OrientDB < 2.0.7 / 2.1.0 Weak Session IDs

The version of OrientDB running on the remote host is prior to 2.0.7 or 2.1.0. It is, therefore, affected by a weak session ID flaw due to usage of the Java library java.util.Random. An unauthenticated, remote attacker can exploit this to predict session IDs to facilitate brute-force attacks. Som...

IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries : - An error exists in the libcURL and OpenSSL libraries...

[SECURITY] Fedora 20 Update: owasp-esapi-java-2.1.0-2.fc20

OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...

[SECURITY] Fedora 21 Update: smack-4.0.6-1.fc21

Smack is an Open Source XMPP Jabber client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices...

Oracle Application Framework Diagnostic Mode Bypass Vulnerability

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1...

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...

CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

Oracle Application Framework - Diagnostic Mode Bypass

Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1.3 Product description: The Oracle...

Fedora Update for guacamole-ext FEDORA-2012-14179

Check for the Version of guacamole-ext OpenVAS Vulnerability Test Fedora Update for guacamole-ext FEDORA-2012-14179 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 16 Update: guacamole-common-0.6.1-2.fc16

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

[SECURITY] Fedora 17 Update: guacamole-ext-0.6.1-2.fc17

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

[SECURITY] Fedora 18 Update: guacamole-ext-0.6.1-2.fc18

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

[SECURITY] Fedora 18 Update: guacamole-common-0.6.1-2.fc18

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

JDownloader JDExternInterface.java远程代码执行漏洞

BUGTRAQ ID: 38143 JDownloader是专为Rapidshare等站点设计的网盘下载工具。 JDownloader在下载过程中所传输的密钥可能为明文或JavaScript代码，之后在Mozilla Rhino Javascript实现中执行。以下是相关代码: （plugins/JDExternInterface.jar/JDExternInterface.java）： String jk = Encoding.urlDecoderequest.getParameters.get"jk", false; ... Context cx = Context.enter;...

nCipher problems

Weak key generation during installation, problems with java library...