[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...

SuSE 11.2 Security Update : Xen (SAT Patch Number 7492)

XEN has been updated to fix various bugs and security issues : - XSA 36 To avoid an erratum in early hardware, the Xen AMD IOMMU code by default choose to use a single interrupt remapping table for the whole system. This sharing implied that any guest with a passed through PCI device that is bus...

Asteriskguru Queue Statistics Cross Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...

Asteriskguru Queue Statistics - warning Cross-Site Scripting

Asteriskguru Queue Statistics - warning Cross-Site Scripting source: https://www.securityfocus.com/bid/58418/info Asteriskguru Queue Statistics is prone to an cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute...

Asteriskguru Queue Statistics - 'warning' Cross-Site Scripting

source: https://www.securityfocus.com/bid/58418/info Asteriskguru Queue Statistics is prone to an cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by...

CVE-2013-0170

Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability (cisco-sa-20120926-c10k-tunnels)

Cisco IOS Software contains a queue wedge vulnerability that can be triggered when processing IP tunneled packets. Only Cisco IOS Software running on the Cisco 10000 Series router has been demonstrated to be affected. Successful exploitation of this vulnerability may prevent traffic from transiti...

CVE-2012-4620

Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service interface queue wedge via tunneled 1 GRE/IP, 2 IPIP, or 3 IPv6 in IPv4 packets, aka Bug ID CSCts66808...

Cisco IOS Software Tunneled Traffic Queue Wedge Vulnerability

Cisco IOS Software contains a queue wedge vulnerability that can be triggered when processing IP tunneled packets. Only Cisco IOS Software running on the Cisco 10000 Series router has been demonstrated to be affected. Successful exploitation of this vulnerability may prevent traffic from...

CVE-2012-2199

The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service invalid address alignment exception and daemon crash via vectors involving a multiplexed channel...

Security feature bypass

IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors...

CVE-2012-3295

IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors...

Cisco IOS Aironet Access Point DoS

The remote Cisco IOS device may have a denial of service vulnerability. An input queue wedge can occur when IOS is running on an Aironet Access Point. This results in clients being unable to be authenticated, resulting in a denial of service. C Tenable Network Security, Inc. include"compat.inc"; ...

CVE-2012-1350

Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service radio-interface input-queue hang via IAPP 0x3281 packets, aka Bug ID CSCtc12426...

Scientific Linux Security Update : sendmail on SL4.x i386/x86_64

A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a...

DEBIAN-CVE-2012-4025

Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted blocklog field in the superblock of a .sqsh file, leading to a heap-based buffer overflow...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

CVE-2011-4015

Cisco IOS 15.2S allows remote attackers to cause a denial of service interface queue wedge via malformed UDP traffic on port 465, aka Bug ID CSCts48300...