-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2454-1 secur...@debian.org
http://www.debian.org/security/ Raphael Geissert
April 19, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03278391
Version: 1
HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service
(DoS), Local Increase of Privilege
NOTICE: The information in this Security Bulletin should
Yes, It's INFOSEC week again, so limber up your shwag carrying muscles
and head down to get your shiny shiny!!! You know you can never have too
many stress balls or thumb drives... And while you're there, come and
see us!
As usual, we are making special arrangements for the influx of bods
To be clear, the CONNECT request is a single request/response cycle between
the client and the proxy. Any request body is nonsensical and should be
ignored by the proxy (or the request can be rejected if the proxy wants to be
pedantic). There is nothing that explicitly disallows inclusion of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Incomplete protection of Oracle Database locked accounts.
Risk Level:
Low
Affected versions:
Oracle Database Server version 10gR1, 10gR2 (10.2.0.5 and previous
patchsets) and 11gR1 (11.1.0.7 and previous
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
OCIPasswordChange API leaks information of password hash.
Risk Level:
High
Affected versions:
Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous
patchsets) and 11gR1 (11.1.0.7 and previous
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Some failed authentication attempts using OCIPasswordChange API are not
recorded.
Risk Level:
Medium
Affected versions:
Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous
patchsets) and 11gR1
Specially crafted Json service request allows full control over a
Liferay portal instance
Description:
Liferay Portal is an enterprise portal written in Java
By doing a single http request you can reconfigure Liferay to use a
remote Memcached cache instead of it's own cache.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 (and
previous patchsets)
Oracle
Liferay 6.1 can be compromised in its default configuration
Description:
Liferay Portal is an enterprise portal written in Java
By utilizing the json webservices exposed by the platform you can
register a new user with any role in the system, including the built
in administrator role.
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (searchPage web page).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 (and
previous patchsets)
Oracle Enterprise
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter).
Risk Level:
Medium
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3
(and previous
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
HTTP Response Splitting in Oracle Enterprise Manager (pageName parameter).
Risk Level:
Medium
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7, 11.2.0.3
(and previous
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
Oracle Enterprise Manager vulnerable to Session fixation.
Risk Level:
Low
Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 (and
previous patchsets)
Remote exploitable:
Yes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
OCIPasswordChange API leaks information of password hash.
Risk Level:
High
Affected versions:
Oracle Database Server version 10gR1, 10gR2 (10.2.0.4 and previous
patchsets) and 11gR1 (11.1.0.7 and previous
Specially crafted webdav request allows reading of local files on liferay 6.0.x
Description:
Liferay Portal is an enterprise portal written in Java
By creating a specially crafted webdav request that contains an
external entity it is possible to read files from a liferay server.
and echo these
Folks,
We've just published an IETF internet-draft about IPv6 host scanning
attacks.
The aforementioned document is available at:
http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt
The Abstract of the document is:
cut here
IPv6 offers a much larger address space than
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03280632
Version: 2
HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on
Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service
(DoS),
18 matches
Mail list logo