3090 matches found
Oracle E-Business Suite password disclosure vulnerability
Overview Oracle E-Business Suite 12.0-12.1, when used with the native login pages or single sign-on SSO / Oracle Access Management OAM with the native login pages, contains a credential exposure vulnerability. Description Oracle E-Business Suite administrators who have applied CPU patches for Jul...
CVE-2013-4298
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service memory corruption and application crash via a crafted comment in a GIF image...
Agnitum Outpost Security Suite 8.1 - Local Privilege Escalation
Agnitum Outpost Security Suite 8.1 - Local Privilege Escalation Exploit Title: Agnitum Outpost security suite privilege escalation - 0Day Date: 2013-08-02 Exploit Author: Ahmad Moghimi http://mallocat.com , https://twitter.com/mall0cat Vendor Homepage: http://www.agnitum.com/ Software Link:...
Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update
An updated rhev-hypervisor6 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
SNMP Version 3 Authentication Bypass Vulnerabilities (cisco-sa-20080610-snmpv3)
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network informati...
New Reveton Ransomware Variant Steals Passwords
The developers of Reveton have expanded that ransomware’s repertoire with a password stealing functionality, according to new research. Ransomware, sometimes called scareware, is a type of malware that locks down infected machines, offering to unlock them only after a fee has been paid. Oftentime...
Linux Kernel 2.6.32 3.x (CentOS 56) - PERF_EVENTS Local Privilege Escalation (1)
Linux Kernel 2.6.32 3.x CentOS 56 - PERFEVENTS Local Privilege Escalation 1 / linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if yo...
CVE-2013-1914
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library aka glibc or libc6 2.17 and earlier allows remote attackers to cause a denial of service crash via a 1 hostname or 2 IP address that triggers a large number of domain conversion results...
SAP Portal - Unvalidated redirect
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...
SAP Portal WebDynPro - Path disclosure
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1852146 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:...
SAP NetWeaver J2EE DAS service - Unauthorized Access
Application: SAP NetWeaver JAVA Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.07.2015 Reference: SAP Security Note 1945215 Authors: Alexander Polyakov ERPScan VULNERABILITY INFORMATION Class: Unauthorized Acce...
CVE-2013-1834
CVE-2013-1834 affects Moodle: notes/edit.php in Moodle 1.9.x–1.9.19, 2.x–2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes by modifying (userid) or (courseid) fields. The vulnerability arises from improper input handling in ...
Samsung Galaxy Note II lock screen bypass vulnerability
iOS was in the news lately for a series of security mishaps, but this time android back in scene. A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 that allows hackers to briefly bypass the phone's lock screen without needing a password. By hitting "emergency cal...
[Onapsis Security Advisory 2013-003] SAP Enterprise Portal Cross-Site-Scripting
Onapsis Security Advisory 2013-003: SAP Enterprise Portal Cross-Site-Scripting This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories,...
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ CORE-2012-1128 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date...
SAP NetWeaver Message Server - Multiple Vulnerabilities
SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information...
SAP NetWeaver ABAD0_DELETE_DERIVATION_TABLE - SQL Injection
Application: SAP NetWeaver Versions Affected: 7.30 Basis 720 SP 0, Kernel 720 patch 68 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: NO Reported: 25.01.2013 Vendor response: 26.01.2013 Date of Public Advisory: 30.08.2013 Reference: SAP Security Note 1840249 Author: Nikolay Mescheri...
Samsung Exynos芯片内核device /dev/exynos-mem本地权限提升漏洞
BUGTRAQ ID: 56955 Exynos是韩国三星电子基于ARM构架处理器品牌。 Samsung Exynos在内核设备/dev/exynos-mem内存在安全漏洞,此设备允许所有用户读写所有物理内存,导致攻击者获取系统的root访问权限。/dev/exynos-mem用于图形处理,例如照相机、图形内存分配、hdmi等。多个设备受到影响:Samsung Galaxy S2、Samsung Galxy Note 2、MEIZU MX、所有嵌入了exynos处理器(4210和4412)的设备。有3个库使用了/dev/exynos-mem:...