Debian: Security Advisory (DSA-2488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : sl-release on SL5.1 i386/x86_64

The configuration file /etc/sysconfig/rhn/sources had still been set to 5rolling instead of 51. 5rolling is the development area for Scientific Linux 5. If a user was using a program that used /etc/sysconfig/rhn/sources as a configuration file, they would be getting development updates in additio...

Hack a Server - The man behind the idea

"Choose a job you love, and you will never have to work a day in your life" said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing...

Debian DSA-2513-1 : iceape - several vulnerabilities

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2012-1948 Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey identified several memory safety problems that may lead to the execution of arbitrary code. - CVE-2012-1954...

Hadoop 1.0.3 Symlink

Software : hadoop-1.0.3 Vulnerability : Symlink Problem type : local CVE ID : CVE-2012-2945 Date : May 28, 2012 Affected : min May 08, 2012 Symptom: $ echo $JAVAHOME /usr/lib/jvm/java-7-openjdk $ file /tmp/hadoop-root-tasktracker.pid /tmp/hadoop-root-tasktracker.pid: symbolic link to /etc/passwd-...

Performance Charts for vSphere Environment Display "No data available"

Challenge Veeam ONE Client shows the "No data available" message on performance charts for different metrics: Cause Here are the most common reasons for missing data on the performance charts: The Veeam ONE service account does not have Write access to the "PerfСache" folder. The account used by...

Fortinet FortiWeb Web Application Firewall - Policy Bypass

Fortinet FortiWeb Web Application Firewall - Policy Bypass BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWe...

Fortinet FortiWeb Web Application Firewall - Policy Bypass

BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web...

HDWiki 5.1 arbitrary User Password Change vulnerability and fix-vulnerability warning-the black bar safety net

HDWiki reset the password there is a logical vulnerability, the attacker can modify any user password. Detailed description: control/user.php function dogetpass ...... elseifisset$this-post'verifystring' $uid=$this-post'uid'; $encryptstring=$this-post'verifystring';...

Opera < 11.62 Multiple Vulnerabilities

The version of Opera installed on the remote Windows host is earlier than 11.62 and is, therefore, potentially affected by multiple vulnerabilities : - The download dialog box can be displayed in a very small window thus, tricking a user into not realizing it is open. Certain keyboard entries aft...

The Pirate Bay plans Low Orbit Server Drones to beat #Censorship

The Pirate Bay plans Low Orbit Server Drones to beat Censorship One of the world's largest BitTorrent sites "The Pirate Bay" is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down. In a Sunday blog post, The Pirate Bay announc...

pidgin OTR information leakage

Pidgin transmits OTR off-the-record conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Pidgin is a popular Instant Messenger application that runs on a...

Roman Andreev wins Facebook Hacker Cup 2012

Roman Andreev wins Facebook Hacker Cup 2012 25 of the world's best hackers gathered for Facebook's 2nd annual Hacker Cup event being held at its offices in Menlo Park. Roman Andreev from Russia completed one problem correctly in 1 hr 4 min and won Facebook's Hacker Cup to get his name placed on a...

DDOS attack on LIME's Internet system

DDOS attack on LIME's Internet system LIME says the majority of the customers experiencing degradation in their broadband services over the past few days are now back online and connecting at normal speeds. LIME says the type of attack is known in technology circles as a distributed denial of...

Mandriva Update for firefox MDVA-2012:014 (firefox)

Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVA-2012:014 firefox Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

NWork Download Now Button Is Available But Nothing Happens?

Challenge When clicking the "Download Now" Button, you are redirected to another Veeam page or stay at the Download page. OR Cause This is due to the "Download Now" Button, by default, creates a new tab and popups the .zip file that is trying to be downloaded. Solution There are 2 solutions for...

Fedora 16 : libvirt-0.9.6-4.fc16 (2011-17267)

This release of libvirt fixes a minor security problem with extraneous iptables rules being added when an externally managed network new feature in 0.9.4 exists, along with several bugfixes. Another important change in this release is code to automatically convert guest definitions containing the...

libxml2 security and bug fix update

2.7.6-4.0.1.el6 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2.7.6-4 - Fixes another XPath problem CVE-2011-2834 - Resolves: rhbz732335 2.7.6-3 - Fixes various other issues in 2.7.6 XPath evaluation - Resolves: rhbz732335 2.7.6-2 - Fix a...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7404)

A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running postgresql. CVE-2010-4015:CVSS v2 Base Score: 4.9 Additionally a possible log forging problem was fixed too. CVE-2010-4014 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 10 Security Update : pure-ftpd, pure-ftpd-debuginfo (ZYPP Patch Number 7724)

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...