Scientific Linux Security Update : libgtop2 on SL4.x i386/x86_64

A flaw was found in the way libgtop2 handled long filenames mapped into the address space of a process. An attacker could execute arbitrary code on behalf of the user running gnome-system-monitor by executing a process and mapping a file with a specially crafted name into the processes' address...

Scientific Linux Security Update : kvm on SL5.x x86_64

It was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash denial of service or, possibly, resulting in th...

Scientific Linux Security Update : nfs-utils-lib on SL5.x i386/x86_64

Details : Tenable Network Security discovered a stack-based buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

CVE-2011-2496

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

Integer overflow

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

CVE-2011-2496

Integer overflow in the vmatoresize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service BUGON and system crash via a crafted mremap system call that expands a memory mapping...

Passive DNS Network Mapper: dnsmap

Passive DNS Network Mapper dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments . During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names,...

[SECURITY] Fedora 17 Update: python-sqlalchemy0.5-0.5.8-9.fc17

SQLAlchemy is an Object Relational Mappper ORM that provides a flexible, high-level interface to SQL databases. Database and domain concepts are decoupled, allowing both sides maximum flexibility and power. SQLAlchemy provides a powerful mapping layer that can work as automatically or as manu all...

[SECURITY] Fedora 16 Update: python-sqlalchemy0.5-0.5.8-9.fc16

SQLAlchemy is an Object Relational Mappper ORM that provides a flexible, high-level interface to SQL databases. Database and domain concepts are decoupled, allowing both sides maximum flexibility and power. SQLAlchemy provides a powerful mapping layer that can work as automatically or as manu all...

Analyzing ASLR in Android Ice Cream Sandwich 4.0

When I first saw the release notes for the new Android Ice Cream Sandwich ICS platform, I was excited to see that Google mentioned that “Android 4.0 now provides address space layout randomization”. For the uninitiated, ASLR randomizes where various areas of memory eg. stack, heap, libs, etc are...

Creating Replication Jobs in Backup & Replication version 6.x

Challenge How to create replication jobs. Solution To replicate virtual machines, you should create a replication job by means of the New Replication Job wizard. You can perform the created job immediately, schedule, or save it. Before You Begin • Prior to creating a replication job, make sure yo...

NAT-PMP Port Mapper

Map forward TCP and UDP ports on NAT devices using NAT-PMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NAT-PMP Port Mapper', 'Description' = 'Map forward TCP and UDP ports on NAT devices...

nat-pmp-mapport NSE Script

Maps a WAN port on the router to a local port on the client using the NAT Port Mapping Protocol NAT-PMP. It supports the following operations: map - maps a new external port on the router to an internal port of the requesting IP unmap - unmaps a previously mapped port for the requesting IP unmapa...

DEBIAN-CVE-2011-4349

Multiple SQL injection vulnerabilities in 1 cd-mapping-db.c and 2 cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and a device id, b property, or c profile id...

Ubuntu Update for linux USN-1286-1

Ubuntu Update for Linux kernel vulnerabilities USN-1286-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12861.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux USN-1286-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...