[SECURITY] Fedora 20 Update: php-horde-kronolith-4.2.4-1.fc20

Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...

[SECURITY] Fedora 20 Update: mariadb-5.5.40-1.fc20

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

Important: Red Hat Security Advisory: mariadb-galera security update

Updated mariadb-galera packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser

Hi, This is the 6th part of the ManageOwnage series. For previous parts see 1. This time we have two 0 day vulns CVE-2014-6038 and 6039 that can be abused to dump information from the database and obtain the superuser credentials for Windows and AS/400 hosts which are managed by EventLog Analyzer...

ManageEngine EventLog Analyzer agentHandler Information Disclosure (CVE-2014-6038)

An information disclosure vulnerability exists in ManageEngine EventLog Analyzer. The vulnerability is due to a failure to restrict access to confidential data and an input validation error in the agentHandler servlet. A remote unauthenticated attacker can exploit the vulnerability to disclose...

CentOS 7 : mariadb (CESA-2014:1861)

Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)

Multiple vulnerabilities in ManageEngine EventLog Analyzer Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 05/11/2014 / Last updated: 05/11/2014 Background on the affected product:...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)

ManageEngine EventLog Analyzer - Multiple Vulnerabilities 2 Multiple vulnerabilities in ManageEngine EventLog Analyzer Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 05/11/2014 / Last...

Enterprise Manager Install fails with Patched Database Error

Purpose If the Veeam Backup Enterprise Manager software is moved, or needs to be reinstalled and it was previously patched it errors out with the following error: Cause The SQL database that is being reused contains table entries that mark it as having been used with a newer version the version o...

[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

Debian Security Advisory DSA 2985-1 (mysql-5.5 - security update)

Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:...

Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3139/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. A buffer overflow has been discovered in the handling of $ORACLEHOME ...

JBoss 3.0.8/3.2.1 HSQLDB Remote Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of...

PHP Grade Book 1.9.4 Unauthenticated SQL Database Export

No description provided by source. 'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the...

redaxscript 0.3.2 - Multiple Vulnerabilities

No description provided by source. ================================== Vulnerability ID: HTB22805 Reference: http://www.htbridge.ch/advisory/pathdisclosureinredaxscript.html Product: Redaxscript Vendor: http://redaxscript.com/ http://redaxscript.com/ Vulnerable Version: 0.3.2 Vendor Notification: ...

Injader CMS Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22745 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininjadercms1.html Product: Injader CMS Vendor: http://www.injader.com/ http://www.injader.com/ Vulnerable Version: 2.4.4 Vendor Notification: 07 December 2010 Vulnerability...

EQdkp <= 1.3.1 (Referer Spoof) Remote Database Backup Vulnerability

No description provided by source. Title: EQdkp = 1.3.1 Referer Spoof to access to SQL Database URL: http://www.eqdkp.com Hook: Powered by EQdkp Author: Eight10 Contact: [email protected] --------------------------------------------------------------------------------------------------------...

YourTube <= 2.0 Arbitrary Database Disclosure Exploit

No description provided by source. ? //= exploit : YourTube = 2.0 Remote SQL Database Disclosure //= info : http://www.ac4p.com //= DORK: powered by yourtube //= found by: Security Code Team - thanks for sniper code and Qabandi -- //= our home: WwW.Sec-Code.com //= greats 4 our members in our hom...

PHPNuke 6.0/6.5 Forum Module Viewforum.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7194/info It has been reported that an input validation error exists in the 'viewforum.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through...

Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive information pertaining to an SQL database. The AdSamples...