RHEL 5 : squirrelmail (RHSA-2013:0126)

An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

CVE-2012-4846

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68...

Design/Logic Flaw

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68...

CVE-2012-4846

CVE-2012-4846 is corroborated by OpenVAS entries describing IBM Lotus Notes Web Application XSS vulnerabilities across Linux, Windows, and Mac OS X. The OpenVAS tests (IDs 803216, 803215, 1361412562310803218, 1361412562310803215, 1361412562310803218) associate the CVE with an XSS issue in the Lot...

Debian DSA-2587-1 : libcgi-pm-perl - HTTP header injection

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

kernel: xen: Memory mapping failure can crash Xen

Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the setp2mentry function fails, which allows local HVM guest OS administrators to cause a denial of service memory consumption and assertion failure, aka "Memory mapping failure DoS...

Fedora 17 : mod_security-2.7.1-3.fc17 / mod_security_crs-2.2.6-3.fc17 (2012-18315)

Update to 2.7.1 - Update Core rules set to 2.2.6 - Fix build against libxml2 = 2.9 upstreamed - Add some missing directives RHBZ 569360 - Fix multipart/invalid part ruleset bypass issue CVE-2012-4528 RHBZ 867424, 867773, 867774 Note that Tenable Network Security has extracted the preceding...

Newscoop 4.0.2 Path Disclosure / SQL Injection

================================================================================ Vulnerable Software: Newscoop 4.0.2 Official site: sourcefabric.org Vulnerabilities: Blind SQLi & Path Disclosure Condition to exploit this vulnerability: GPC must be set OFF. Discovered by: AkaStep && KASIBOGLAN...

USN-1643-1: Perl vulnerabilities

It was discovered that the decodexs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. CVE-2011-2939 It was discovered that the 'new' constructor in the Digest module is...

Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1)

It was discovered that the decodexs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. CVE-2011-2939 It was discovered that the 'new' constructor in the Digest module is...

DEBIAN-CVE-2012-5526

CGI.pm module before 3.63 for Perl does not properly escape newlines in 1 Set-Cookie or 2 P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm...

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a tilde character in proximity to a chunk delimiter, which allows remote...

CVE-2012-4207

The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a tilde character in proximity to a chunk delimiter, which allows remote...

UBUNTU-CVE-2012-5526

CGI.pm module before 3.63 for Perl does not properly escape newlines in 1 Set-Cookie or 2 P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm...

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD? VSD Virtual Section Dumper is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header , dump a given range of memory or even list and dump every virtual...

Memory mapping failure DoS vulnerability

ISSUE DESCRIPTION When setp2mentry fails, Xen's internal data structures the p2m and m2p tables can get out of sync. This failure can be triggered by unusual guest behaviour exhausting the memory reserved for the p2m table. If it happens, subsequent guest-invoked memory operations can cause Xen t...

UBUNTU-CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service kernel OOPS by using the KVMSETSREGS ioctl to set the X86CR4OSXSAVE bit in the guest cr4 register, then calling the KVMRUN ioctl...

Debian: Security Advisory (DSA-2552-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...