Solaris rpc.cmsd服务远程整数溢出漏洞

BUGTRAQ ID: 43933 CVE ID: CVE-2010-3509 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris中所运行的rpc.cmsd服务存在整数溢出漏洞，远程攻击者可以通过向该服务提交恶意RPC请求触发这个溢出，导致拒绝服务或以root用户权限执行任意代码。 Sun Solaris 9.0x86 Sun Solaris 9.0 Sun Solaris 8.0x86 Sun Solaris 8.0 Sun Solaris 10.0x86 Sun Solaris 10.0 厂商补丁： Oracle ------...

Oracle Sun Java System Web Server - HTTP Response Splitting

Exploit for jsp platform in category web applications =========================================================== Oracle Sun Java System Web Server - HTTP Response Splitting =========================================================== Description Security-Assessment.com discovered that is possible...

Oracle Sun Java System Web Server - HTTP Response Splitting

Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...

Oracle Sun Java System Web Server - HTTP Response Splitting

Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied input is used to generate the value of an HTTP header, as shown ...

RedHat Update for kdegraphics RHSA-2010:0753-01

Check for the Version of kdegraphics OpenVAS Vulnerability Test RedHat Update for kdegraphics RHSA-2010:0753-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for xpdf CESA-2010:0751 centos4 i386

Check for the Version of xpdf OpenVAS Vulnerability Test CentOS Update for xpdf CESA-2010:0751 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Oracle Virtual Server Agent Command Injection

Exploit for unix platform in category remote exploits ============================================= Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracl...

Oracle Releases Critical Patch for October 2010

Oracle has released its Critical Patch Update for October 2010 to address 85 vulnerabilities across multiple products. This update contains the following security fixes: 7 for Oracle Database Server 8 for Oracle Fusion Middleware 1 for Oracle Enterprise Manager Grid Control 6 for Oracle E-Busines...

Oracle Critical Patch Update Advisory - October 2010

Oracle Critical Patch Update Advisory - October 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

Oracle Virtual Server Agent - Command Injection

Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...

Oracle Critical Patch Update - October 2010

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only th...

Oracle Releases Pre-Release Announcement for October 2010

Oracle has issued a critical patch update pre-release announcement indicating that its October release will contain 81 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, October 12, 2010. US-CERT encourages users and administrators to review the pre-release...

Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

RedHat Update for samba3x RHSA-2010:0698-01

Check for the Version of samba3x OpenVAS Vulnerability Test RedHat Update for samba3x RHSA-2010:0698-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Moderate: Red Hat Security Advisory: gnupg2 security update

An updated gnupg2 package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

MDVA-2010:001 : a2ps

The a2ps package as provided in Mandriva Linux 2010.0 contains improvements concerning paper auto-detection, locale recognition and security issues. The locale recognition prevented the application to perform correctly, this update fixes the issue. %NASLMINLEVEL 70300 @DEPRECATED@ This script has...

Solaris wbem Unsafe Use Of Temporary Files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Below is the full disclosure information for CVE-2010-2384. It was reported to [email protected] on 3 January, 2010 and assigned Sun bug 6913886. This vulnerability was addressed by Sun/Oracle in the July 2010 Critical Patch Update...

CVE-2010-2384: Solaris wbem unsafe use of temporary files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Below is the full disclosure information for CVE-2010-2384. It was reported to [email protected] on 3 January, 2010 and assigned Sun bug 6913886. This vulnerability was addressed by Sun/Oracle in the July 2010 Critical Patch Update...

US-CERT Technical Cyber Security Alert TA10-194B -- Oracle Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-194B Oracle Updates for Multiple Vulnerabilities Original release date: July 13, 2010 Last revised: -- Source: US-CERT Systems Affected Oracle Database 11g Release 2, version 11.2.0.1...

ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting

ORACLE Business Process Management Process Administrator 5.7-6.0-10.3 - Cross-Site Scripting |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // //...