Red Hat Security Advisory 2011-1304-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
611749ac30b6c0a2d7fdcb3b5973a59adc018d4a2f2844b63adf828d10fb3d44Red Hat Security Advisory 2011-1303-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
697ec5e6af989722b10a604b855f51000e659801d88b4dae2afab203605e1441Red Hat Security Advisory 2011-1302-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
563443521960e3a6fae50e4d40537279ef761819c4b357acabca2a48d06ab630Red Hat Security Advisory 2011-1301-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.
518a92cc69e9b5c62414e64cd16393b893fe3664e0e3a0657c94f5ab98b93477Red Hat Security Advisory 2011-1300-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
bbf257d16d4b33fe3a4b4620ca33a870becb160a5669a9ac0f80792b0132cf8dRed Hat Security Advisory 2011-1299-01 - Red Hat Network Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of the Red Hat Network without having to provide public Internet access to their servers or other client systems. Multiple cross-site scripting flaws were found in the RHN Satellite web interface. A remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface.
21135eb5911ccf26f101f2bd3254c7321ca5bf705d521b793c43b7b8ca4038b1E-Works Media suffers from a remote SQL injection vulnerability.
c0014f35779ce3396f728859d475acf19be2c1d436d0cd6e858c991b5da71275Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
32765a43c85053cc199a128f6134c3af8ada30764b99921dd00412a849720679Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
da774926d74eeaa735ada09954cd7b6d44b6f03c5ce42072d67b01799a0d56c5Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
de1a526a09377a0ed8182d857eb00916bfdd1fa815f7b172bc6f5c71f72ee65eNortel Contact Recording Centralized Archive version 6.5.1 EyrAPIConfiguration web service getSubKeys() remote SQL injection exploit.
27b12eef97e781f64f7591895d2eaea4644f23580af43939185669da95e9c35cURLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
1508aab43633f915ded61710cf102778608f8c3ac34461c12982e8e8afa13a57StarDevelop.LiveHelp versions 2.0 and below suffer from a local file inclusion vulnerability.
72ef0e5bedcf1014fa14007e597440a3e89e58ff3753be161571a4b40456a631WordPress Auctions plugin versions 1.8.8 and below suffer from a remote SQL injection vulnerability.
279e1e690925e99a3c19f52637e86d1366ca4e43efe5cf4e33d3cfa3a35ec58dMultiple EMC Ionix products contain a buffer overflow vulnerability. The vulnerability may allow a remote unauthenticated user to send a specially-crafted message over TCP or UDP to cause a denial of service or, possibly, execute arbitrary code.
3f9ddf9e65f8cb45de206c4527ea70f75c012dbcc6185c6fb3ed11642757ce68Secunia Security Advisory - A vulnerability has been reported in the IGIT Related Post With Thumb plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
ca0d908f234855b6e1ab2eb6175d300b95ec9d2fef6112938ab15f86ec68d482Secunia Security Advisory - Sherl0ck_ has discovered two vulnerabilities in the Auctions plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks.
cf515c974a8d90dcaeb4f23e256d98f0d17bcd4e86365ea03d63a4a50c19e4f6Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
aa4fb632decf2af170ecaaa40530272b6941219269eef2cd01722624368be8c7Secunia Security Advisory - A vulnerability has been discovered in NetCat, which can be exploited by malicious people to compromise a vulnerable system.
3d64dc7076620bdb50706ef1f98d1d86b78bd062ecafd2251e5ed0691fb2b83aSecunia Security Advisory - Red Hat has issued an update for librsvg2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
c0c9a566b4af6d510934714055ee2bae3e59e0be8e5d6ddd45bda39f7f056b74Secunia Security Advisory - Gustavo Roberto Rodrigues Goncalves has discovered a vulnerability in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.
eb8fd66d8072845aad3e4af5f5cfbc16d18df77038a0aede856fb5e8867d33d4Secunia Security Advisory - MustLive has discovered a vulnerability in the Advance Tag extension for Magento, which can be exploited by malicious people to conduct cross-site scripting attacks.
d54478253a6e059aa52fabb55a39f496c96e63077fb615d362b8d6187dc67252Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to potentially compromise a vulnerable system.
4e89ffc0941db9521dcecbde0ab3c997e39f621d86ca283d29065ef4c6b20323Secunia Security Advisory - Debian has issued an update for openssl. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.
2c8607780d104bd7668ef52b8460e5258d5e17517775e5dc9c06e84718070845Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in ScadaPro, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system.
3842a2bcbddb82aee9ca9591b95b22173e97f4ee6c0208af7fffd234ee59e0f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed