Deutsche Telekom CERT Advisory [DTC-A-20140324-001]
Summary:
Three vulnerabilities were found in cacti version 0.8.7g.
The vulnerabilities are:
1) Stored Cross-Site Scripting (XSS) (via URL)
2) Missing CSRF (Cross-Site Request Forgery) token allows execution of
arbitrary commands
3) The use
Deutsche Telekom CERT Advisory [DTC-A-20140324-003]
Summary:
Two vulnerabilities were found in icinga version 1.9.1.
These vulnerabilities are:
1) several buffer overflows
2) Off-by-one memory access
Recommendations:
Updates available and need to be installed:
- Icinga 1.10.2 Bug Fix Release
Deutsche Telekom CERT Advisory [DTC-A-20140324-002]
Summary:
Several vulnerabilities were found in check_mk version 1.2.2p2.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - Stored Cross-Site Scripting (XSS) (via URL)
3 - Stored Cross-Site Scripting (XSS) (via external
Deutsche Telekom CERT Advisory [DTC-A-20140324-004]
Summary:
An Off-by-one memory access was found in the web gui of nagios.
A patch was applied to the core master branch of nagios
(http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/).
This resolution
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328
Summary:
Several vulnerabilities were found in check_mk version 1.2.2p2.
Update to original advisory:
Corrected: vulnerability 5 and 6 (not 4 and 5) are currently not fixed.
The vulnerabilities are:
1 - Reflected Cross-Site
Deutsche Telekom CERT Advisory [DTC-A-20140820-001]
Summary:
Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and
1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution
CVE-2014-8731
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C]
CVSSv2 Base Score=10.0
CVSSv2 Temp Score=9.5
OWASP Top 10 classification: A1 - Injection
PHPMemcachedAdmin is a web-based frontend for Linux's memcached Daemon.
Project Homepage:
https://code.google.com/p/phpmemcacheadmin/
CVE-2014-8732
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C]
CVSSv2 Base Score=7.5
CVSSv2 Temp Score=7.5
OWASP Top 10 classification: A3 - Cross Site Scripting
There is a stored xss vulnerability in phpMemcachedAdmin. Most of the
user-specified input fields which are displayed on
We successfully contacted the author. He is currently working on patching the
issue in the next version.
We successfully contacted the author. He is currently working on patching the
issue in the next version.
Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
Summary:
Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box
7490)
Recommendation:
Update to the newest Version of FRITZ!OS
Details:
a) application
b) problem
c) CVSS
d) detailed description
e) cre
ity-i--data.pdf
Kind regards
Deutsche Telekom CERT
T-SYSTEMS INTERNATIONAL GMBH
Telekom Security
Cyber Defense Reponse
Bonner Talweg 100, 53113 Bonn
+49 228 18171773 (Phone)
E-Mail: mailto:c...@telekom.de
PGP:
https://www.telekom.com/de/verantwortung/datenschutz-und-datensicherheit/sicherh
PGP message
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-10 Format String Vulnerability in rpc.rwalld
Original release date: May 1, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Sun Solaris 2.5.1, 2.6
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-11 Heap Overflow in Cachefs Daemon (cachefsd)
Original release date: May 06, 2002
Last revised:
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Sun Solaris 2.5.1
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-13 Buffer Overflow in Microsoft's MSN Chat ActiveX
Control
Original release date: May 10, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-16 Multiple Vulnerabilities in Yahoo! Messenger
Original release date: June 05, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Yahoo
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
Original release date: June 17, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Web servers
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
Original release date: July 10, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Systems running
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-21 Vulnerability in PHP
Original release date: July 22, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Systems running PHP versions 4.2.0
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2003-17 Exploit available for for the Cisco IOS Interface
Blocked Vulnerabilities
Original release date: July 18, 2003
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems
-BEGIN PGP SIGNED MESSAGE-
Cisco Systems has posted an update to their recent Cisco Security
Advisory, which was referenced in CERT Advisory CA-2003-15. This
update includes more specific technical details and new information
about more specific Access Control Lists (ACLs) that can
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2003-18 Integer Overflows in Microsoft Windows DirectX
MIDI Library
Original issue date: July 25, 2003
Last revised: --
Source: CERT/CC
A complete revision history is at the end of this file.
Systems Affected
* Microsoft
Multiple vulnerabilities were found in web application chCounter = 3.1.3.
Author:
- Matias Fontanini(mfontan...@cert.unlp.edu.ar).
Requirements:
- Downloads must be enabled(this is not default).
- magic_quotes off.
- Access to administration site
=SQLInjection=
Location:
RUS-CERT Advisory 24-01: GNU Emacs 20
RUS-CERT, University of Stuttgart
2000-04-18
Summary
Several vulnerabilities were discovered in all Emacs versions up
to 20.6, namely:
Under certain
on localhost only,
so modern installs should be safe.
Thanks for the report. I've updated the CERT/CC Addendum:
http://www.kb.cert.org/vuls/id/AAMN-58ZS6V
Regards,
- Art
Art Manion -- CERT Coordination Center
http://www.cert.org/ [EMAIL PROTECTED] +1 412-268-7090
Produced by US-CERT, a government organization.
This product is provided subject to this Notification:
http://www.us-cert.gov/privacy/notification/
Privacy Use policy:
http://www.us
27 matches
Mail list logo