4420 matches found
Moderate: Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update
Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
[SECURITY] Fedora 17 Update: mantis-1.2.14-1.fc17
Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.14...
[SECURITY] Fedora 18 Update: mantis-1.2.14-1.fc18
Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis-1.2.14...
Moderate: Red Hat Security Advisory: Subscription Asset Manager 1.2.1 update
Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
CVE-2013-0248
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...
RedHat Update for kernel RHSA-2013:0630-01
Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2013:0630-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
DEBIAN-CVE-2011-1165
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks...
ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability EMC Identifier: ESA-2013-012 CVE Identifier: CVE-2013-0931 Severity Rating: CVSS v2 Base Score: 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P Affected Products: Product...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a...
(RHSA-2013:0577) Low: Red Hat Enterprise Virtualization 2 - End Of Life
In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization RHEV 2.x installations to version 3.0. The upgrade from RHEV Manager...
Nmap NSE 6.01: ntp-info
Gets the time and configuration variables from an NTP server. We send two requests: a time request and a 'read variables' opcode 2 control message. Without verbosity, the script shows the time and the value of the 'version', 'processor', 'system', 'refid', and 'stratum' variables. With verbosity,...
libvirt security, bug fix, and enhancement update
libvirt-0.10.2-18.0.1.el6 - Replace docs/et.png in tarball with blank image 0.10.2-18 - rpc: Fix crash on error paths of message dispatching CVE-2013-0170 - spec: Disable libssh2 support rhbz513363 0.10.2-17 - storage: Fix lvcreate parameter for backingStore. rhbz896398 - qemu: Don't return succe...
commons-configuration
| | math | | 1.2 | |...
CVE-2012-5337
creationtimestamp| type| source ---|---|--- 2013-02-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38334...
rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...
(RHSA-2013:0552) Low: Red Hat Enterprise Virtualization 2 1-week EOL Notice
In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 will end on 1st March, 2013. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization RHEV 2.x installations to version 3.0. The upgrade...
[SECURITY] Fedora 17 Update: postgresql-9.1.8-1.fc17
PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...
PostgreSQL Patches DOS Vulnerability, Other Security Issues
PostgreSQL, a database management system for Linux, FreeBSD and other platforms patched a hole today that could have opened the system up to a denial-of-service DOS vulnerability in addition to a slew of other security flaws. An attacker could have leveraged the DOS vulnerability CVE-2013-0255 as...
Ruby -- XSS exploit of RDoc documentation generated by rdoc
Ruby developers report: RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to...
PayPal Addresses Months-Old SQL Injection Vulnerability, Frozen Accounts
Researchers with Vulnerability Lab today announced mega payment processor PayPal has fixed a flaw on its site that allowed a remote user or a local user with low privileges to compromise a Web application using a blind SQL injection. The vulnerability was first reported to PayPal back in August,...