kernel Race condition in mincore can cause "ps -ef" to hang

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock...

BEA WebLogic Server account locking bypass

It's possible to bruteforce username/password of locked account...

S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server

S21Sec Advisory - Title: Infinite invalid authentication attempts possible in BEA WebLogic Server ID: S21SEC-040-en Severity: Medium Scope: BEA Weblogic Platforms: All Author: [email protected] URL: http://www.s21sec.com/avisos/s21sec-040-en.txt Release: Public SUMMARY It's possible to launch a...

CVE-2008-0294

Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors...

Code injection

Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors...

CVE-2008-0294

Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors...

CVE-2008-0294

CVE-2008-0294 affects FreeSeat prior to 1.1.5d. A flaw in the seat-locking implementation could allow an attacker to book a seat more than once via unspecified vectors. The vulnerability originates in the seat-locking logic; the exact attack vector is not detailed in the provided sources. The cit...

FreeBSD : gallery2 -- multiple vulnerabilities (9b718b82-8ef5-11dc-8e42-001c2514716c)

Gallery project reports : Gallery 2.2.3 addresses the following security vulnerabilities : - Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas - Unauthorized modification and retrieval of item properties possible with WebDAV - Unauthorized locking and replacing of...

Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will foll...

gallery2 -- multiple vulnerabilities

Gallery project reports: Gallery 2.2.3 addresses the following security vulnerabilities: Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas Unauthorized modification and retrieval of item properties possible with WebDAV Unauthorized locking and replacing of items...

CentOS 4 : kernel (CESA-2007:0488)

Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the...

kernel security update

CentOS Errata and Security Advisory CESA-2007:0488 Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Lin...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the...

Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass

-----Original Message----- Subject: Re: Full-disclosure screen 4.0.3 local Authentication Bypass Verified on OpenBSD I'm not seeing a 'Getpass error' message on 4.1-STABLE current, but there does seem to be a problem with locking and reattaching: $ screen space $ echo "This is the locked screen"...

kernel Race condition in mincore can cause "ps -ef" to hang

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock...

CVE-2006-4814

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock...

USN-395-1: Linux kernel vulnerabilities

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will foll...

Important: Red Hat Bug Fix Advisory: bind bug fix update

Updated bind packages that fix several bugs are now available. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. The bind package provides a DNS server named, which resolves host names to IP addresses, and tools for control and verification of the DN...

CVE-2006-3675

Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents...

CVE-2006-3675

CVE-2006-3675 affects Password Safe versions 2.11, 2.16 and 3.0BETA1. The vulnerability arises because the software does not enforce the configured lock-on-workstation-lock or idle-time events when specific dialog windows are open, potentially allowing a local attacker with access to the workstat...