The WordPress plugin Advanced XML Reader v0.3.4 published here:
http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE
(XML eXternal Entity) processing attacks.
After installing the plugin on a Windows machine, I created a text file in the
root of C:\ named test.txt,
High Risk Vulnerability in Oracle Retail Central Office
1 May 2013
Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle
Retail Central Office
Impact: SQL Injection
Versions affected: Oracle Retail Central Office, versions 13.1, 13.2, 13.3,
13.4
Security patch
High Risk Vulnerability in Oracle Retail Integration Bus Manager
1 May 2013
Andrew Davies of NCC Group has discovered a High risk vulnerability in Oracle
Retail Integration Bus Manager
Impact: Directory traversal
Versions affected: Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
High Risk Vulnerability in Oracle Database 11g
1 May 2013
Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle
Database 11g
Impact: Invalid pointer read (Remote DoS)
Versions affected: Oracle Database 11g
Security patch information can be found at the following URL:
High Risk Vulnerability in Oracle Database 11g
1 May 2013
Andy Davis of NCC Group has discovered a High risk vulnerability in Oracle
Database 11g
Impact: Null Pointer Dereference (Remote DoS)
Versions affected: Oracle Database 11g
Security patch information can be found at the following
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2664-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
May 2, 2013
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2013-034: EMC Avamar Improper Authorization vulnerability
EMC Identifier: ESA-2013-034
CVE Identifier: CVE-2013-0944
Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P)
Affected products:
EMC Avamar Server 5.x