<< Previous Next >>
fix
still very popular. VIM improves on vi by adding new features: multiple
windows, multi-level undo, block highlighting and more.
Problem description:
apache < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 > < TSEL 2>
- SECURITY Fix: A cross-site scripting vulnerability exits in
mod_status.c, when ExtendedStatus is enabled and a public
server-status page is used. This allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors involving
charsets with browsers that perform "charset detection" when the
content-type is not specified.
| | 5.0.01.0600 | |
+----------------------------------------------------------------+
Note: The VPN Client for Windows software is distributed as both a
Microsoft Installer (MSI) package and an InstallShield (IS) package. Only
the MSI package for version 5.0.01.0600 of the VPN Client contains the fix
for the "Local Privilege Escalation Through Default cvpnd.exe File
Permissions" vulnerability. The IS package does not contain the fix for
that vulnerability and has been removed from http://www.cisco.com.
Customers who have downloaded and installed the IS package for version
5.0.01.0600 of the VPN Client will need to apply the workaround listed in
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0012
Synopsis: VMware vCenter Update Manager fix for Jetty Web
server addresses important security vulnerabilities
Issue date: 2010-07-19
Updated on: 2010-07-19 (initial release of advisory)
CVE numbers: CVE-2009-1523 CVE-2009-1524
- ------------------------------------------------------------------------
ESA-2010-011: RSA, The Security Division of EMC, announces a fix for
potential security vulnerability in RSA(r) Federated Identity Manager
Security Advisory
Updated July 20, 2010
Summary:
RSA(r) Federated Identity Manager may be impacted by potential arbitrary
<body link=blue vlink=purple>
<table x:str border=0 cellpadding=0 cellspacing=0 width=64
style='border-collapse:
collapse;table-layout:fixed;width:48pt'>
<col width=64 style='width:48pt'>
<tr height=17 style='height:12.75pt'>
<td height=17 width=64 style='height:12.75pt;width:48pt' align=left
valign=top><!--[if gte vml 1]><v:shapetype id="_x0000_t201"
coordsize="21600,21600"
. Older versions are probably affected too, but they were not checked.
5. *Non-vulnerable packages*
Contact the vendor for a fix.
6. *Vendor Information, Solutions and Workarounds*
Contact the vendor for a fix. The following are workarounds for this issue.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA® Adaptive Authentication (On-Premise)
Advisories
Updated December 6, 2011
Long history:
Some days ago, after the release of Oracle Critical Patch Update April
2012, a friend of mine told me that Oracle gave me credit in the
"Security-In-Depth" program for a vulnerability they fixed. After this,
I asked both Oracle and iSightPartners (the company I sold the
vulnerability in 2008) for information about the vulnerability they
fixed in this CPU. Oracle told us that the vulnerability with tracking
id #13793589 (the TNS poison vulnerability) was the one fixed.
and it is the same like SREASONRES:20090625.
http://securityreason.com/achievement_securityalert/63
but fix for SREASONRES:20090625, used by openbsd was not good.
More information about fix for openbsd and similars SREASONRES:20091030,
http://securityreason.com/achievement_securityalert/69
We can create any number of float, which will overwrite the memory. In
devices so folks with LAHF and HF ACG devices can play with JCOP
cards... It's not quite there yet, but jcoptool.py is a work in progress
which currently supports printing manufacturer info and card contents.
I'll be working on installing/deleting applets next.
Other fixes are mostly to do with e-passports...
From CHANGES:
v0.w
fix ACG reset/info sequence in RFIDIOt.py
OpenBSD
=======
Apparently the OpenBSD team changed their mind (again...) and have
now incorporated a fix for the DNS server transaction ID
predictability, and the IP ID predictability, in the OpenBSD 4.3
branch. The solution in both cases resembles that of DragonFlyBSD
and NetBSD.
It seems that OpenBSD does not plan to address the DNS resolver
transaction ID predictability though.
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCsz43987 - IOS coredump when sending crafted packets
CVSS Base Score - 7.8
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCtf91428 - NAT for H.323 DoS
CVSS Base Score - 7.8
users = json.read(resp.read())
for user in users:
print(user["id_agente"]+":"+user["nombre"])
The fix to these kind of issues was the implementation of a generic
filter against sql injection. A proper fix is planned for a major version.
4) Blind SQL Injection - CVE-2010-4280 - CVSS: 8.5/10
timeframe) is set as a potential release date for the advisory.
. 2010-10-05:
Cisco PSIRT contacts Core stating that their development team is out of
the office till Friday October 8th. November 15th 2010 is mentioned as
an estimated release date for a fix.
. 2010-10-05:
Core replies to Cisco PSIRT postponing the release date of this advisory
for one week, to Monday October 25th, in order to contemplate the fact
that Cisco's development team is away from office for the week. Further
The LedgerSMB development team has found an SQL injection issue in
LedgerSMB 1.2.24. Because this issue stems from our common SQL-Ledger
heritage, it affects all versions of LedgerSMB and has been confirmed
in SQL-Ledger 2.8.33. We contacted Dieter when we initially
discovered this and now three weeks later it is doubtful when this
will be fixed on his side (his last communication said it was likely
to be at least a few more weeks from present with no committed
timeline). It is expected that when SQL-Ledger 2.8.34 is released it
will contain a fix for this issue.
Versions affected:
Vendor Response
---------------
The following timeline details HTC's response to the reported issue:
2011-12-22 Vulnerability reported to HTC
2011-12-28 HTC confirms receipt, replies that fix is planned for early 2012
2012-03-10 VSR requests status update
2012-03-16 HTC confirms fix has been published
2012-03-26 HTC requests clarification on finding
2012-03-26 VSR provides clarification on finding, requests confirmation on
status of fix
Remote: Yes
Affected Software:
- - Camino 1.6.10
Fixed in:
- - Camino 2.0 <=
NOTE: Prior versions may also be affected.
Original URL:
24/01/2009 : Apple states that "Regarding the QuickTime null dereference you
reported, this bug is still being worked on by our engineers
and is not addressed in QuickTime 7.6"
26/01/2009 : Ask apple for a fix timeline as this is an ridiculouly easy to fix
vulnerability
27/01/2009 : Apple statest "Regarding the QuickTime null deref issue, it is
currently set to be part of the next QuickTime update. [..]
Additionally, we do not intend to describe this crasher in our
The main problem exist in dtoa implementation. MacOS X has the same dtoa as OpenBSD, NetBSD etc. This problem affects not only libc/gdtoa. Affected is also strtod(3) function.
For more information, please see SREASONRES:20090625.
http://securityreason.com/achievement_securityalert/63
but fix for SREASONRES:20090625, used by openbsd was not good.
More information about fix for openbsd and similars SREASONRES:20091030,
http://securityreason.com/achievement_securityalert/69
We can create any number of float, which will overwrite the memory. In
disabled) and the graph view permission was set to 'guest' (default:
'No User').
This vulnerability was tested with Firefox 3.0.6.
The Cacti group provides a patch to fix this vulnerability:
http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
2. XSS 2
http://securethoughts.com/security/chromelocalfilexss/chromedownload.php?fna
me=WATCHMENAKED.jpg
(Image)
VI. FIX DESCRIPTION
-------------------------
Google Chrome Team fixed this vulnerability by appending these dangerous
extensions such as .mht, .mhtml, .svg, etc to already existing extension
blacklist.
Check out the fixes done in Chromium Source Code here [2,3].
Remote: Yes
Affected Software:
- - Flock 2.5.2
Fixed in:
- - Flock 2.5.5
NOTE: Prior versions may also be affected.
Original URL:
in [3] whereas the two heap-based bugs are different vulnerabilities.
Versions 7.51, 7.53, and 7.53 with patch NNM_01195 were tested and all
of them were vulnerable. The two heap-based buffer overflows are
different vulnerabilities from those exposed publicly on CVE-2008-0067
because the vulnerabilities are not fixed with patch NNM_01195 and are
not mentioned on published advisories.
CVE identification code CVE-2009-0920 was assigned to the
unpatched/variant stack-based overflow related to CVE-2008-0067, and
CVE-2009-0921 was assigned for the two heap overflows. Bugtraq IDs
Integrity Impact None
Availability Impact Complete
CVSS Temporal Score - 6.4
Exploitability Functional
Remediation Level Official Fix
Report Confidence Confirmed
CSCsk32606 - Malformed SIP packet can crash device
CSCsk40030 - Malformed Session Attribute can crash device
CSCsk38165 - Device crash during SIP testing
Communications Manager Express are not affected by this
vulnerability. No other Cisco products are currently known to be
affected by this vulnerability.
Note: Cisco Unified Communications Manager 7.0(1) shipped with the
software fix for this vulnerability and is not affected.
Details
=======
The CAPF service of Cisco Unified Communications Manager versions 5.x
Hi,
I am glad to release sqlmap version 0.6.2. This is a major bug fixes release.
Introduction
============
sqlmap is an automatic SQL injection tool developed in Python. Its
goal is to detect and take advantage of SQL injection vulnerabilities
on web applications. Once it detects one or more SQL injections on the
create a new valid administrator.
Since this vulnerability has been discovered the exploitation
prerequisites changed as detailed below:
- A bug fix in the latest version 0.4.8 now requires "globals on" in
order to exploit this vulnerability.
- In version 0.4.6 instead the vulnerability is exploitable regardless
the "globals" settings.
of ``eval'' in some other languages. Throughout Vim, arguments passed to
``execute'' are not sanitized properly. This can lead to arbitrary code
execution. We will show several exploits which execute arbitrary code upon
opening a crafted file with the ex(1), vim(1), or view(1) commands. Only in
few cases will we explore the possibility of remote exploitation. We will
present fixes/workarounds to some of the vulnerabilities.
The archive with code that is a part of this advisory can be found at
``http://www.rdancer.org/vulnerablevim.tar.bz2''.
The Computer Telephony Integration (CTI) Manager service of CUCM
versions 5.x and 6.x contains a vulnerability when handling malformed
input that may result in a DoS condition. The CTI Manager service
listens by default on TCP port 2748 and is not user-configurable.
There is no workaround for this vulnerability. This vulnerability is
fixed in CUCM versions 5.1(3c) and 6.1(2). This vulnerability is
documented in Cisco Bug ID CSCso75027 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-2061.
Real-Time Information Server Data Collector Related Vulnerability
<<Previous Next>>
|
