SUSE: Security Advisory for krb5 (SUSE-SU-2014:1028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VuFind 1.0 Cross Site Scripting

VuFind 1.0 Web Application Reflected XSS Cross-site Scripting 0-Day Bug Security Issue Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability Product: VuFind Vendor: VuFind Vulnerable Versions: 1.0 Tested Version: 1.0 Advisory Publication: September 20, 2015...

NetScaler Gateway Stuck at cgi/setclient After Log On

NetScaler Gateway stuck at cgi/setclient after log on...

FreeBSD : pcre -- heap overflow vulnerability (6900e6f1-4a79-11e5-9ad8-14dae9d210b8)

Guanxing Wen reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the...

CVE-2015-3908

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

SUSE SLED12 / SLES12 Security Update : augeas (SUSE-SU-2015:1249-1)

This update fixes an untrusted argument escaping problem CVE-2014-8119 : - new API - augescapename - which can be used to escape untrusted inputs before using them as part of path expressions - augmatch is changed to return properly escaped output Note that Tenable Network Security has extracted...

abrt: does not validate contents of uploaded problem reports

It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other...

abrt: default event scripts follow symbolic links

It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges...

[SECURITY] Fedora 22 Update: gnome-abrt-1.2.0-1.fc22

A GNOME application allows users to browse through detected problems and provides them with convenient way for managing these problems...

abrt: abrt-dbus does not guard against crafted problem directory path arguments

It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and...

abrt: does not validate contents of uploaded problem reports

It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other...

abrt: default event scripts follow symbolic links

It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges...

PT-2017-6533 · Red Hat +1 · Abrt +2

Name of the Vulnerable Software and Affected Versions: Automatic Bug Reporting Tool ABRT affected versions not specified Description: The issue concerns the event scripts in ABRT, which use world-readable permission on a copy of the sosreport file in problem directories. This allows local users t...

SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0387-1)

This update fixes the following security issues with apache2 httpd : - Improper LDLIBRARYPATH handling CVE-2012-0883 - Filename escaping problem CVE-2012-2687 Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. Note that Tenable Network Security has...

SQLite Denial of Service Vulnerability (CNVD-2015-02748)

SQLite is an open source C-based embedded relational database management system developed by American software developer D. Richard Hipp. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in the 'sqlite3VXPrintf' function in the...

The IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

BOA Web Server 0.94.8.2 - Arbitrary File Access Vulnerability

Exploit for linux platform in category web applications Title: Vulnerability in BOA web server v0.94.8.2 Date: 03/10/2000 Status: Vendor contacted, patch available Scope: Arbitrary file access Author: llmora Release: Public S 2 1 S E C http://www.s21sec.com Vulnerability in BOA web server v0.94.8...

White House Executive Order Declares Cyber National Emergency

U.S. President Barack Obama last week issued an Executive Order declaring a national emergency and deputizing the Treasury Secretary and Attorney General to apply sanctions and other consequences for international actors deemed to have engaged in “cyber-enabled activities” detrimental to U.S...

Factlink: Frameset Proxy Problem

I was testing out the proxy pages http://fct.li, http://staging.fct.li and I found that if I create an HTML page with a frameset not to be confused with iframe, then I would be able to get rid of the dialog top right corner that reads: "You're looking at this page through Factlink visit original...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...