4408 matches found
commons-configuration
| | math | | 1.2 | |...
CVE-2012-5337
creationtimestamp| type| source ---|---|--- 2013-02-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38334...
rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...
(RHSA-2013:0552) Low: Red Hat Enterprise Virtualization 2 1-week EOL Notice
In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 will end on 1st March, 2013. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization RHEV 2.x installations to version 3.0. The upgrade...
[SECURITY] Fedora 17 Update: postgresql-9.1.8-1.fc17
PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...
PostgreSQL Patches DOS Vulnerability, Other Security Issues
PostgreSQL, a database management system for Linux, FreeBSD and other platforms patched a hole today that could have opened the system up to a denial-of-service DOS vulnerability in addition to a slew of other security flaws. An attacker could have leveraged the DOS vulnerability CVE-2013-0255 as...
Ruby -- XSS exploit of RDoc documentation generated by rdoc
Ruby developers report: RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to...
PayPal Addresses Months-Old SQL Injection Vulnerability, Frozen Accounts
Researchers with Vulnerability Lab today announced mega payment processor PayPal has fixed a flaw on its site that allowed a remote user or a local user with low privileges to compromise a Web application using a blind SQL injection. The vulnerability was first reported to PayPal back in August,...
[SECURITY] Fedora 18 Update: nagios-3.4.4-1.fc18
Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...
[SECURITY] Fedora 17 Update: nagios-3.4.4-1.fc17
Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...
[SECURITY] Fedora 16 Update: nagios-3.4.4-1.fc16
Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...
libvirt security and bug fix update
0.8.2-29.0.1.el5 - Replaced docs/et.png in tarball - remove virshtest from test cases to fix failure in mock build root libvirt-0.8.2-29.el5 - Coverity pointed out an use after free in the fix for 816601 rhbz772848 libvirt-0.8.2-28.el5 - qemu: Rollback on used USB devices rhbz816601 - qemu: Don't...
OpenIPMI security, bug fix, and enhancement update
2.0.16-16.el5 - ipmitool: fix ipmi command retry shifts replies 863310 2.0.16-15.el5 - ipmitool: added -b, -B, -l and -T options to ipmitool man page 846596 - ipmitool: fixed man page documentation for delloem setled command 797050 2.0.16-14.el5 - ipmitool: fixed wrong permissions on ipmievd.pid...
Low: Red Hat Security Advisory: OpenIPMI security, bug fix, and enhancement update
Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...
Debian DSA-2600-1 : cups - privilege escalation
Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges. This update...
Debian Security Advisory DSA 2600-1 (cups - privilege escalation)
Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges. This update...
DSA-2586-1 perl - several
Bulletin has no description...
ESA-2012-054: RSA ® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities
ESA-2012-054.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-054: RSA ® Adaptive Authentication On-Premise Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2012-054 CVE Identifier: CVE-2012-4611 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected...
[SECURITY] Fedora 16 Update: mantis-1.2.12-1.fc16
Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.12...
CVE-2012-3431
The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...