Next Page >>
Change log
Patched version : 1.8
Faulty source code : function node_process_command() in
zabbix_server/trapper/nodecommand.c
Changelog entry : fixed security vulnerability in server allowing remote
unauthenticated users to execute scripts
[Zabbix Server : Remote SQL execution]
Impacted software : Zabbix Server
Vendor fix this flaw on 13.08.2008. New version of Freeway 1.4.2.197 [Sathish] can be download here:
http://www.openfreeway.org/download.html
Change Log:
http://www.openfreeway.org/download/change-log.html
(XSS) attacks to be run by surreptitious placement of content in
specially-crafted emails sent to SquirrelMail users (CVE-2009-1581).
Additionally many of the bundled plugins has been upgraded. Basically
this is a syncronization with the latest squirrelmail package found
in Mandriva Cooker. The rpm changelog will reveal all the changes
(rpm -q --changelog squirrelmail).
The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.
_______________________________________________________________________
cookie (CVE-2008-3663).
Additionally many of the bundled plugins has been upgraded. The
localization has also been upgraded. Basically this is a syncronization
with the latest squirrelmail package found in Mandriva Cooker. The
rpm changelog will reveal all the changes (rpm -q --changelog
squirrelmail).
The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.
_______________________________________________________________________
via shell metacharacters in a username string that is used by the
ypmatch program. NOTE: this issue exists because of an incomplete
fix for CVE-2009-1579. (CVE-2009-1381)
Basically this is a syncronization with the latest squirrelmail package
found in Mandriva Cooker. The rpm changelog will reveal all the changes
(rpm -q --changelog squirrelmail).
The updated packages have been upgraded to the latest version of
squirrelmail to prevent this.
_______________________________________________________________________
releases. The exim-announce list [2] is a low-volume moderated list
which announces new releases.
We regret that the full impact of the problem fixed in 4.70 was not
appreciated and that we did not draw more attention to it than the
ChangeLog notice "Potential buffer overflow in string_format". With
more pro-active notification on our part, vendors who package old
releases and backport minimal fixes may have included this fix too.
We expect that the 4.73 release of Exim will include changes that
protect against the privilege escalation seen in the exploit. Some
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at https://support.ca.com.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141
6. Change log
2010-04-09 VMSA-2010-0007
Initial security advisory after release of Workstation 6.5.4 and Fusion
2.0.7 on 2010-04-08.
- ------------------------------------------------------------------------
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1805
6. Change log
2009-05-28 VMSA-2009-0007
Initial security advisory after release of patches for ESX 2.5.5,
ESX 3.0.2 and ESX 3.0.3. Relevant patches for ESX 3.5 and new versions
of hosted products mentioned above have already been released.
Blogcms was altered to fix this flaw on 16.01.2008. Updated version (4.2.1.c) can be downloaded here:
http://blogcms.com/?item=download
Changelog: http://blogcms.com/wiki/changelog
About
*****
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
- ------------------------------------------------------------------------
6. Change log
2010-12-07 VMSA-2010-0019
Initial security advisory after release of patches for ESX 3.5
on 2010-12-07
MITKRB5-SA-2010-007
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-007.txt
- ------------------------------------------------------------------------
6. Change log
2011-04-28 VMSA-2011-0007
Initial security advisory in conjunction with the release of
ESX/ESXi 4.0 and ESX/ESXi 4.1 patches on 2011-04-28.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
- ------------------------------------------------------------------------
6. Change log
2011-02-10 VMSA-2011-0003
Initial security advisory in conjunction with the release of vCenter
Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1
Update 1, and ESX 4.1 Update 1 on 2011-02-10.
gather more information from the remote process, such as Threads,
findRetValue. This release also includes some important fixes such as
correct Memory Page protection flags, which are also available via the
Python API.
Check the Changelog below for the details of this exciting release.
As usual, you can discuss your scripts, request new features or just hang
out at our forum: http://forum.immunityinc.com. We would like to thank
Teddy Roggers from tuts4you for maintaining a list of Immunity Debugger
ported plug-ins that can be found at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
- -------------------------------------------------------------------------
6. Change log
2009-07-10 VMSA-2009-0008
Initial security advisory after release of bulletins for ESX 4.0 on
2009-07-10.
: Product: WebPress
: Vendor: YWP ( http://www.goywp.com/ )
: Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions
The vendor web page has a demo feature, that is powered by "YWP 13.00.04".
Creating a demo via their site, the changelog shows "05.05.2010 - Released
version 13.00.04". Your version of 01.07.2010 appears to be something you
designated, based on the date you notified the vendor.
It appears this is a site specific issue in YWP (http://www.goywp.com/).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
- ------------------------------------------------------------------------
6. Change log
2009-01-30 VMSA-2009-0001
Initial security advisory after release of patches for ESXi, ESX 3.5,
ESX 3.0.3, ESX 3.0.2 on 2009-01-30.
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1524
- ------------------------------------------------------------------------
6. Change log
2010-07-19 VMSA-2010-0012
Initial security advisory after release of VMware vCenter Update Manager
security fix for the Jetty Web server on 2010-07-19.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
- ------------------------------------------------------------------------
6. Change log
2010-09-23 VMSA-2010-0014
Initial security advisory after release of Workstation 7.1.2,
Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846
- ------------------------------------------------------------------------
6. Change log
2009-06-30 VMSA-2009-0008
Initial security advisory after release of patches for ESX 3.5 on
2009-06-30.
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fe
tchBugDetails&bugId=CSCtj17451
- ------------------------------------------------------------------------
6. Change log
2011-02-07 VMSA-2011-0002
Initial security advisory in conjunction with the release of Cisco Nexus
1000V Virtual Ethernet Module 1.3c on 2011-02-04.
CVE-2007-4620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4620
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://support.ca.com.
VMSA-2011-0003
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- ------------------------------------------------------------------------
6. Change log
2011-05-05 VMSA-2011-0008
Initial security advisory in conjunction with the release of vCenter
Server 4.0 Update 3 and VirtualCenter 2.5 Update 6a on 2011-05-05.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4119
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
v1.1 - Added CA CMDB solutions
Customers who require additional information should contact CA
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5846
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0003
6. Change log
2008-04-15 VMSA-2008-0007 Initial release
- -------------------------------------------------------------------
7. Contact:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948
6. Change log:
2008-06-04 VMSA-2008-0009 Initial release
- -------------------------------------------------------------------
7. Contact:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1761
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at https://support.ca.com.
Accellion addressed items #1, #2, #4, #5, #6, and #7 on January 17th, 2011 with update FTA_8_0_562
Item #8 is not exploitable in the default configuration and Accellion recommends the use of SSL VPN when configuring a trusted link between two appliances.
Official Changelog for FTA_8_0_562:
The update randomizes the following on the Accellion setup - Accellion remote management user password, the system mysql password and the keys used for encrypting inter-appliance communication. All internal Daemons are now bound to Loopback Interface. The update also removes an unused SSH key meant for remote troubleshooting login. These fixes are in response to a security scan done by Rapid7.
-- Disclosure Timeline:
vulnerability for the majority of Apache configurations in use.
NOTE: This is not a complete fix for the problem. The attack is
still possible in configurations where the server initiates the
renegotiation. This is the case for the following configurations
(the information in the changelog of the updated packages is
slightly inaccurate):
- - The "SSLVerifyClient" directive is used in a Directory or Location
context.
- - The "SSLCipherSuite" directive is used in a Directory or Location
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3514
- ------------------------------------------------------------------------
6. Change log
2008-08-12 VMSA-2008-0012
Initial release following release of VirtualCenter 2.0.2 Update 5
- ------------------------------------------------------------------------
Next Page>>
|
