Apache Tomcat Security Bypass
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as...
View ArticleApache Tomcat CSRF Prevention Filter Bypass
The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through...
View Articleipset 6.16.1
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with...
View ArticleTectia SSH USERAUTH Change Request Password Reset
This Metasploit module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing...
View ArticleEktron 8.02 XSLT Transform Remote Code Execution
This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The...
View ArticleOpenDNSSEC 1.3.12
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet...
View ArticleSecunia Security Advisory 51470
Secunia Security Advisory - Ubuntu has issued an update for linux-ec2. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
View ArticleSecunia Security Advisory 51473
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS...
View ArticleSecunia Security Advisory 51462
Secunia Security Advisory - Kaveh Ghaemmaghami has discovered a vulnerability in Opera, which can be exploited by malicious people to potentially compromise a user's system.
View ArticleSecunia Security Advisory 51495
Secunia Security Advisory - SUSE has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of...
View ArticleSecunia Security Advisory 51489
Secunia Security Advisory - A vulnerability has been reported in Mesa, which can be exploited by malicious people to cause a DoS (Denial of Service).
View ArticleSecunia Security Advisory 51475
Secunia Security Advisory - Red Hat has acknowledged a vulnerability in Red Hat Network Proxy and Red Hat Network Satellite Server, which can be exploited by malicious people to bypass certain security...
View ArticleSecunia Security Advisory 51425
Secunia Security Advisory - Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of...
View ArticleSecunia Security Advisory 51472
Secunia Security Advisory - Multiple vulnerabilities have been reported in Red Hat CloudForms, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate...
View ArticleSecunia Security Advisory 51486
Secunia Security Advisory - Citrix has acknowledged multiple vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service)...
View ArticleSecunia Security Advisory 51494
Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in cPanel.
View ArticleSecunia Security Advisory 51484
Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
View ArticleKordil EDMS 2.2.60rc3 SQL Injection
Kordil EDMS version 2.2.60rc3 suffers from a remote SQL injection vulnerability.
View ArticleBuffalo Linkstation Privilege Escalation
Buffalo Linkstation (and various other Buffalo products) suffer from a privilege escalation vulnerability where a permanent guest account can be used to change the administrative password.
View ArticleFOOT Gestion CMS SQL Injection
FOOT Gestion CMS suffers from a remote SQL injection vulnerability.
View ArticleRed Hat Security Advisory 2012-1546-01
Red Hat Security Advisory 2012-1546-01 - On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited...
View ArticleRed Hat Security Advisory 2012-1547-01
Red Hat Security Advisory 2012-1547-01 - On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited...
View ArticleUbuntu Security Notice USN-1654-1
Ubuntu Security Notice 1654-1 - It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain...
View ArticleUbuntu Security Notice USN-1656-1
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted...
View ArticleUbuntu Security Notice USN-1655-1
Ubuntu Security Notice 1655-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially...
View Article
