Next Page >>
referenced
Product: Open-Xchange Server 6
Vendor: Open-Xchange GmbH
Internal reference: 24553, 24765
Vulnerability Type: Cross Site Scripting
Vulnerable Versions: 6.22.1-rev13 and earlier
Fixed Version: 6.20.7-rev14, 6.22.0-rev13, 6.22.1-rev14
Solution Status: Fixed by Vendor
Vendor Notification: 2013-01-21
On Tue, 27 May 2008, security curmudgeon wrote:
> No mention of CVE-2008-1035 in the [CORE] advisory other than the header
> CVE name reference. BID seems to have split the three vulnerabilities,
> but given two of them the same CVE. CVE does not have descriptions open
> yet.
The descriptions are below - for CVE-2008-2006, we merged on the rough
criteria of "insufficient validation of a length field".
Product: Open-Xchange Server 6, OX AppSuite
Vendor: Open-Xchange GmbH
***********************
Internal reference: 25140
Vulnerability type: HTTP Header Injection
Vulnerable versions: 6.22.0-rev1 to 7.0.2-rev6
Vulnerable component: backend
Fixed version: 6.22.0-rev15, 6.22.1-rev17, 7.0.1-rev6, 7.0.2-rev7
Solution status: Fixed by Vendor
7. Within the patch directory run the following command:
./utility/iiinstaller
Please check the $II_SYSTEM/ingres/files/patch.log file to
make sure the patch was applied successfully. Also check the
$II_SYSTEM/ingres/version.rel to make sure the patch is
referenced.
Note: The patch can also be installed silently using the ‘-m'
flag with iiinstaller:
./utility/iiinstaller -m
8. Once the patch install has been complete, re-link the iimerge
binary with the following command:
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
CA Advisory Updated: May 12, 2009
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
allowed, the username and a ciphered challenge/response will be sent to
the IP_OR_HOSTNAME specified.
Internet Explorer reacts different when a requested resource is directly
accessed or when it's found after a redirection. If a page hosted in
domain A makes a reference to a resource located at domain B, the user
will be prompted to download this file from the B domain. But if the
resource is requested, for example, in the following way:
/-----------
the original event has been fully handled. Processing of the original
event continues only after the second message loop has ended (i.e.,
when the displayed message box or dialog closes). If the second event
handling code can cause the program's state to become inconsistent
with the first event handling code's expectations--for instance, by
destroying objects referenced in variables local to the first event
handling code--then it should be possible to cause memory corruption
which can be exploited to achieve arbitrary code execution.
A variety of events can result in script running during the event
handler code. Although it's simple for script to display a message
the original event has been fully handled. Processing of the original
event continues only after the second message loop has ended (i.e.,
when the displayed message box or dialog closes). If the second event
handling code can cause the program's state to become inconsistent
with the first event handling code's expectations--for instance, by
destroying objects referenced in variables local to the first event
handling code--then it should be possible to cause memory corruption
which can be exploited to achieve arbitrary code execution.
A variety of events can result in script running during the event
handler code. Although it's simple for script to display a message
of Java VM, which is type safety. This vulnerability is another
instance of the problem related to the unsafe deserialization
implemented by com.sun.corba.se.impl.io.ObjectStreamClass class.
Its first instance was fixed by Oracle in Oct 2011 [2] and it
stemmed from the fact that during deserialization insufficient
type checks were done with respect to object references that
were written to target object instance created by the means of
deserialization. Such a reference writing was accomplished with
the use of a native functionality of sun.corba.Bridge class.
The problem that we found back in Sep 2012 was very similar to
II. Problem Description
Microsoft Office documents can carry URLs as clickable
references. The target of URLs given in the document
are stored in word/_rels/document.xml.rels inside
the OOXML ZIP container. Inside you will see the
hyperlink, referenced by an internal ID and the target.
The target can be changed without invalidating the signature.
At least in the GUI a hyperlink's target is shown to the user.
In either way, it is our hope that the increased awareness and the release
of IE8 and php5.3 will reduce - if not eliminate - the risk of such mime
sniffing attacks in the future.
V References
====================================================
[1] Barth, Caballero, Song: "Secure Content Sniffing for Web Browsers, or
How to Stop Papers from Reviewing Themselves"; in IEEE Security &
Privacy (Oakland 2009)
Description: If the visibility of a custom field is controlled by
a product or a component of a product you cannot see,
their names are disclosed in the JavaScript code
generated for this custom field despite they should
remain confidential.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=731178
CVE Number: CVE-2012-4199
Class: Information Leak
Versions: 3.7.1 to 4.0.8, 4.1.1 to 4.2.3, 4.3.1 to 4.3.3
Fixed In: 4.0.9, 4.2.4, 4.4rc1
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.15 or earlier
HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.21 or earlier
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting
Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
http://www.adobe.com/products/flashplayer
II. DESCRIPTION
Remote exploitation of a invalid object reference vulnerability in Adobe
Systems Inc.'s Flash Player could allow an attacker to execute arbitrary
code with the privileges of the current user.
During the processing of a Shockwave Flash file, a particular object can
be created, along with multiple references that point to the object. The
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenView Select Identity Active Directory Bidirectional LDAP Connector running on Windows. The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory for Windows Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
3.2. The ``execute'' command
:exe[cute] {expr1} .. Executes the string that results from the evaluation
of {expr1} as an Ex command.
-- Vim Reference Manual (eval.txt)
``execute'' is similar e.g. to the ``eval'' command of the POSIX shell. As Vim
Script doesn't allow variables as arguments to commands, only literals,
``execute'' is very popular:
Title: CA20090107-01: CA Service Metric Analysis and CA Service
Level Management smmsnmpd Arbitrary Command Execution
Vulnerability
CA Advisory Reference: CA20090107-01
CA Advisory Date: 2009-01-07
available updates and the `distribution definition files' [1], which contain
information encoded in XML and JavaScript, defining every aspect of the
user experience, when installing an update.
When OS X checks for new updates, it first contacts swscan.apple.com
to receive the XML catalog file. This file references the distribution
definition files, which can reside on another server. Software Update
receives these files and calls some of the JavaScript functions to check,
if the update is suited for the local machine.
The catalog file and the distribution definition files are both received
issue, use DOS 8.3 definitions (ex. C:\progra~1\CA\ingres).
How to determine if you are affected:
Check the %II_SYSTEM%\ingres\version.rel file to identify the
Ingres version. If the installed version of Ingres 2.6 is a
Double-Byte version (should have DBL referenced), please download
the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.
Workaround: None
References (URLs may wrap):
Hello All,
This post is made in reference to recently discovered attack against
Java SE 7 platform [1][2]. We discovered that the vulnerabilities used
by the attack code are similar to some of the weaknesses that we have
found as part of our SE-2012-01 Java SE security research project [3].
The recently reported Java attack relies on a couple of issues, which
are briefly described below.
On Tue, Aug 28, 2012 at 9:22 AM, Security Explorations
<contact@security-explorations.com> wrote:
>
> Hello All,
>
> This post is made in reference to recently discovered attack against
> Java SE 7 platform [1][2]. We discovered that the vulnerabilities used
> by the attack code are similar to some of the weaknesses that we have
> found as part of our SE-2012-01 Java SE security research project [3].
>
> The recently reported Java attack relies on a couple of issues, which
>=20
>=20
> VI. Correction details
>=20
>=20
> A closer look into the references section of the XML signature=20
>=20
> used by Microsoft Office (stored in the File=20
>=20
> _xmlsignatures\sig1.xml) reveals that the file core.xml is=20
>=20
Date:
=====
2013-01-22
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=824
ID: SWIFT-3119
URL: http://dev.kayako.com/browse/SWIFT-3119
Next Page>>
|
