[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

Nmap NSE net: informix-query

Runs a query against IBM Informix Dynamic Server using the given authentication credentials see also: informix-brute. SYNTAX: informix.instance: specifies the Informix instance to connect to informix-query.database: The name of the database to connect to default: sysmaster informix-query.username...

Nmap NSE net: oracle-enum-users

Attempts to enumerate valid Oracle user names against unpatched Oracle 11g servers this bug was fixed in Oracle's October 2009 Critical Patch Update. SYNTAX: userdb: The filename of an alternate username database. passdb: The filename of an alternate password database. tns.sid: specifies the Orac...

Nmap NSE net: informix-brute

Performs brute force password auditing against IBM Informix Dynamic Server. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable...

Nmap NSE net: oracle-brute

Performs brute force password auditing against Oracle servers. SYNTAX: brute.firstonly: stop guessing after first password is found default: false oracle-brute.sid: the instance against which to perform password guessing brute.retries: the number of times to retry if recoverable failures occurs...

CVE-2011-0992

CVE-2011-0992 describes a use-after-free in Mono when used with Moonlight 2.x before 2.4.1 or 3.x before 3.99.3. The vulnerability can lead to a crash of the Moonlight/Mono plugin and may allow an attacker to obtain sensitive information through vectors involving data in a resurrected MonoThread ...

CVE-2011-0991

Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance...

Oracle TNS Listener SID Bruteforce

This module queries the TNS listener for a valid Oracle database instance name also known as a SID. Any response other than a "reject" will be considered a success. If a specific SID is provided, that SID will be attempted. Otherwise, SIDs read from the named file will be attempted in sequence...

SAP Management Console Instance Properties

This module simply attempts to identify the instance properties through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Instanc...

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

plone -- Remote Security Bypass

Plone developer reports: This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still ...

Wordpress function do_trackbacks() SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================================== Wordpress function dotrackbacks SQL Injection Vulnerability ============================================================== Description: SQL injection vulnerability in dotrackbacks...

CVE-2010-3544

CVE-2010-3544 is a CSRF vulnerability in Oracle iPlanet Web Server (Sun Java System Web Server) prior to 7.0U9 that allows an attacker to stop a server instance via the management console when a user views a malicious page while authenticated. The issue is documented across multiple sources (JVN/...

Design/Logic Flaw

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner...

CVE-2005-1983

creationtimestamp| type| source ---|---|--- 2010-08-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16365 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms05039pnp.rb 2025-02-06 03:13:38+00:00| seen|...

informix-query NSE Script

Runs a query against IBM Informix Dynamic Server using the given authentication credentials see also: informix-brute. Script Arguments informix-query.query The query to run against the server default: returns hostname and version informix-query.username The username used for authentication...

Memory corruption

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...

CVE-2010-2755

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...

CVE-2010-1297

creationtimestamp| type| source ---|---|--- 2010-06-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/13787 2010-09-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/14853 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16614 2010-09-25...