is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject specia...

CVE-2013-0125

creationtimestamp| type| source ---|---|--- 2013-04-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38415...

Moderate: Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

[SECURITY] Fedora 17 Update: mantis-1.2.14-1.fc17

Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.14...

[SECURITY] Fedora 18 Update: mantis-1.2.14-1.fc18

Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.14...

Moderate: Red Hat Security Advisory: Subscription Asset Manager 1.2.1 update

Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

RedHat Update for kernel RHSA-2013:0630-01

Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2013:0630-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

DEBIAN-CVE-2011-1165

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks...

ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability EMC Identifier: ESA-2013-012 CVE Identifier: CVE-2013-0931 Severity Rating: CVSS v2 Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Affected Products: Product...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a...

(RHSA-2013:0577) Low: Red Hat Enterprise Virtualization 2 - End Of Life

In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization RHEV 2.x installations to version 3.0. The upgrade from RHEV Manager...

Nmap NSE 6.01: ntp-info

Gets the time and configuration variables from an NTP server. We send two requests: a time request and a 'read variables' opcode 2 control message. Without verbosity, the script shows the time and the value of the 'version', 'processor', 'system', 'refid', and 'stratum' variables. With verbosity,...

libvirt security, bug fix, and enhancement update

libvirt-0.10.2-18.0.1.el6 - Replace docs/et.png in tarball with blank image 0.10.2-18 - rpc: Fix crash on error paths of message dispatching CVE-2013-0170 - spec: Disable libssh2 support rhbz513363 0.10.2-17 - storage: Fix lvcreate parameter for backingStore. rhbz896398 - qemu: Don't return succe...