IBM Informix Dynamic Server 11.50 SET COLLATION Stack OverFlow
[DCA-2011-0013]
[Discussion]
- DcLabs Security Research Group advises about the following vulnerability(ies):
[Software/Hardware]
- IBM Informix
[Vendor Product Description]
IBM Informix is a family of relational database management
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2
system stored procedures.
Risk Level:
Medium
Affected versions:
IBM DB2 LUW 9.1, 9.5, 9.7, 10.1
Remote exploitable:
No
Credits:
This
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets
components).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 (and
previous patchsets)
R
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Elevated roles through DBCC
Risk Level:
High
Affected versions:
Sybase ASE 15.0, 15.5, 15.7
Remote exploitable:
No
Credits:
This vulnerability was discovered and researched by Martin Rakhmanov of
Applicatio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Java Operating System command execution.
Risk Level:
High
Affected versions:
Sybase ASE 15.0, 15.5 and 15.7
Remote exploitable:
Yes
Credits:
This vulnerability was discovered and researched by Esteban Marti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:151-1
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:150-1
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:160
http://www.mandriva.com/security/
_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2555-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
October 05, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2012-035: RSA® Adaptive Authentication (On-Premise) Information Disclosure
Vulnerability
EMC Identifier: ESA-2012-035
CVE Identifier: CVE-2012-2286
Severity Rating: CVSS v2 Base Score: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)
Affected Products:
Description: User Mode Write AV
Short Description: WriteAV
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at
blender!PyInit_aud+0x003a56cc (Hash=0x23420309.0x667c4642)
User mode write access violations that are not near NULL are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:161
http://www.mandriva.com/security/
_
Quoting from
http://bugs.debian.org/689562
Utempter does not (cannot?) verify the setting of host, so it can easily
be faked. This may affect any software that depend on utmp correctness.
Demo of the issue:
psz@bari:~$ cat silly.c
#include
#include
#include
#include
#i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2556-1 secur...@debian.org
http://www.debian.org/security/Nico Golde
October 07, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2557-1 secur...@debian.org
http://www.debian.org/security/Nico Golde
October 08, 2012
PRE-CERT Security Advisory
==
* Advisory: PRE-SA-2012-07
* Released on: 8 October 2012
* Affected product: Hostapd 0.6 - 1.0
* Impact: denial of service
* Origin: specially crafted EAP-TLS messages
* CVSS Base Score: 7.8
Impact Subscore: 6.9
Exploitability Subscore:
Title:
==
Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites
Date:
=
2012-10-02
References:
===
http://www.vulnerability-lab.com/get_content.php?id=710
VL-ID:
=
710
Common Vulnerability Scoring System:
8.3
Introduction:
Title:
==
GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities
Date:
=
2012-09-30
References:
===
http://www.vulnerability-lab.com/get_content.php?id=579
VL-ID:
=
579
Common Vulnerability Scoring System:
4
Introduction:
Title:
==
Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities
Date:
=
2012-10-01
References:
===
http://www.vulnerability-lab.com/get_content.php?id=571
VL-ID:
=
571
Common Vulnerability Scoring System:
5
Introduction:
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2558-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
October 08, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03517954
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03517954
Version: 1
HPSBOV02822 S
Advisory ID: HTB23108
Product: Microsoft Windows
Vendor: Microsoft Corporation
Vulnerable Version(s): Windows Vista, Windows Server 2008, Windows 7, Windows 8
RP
Tested Version: Windows Vista Ultimate SP1, Windows 2008 SP2, Windows 7
Professional SP1, Windows 8 RP
Vendor Notification: August 7, 2
---
soapbox 0.3.1 <= Local Root Exploit
---
Vendor URI: http://dag.wieers.com/home-made/soapbox/
Credit: Jean Pascal Pereira
Description:
"Soapbox allows to restrict processes to write only to those places you want.
Read-access h
--
| WingFTP Server Denial of Service Vulnerability |
---
Summary
===
WingFTP server is prone to a remote denial-of-service vul
| BufferOverflow Vulnerability on Logica HotScan SWIFT Alliance Access Interface
Summary
===
Hotscan Listener interface is prone
| WingFTP Server Denial of Service Vulnerability|
Summary
===
WingFTP server is prone to a remote denial-of-service vulnerabili
#!/usr/bin/perl
# Hardcoreview WriteAV Arbitrary Code Execution
# Author: Jean Pascal Pereira
# Vendor URI: http://sourceforge.net/projects/hardcoreview/
# Vendor Description:
# Image browser. Designed and created for profesional and amature watching
image files.
# All kind of image files
#!/usr/bin/perl
# FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution
# Author: Jean Pascal Pereira
# Vendor URI: http://www.faststone.org
# Vendor Description:
# An image browser, converter and editor that supports all major graphic
formats including BMP, JPEG, JPEG 2000,
#
OVERVIEW
Key Systems Electronic Key Lockers contain a command injection
vulnerability which may allow a remote unauthenticated attacker to
inject commands into the electronic key locker. Key Systems Electronic
Key Lockers also contains weak authentication which could allow an
attacker administrativ
29 matches
Mail list logo
