Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Impro...

Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.5.3.fc16 (2013-2188)

The update contains the following security fixes : - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Improve thread pool shutdow...

Fedora 16 : java-1.6.0-openjdk-1.6.0.0-69.1.11.6.fc16 (2013-1898)

Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Updated to icedtea6 1.11.6 - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction...

OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: th...

OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information ...

RHEL 5 : libvirt (RHSA-2011:0478)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0478 advisory. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition,...

CentOS Update for freeradius2 CESA-2013:0134 centos5

Check for the Version of freeradius2 OpenVAS Vulnerability Test CentOS Update for freeradius2 CESA-2013:0134 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS 5 : freeradius2 (CESA-2013:0134)

Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CVE-2013-0764

CVE-2013-0764 affects Mozilla Firefox (before 18.0), Firefox ESR (before 17.0.2), Thunderbird (before 17.0.2 and ESR 17.x before 17.0.2), and SeaMonkey (before 2.15). The vulnerability is a thread-safety issue in nsSOCKSSocketInfo::ConnectToProxy that can allow remote code execution through craft...

CVE-2013-0764

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrar...

Low: Red Hat Security Advisory: freeradius2 security and bug fix update

Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CVE-2011-2731

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...

CVE-2011-2731

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...

SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference

SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference IOActive Security Advisory Title: SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference Severity: Critical Discovered by: Lucas Apa Date Reported: 09/11/12 CVE: TBD Siemens Advisory: SSA-938777...

Sitecom MD-25x Reverse Root Shell

!/usr/bin/python Exploit Title: Sitecom MD-253 and MD-254 Network Storage Reverse Shell Exploit Date: 09/11/12 Exploit Author: Mattijs van Ommeren mattijs at alcyon dot nl Vendor Homepage: http://www.sitecom.com Software Link: http://www.sitecom.com/download/5012/SitecomNas.2.4.17.bin Version:...

Mandriva Update for python-django MDVSA-2012:143 (python-django)

Check for the Version of python-django OpenVAS Vulnerability Test Mandriva Update for python-django MDVSA-2012:143 python-django Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

rpc-grind NSE Script

Fingerprints the target RPC port to extract the target service, RPC number and version. The script works by sending RPC Null call requests with a random high version unsupported number to the target service with iterated over RPC program numbers from the nmap-rpc file and check for replies from t...

Hastymail2 Webmail 1.1 RC2 Stored XSS

Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: Hastymail2 Webmail Stored XSS Date: 17/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hastymail.org Software Link: http://sourceforge.net/projects/hastymail/files/latest/download...

Hastymail2 Webmail 1.1 RC2 Cross Site Scripting

!/usr/bin/python ''' Exploit Title: Hastymail2 Webmail Stored XSS Date: 17/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hastymail.org Software Link: http://sourceforge.net/projects/hastymail/files/latest/download Version: 1.1 RC2 Gr33Tz: @aviadgolan , @benhayak,...

hastymail2 webmail 1.1 rc2 - Persistent Cross-Site Scripting

!/usr/bin/python ''' Exploit Title: Hastymail2 Webmail Stored XSS Date: 17/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hastymail.org Software Link: http://sourceforge.net/projects/hastymail/files/latest/download Version: 1.1 RC2 Gr33Tz: @aviadgolan , @benhayak,...