SecurityFocus

[SECURITY] [DSA 2631-1] squid3 security update 2013-02-24
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2630-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 24, 2013

[ more ] [ reply ]

[ MDVSA-2013:014 ] java-1.6.0-openjdk 2013-02-22
security mandriva com

Samsung Galaxy S3 partial screen-lock bypass 2013-02-21
ukpentestinfo mti com

MTI Technology ? Vulnerability Research Team
www.mti.com
ukpentestinfo"at"mti.com

Samsung Galaxy S3 ? partial screen-lock bypass

Date found:
17th Feb 2012

Vendor Notified:
20th Feb 2012

Vendor Affected:
Samsung

Device:
Galaxy S3

Model:
GT-19300

OS:
Android 4.1.2

Kernel Version:
3.0.31-742

[ more ] [ reply ]

TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cross-site scripting in Oracle Enterprise Manager (advReplicationAdmin)

TeamSHATTER Security Advisory

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3

Remote exploitable:

[ more ] [ reply ]

OSEC-2013-01: nagios metacharacter filtering omission 2013-02-21
Rudolph Pereira (rudolph pereira occamsec com)

Summary:
---------------
CVE-ID: CVE-2013-1362
CVSS: Base Score 7.5
CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L
Vendor: Nagios
Affected Products: NRPE
Affected Platforms: All
Affected versions: < 2.14
Remote Exploitable: Yes
Local Exploitable: No
Patch Status V

[ more ] [ reply ]

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

SQL Injection in Oracle Enterprise Manager (Resource Manager)

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, 11.2.0.3

[ more ] [ reply ]

TeamSHATTER Security Advisory: Oracle EM Segment Advisor Arbitrary URL redirection/phishing (CVE-2012-3219) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

Oracle Enterprise Manager Segment Advisor Arbitrary URL redirection/phishing
vulnerability

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,
1

[ more ] [ reply ]

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

SQL Injection in Oracle Enterprise Manager (streams queue)

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, 11.2.0.3

Rem

[ more ] [ reply ]

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

SQL Injection in Oracle Enterprise Manager (dBClone)

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, 11.2.0.3

Remote ex

[ more ] [ reply ]

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

SQL Injection in Oracle Enterprise Manager (advReplicationAdmin)

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3

Remote exploitable:
Yes

Cr

[ more ] [ reply ]

TeamSHATTER Security Advisory: HTTP Response Splitting in Oracle EM (policyViewSettings) (CVE-2013-0354) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

HTTP Response Splitting in Oracle Enterprise Manager (policyViewSettings)

February 20, 2013

Risk Level:
Medium

Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3

Remote exploitab

[ more ] [ reply ]

CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement 2013-02-22
Kurt Seifried (kseifried redhat com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a relatively minor issue, hence no embargo.

Michael Scherer (mscherer (at) redhat (dot) com [email concealed]) of Red Hat found:

Looking for incorrect /tmp/ usage, I found the following piece of code
in /usr/share/gems/gems/ruby_parser-2.0.4/lib/gauntlet_rubyparser.rb
(ht

[ more ] [ reply ]

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (SCPLBL_COLLECTED parameters) (CVE-2013-0353) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

SQL Injection in Oracle Enterprise Manager (SCPLBL_COLLECTED parameters)

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3

Remote exploitable:

[ more ] [ reply ]

TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

Oracle Database GeoRaster API overflow

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3

Remote exploitable:
Yes

Credits:
This vulnerabili

[ more ] [ reply ]

TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL
parameter

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5,
11.1.0.7,

[ more ] [ reply ]

Re: Alt-N MDaemon Email Body HTML/JS Injection Vulnerability 2013-02-20
brad wyro altn com

This has been fixed. More information can be found in the first line in the MDaemon release notes:

[10385] fix to WorldClient HTML injection vulnerability

[ more ] [ reply ]

MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities 2013-02-18
Vulnerability Lab (research vulnerability-lab com)

Title:
======
MyFi Wireless Disk 1.2 iPad iPhone - Multiple Vulnerabilities

Date:
=====
2013-02-13

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=864

VL-ID:
=====
864

Status:
========
Published

Disclaimer:
===========
The information provided in this advisory i

[ more ] [ reply ]

Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability 2013-02-13
Vulnerability Lab (research vulnerability-lab com)

Title:
======
Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability

Date:
=====
2013-02-13

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=789

#9984: Investigate Vulnerability Lab issues (this ticket included tracking the creation of our DBI shim to error on sem

[ more ] [ reply ]

Paper - Hiding Data in Hard-drive Service Areas 2013-02-19
Ariel Berkman (aberkman gmail com)

Hi,

We've recently released a paper discussing the ability to hide data in
hard-drive service areas.
The paper is available for download at:
http://www.recover.co.il/SA-cover/SA-cover.pdf

The introduction section is pasted below:

In this paper we will demonstrate how spinning hard-drives? service

[ more ] [ reply ]

TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137) 2013-02-21
Shatter (shatter appsecinc com)

TeamSHATTER Security Advisory: SQL Injection in Oracle Alter FBA Table (CVE-2012-1751) 2013-02-21
Shatter (shatter appsecinc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TeamSHATTER Security Advisory

SQL Injection in Oracle Alter FBA Table

February 20, 2013

Risk Level:
High

Affected versions:
Oracle Database Enterprise Edition 11.1, 11.2

Remote exploitable:
Yes

Credits:
This vulnerability was discovered and resea

[ more ] [ reply ]

[security bulletin] HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight Logger, Remote Disclosure of Information, Command Injection, Cross-Site Scripting (XSS) 2013-02-20
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03606700

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03606700
Version: 1

HPSBMU02836 SS

[ more ] [ reply ]

[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏ 2013-02-20
hip insight-labs org

# Exploit Title: Wordpress pretty-link‏ plugin XSS in SWF
# Release Date: 20/02/13
# Author: hip [Insight-Labs]
# Contact: hip (at) insight-labs (dot) org [email concealed] | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip
# Vendor Homepage: http://prettylinkpr

[ more ] [ reply ]

[ MDVSA-2013:013 ] squid 2013-02-20
security mandriva com

Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery Vulnerability 2013-02-20
demetris papapetrou (demetrispapapetrou gmail com)

========================================================================
=============
Alt-N MDaemon's WorldClient & WebAdmin Cross-Site Request Forgery
Vulnerability
========================================================================
=============

Software: Alt-N MDaemon v13.0.3 and prior v

[ more ] [ reply ]

[SECURITY] [DSA 2630-1] postgresql-8.4 security update 2013-02-20
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2630-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
February 20, 2013

[ more ] [ reply ]

Alt-N MDaemon Email Body HTML/JS Injection Vulnerability 2013-02-20
demetris papapetrou (demetrispapapetrou gmail com)

==============================================================
Alt-N MDaemon Email Body HTML/JS Injection Vulnerability
==============================================================

Software: Alt-N MDaemon v13.0.3 and prior versions
Vendor: http://www.altn.com/
Vuln Type: HTML/JS Injection
Rem

[ more ] [ reply ]

Alt-N MDaemon's WorldClient Username Enumeration Vulnerability 2013-02-20
demetris papapetrou (demetrispapapetrou gmail com)

====================================================================
Alt-N MDaemon's WorldClient Username Enumeration Vulnerability
====================================================================

Software: Alt-N MDaemon v13.0.3 and prior versions
Vendor: http://www.altn.com/
Vuln Type: Use

[ more ] [ reply ]

Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability 2013-02-20
demetris papapetrou (demetrispapapetrou gmail com)

==================================================================
Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability
==================================================================

Software: Alt-N MDaemon v13.0.3 and prior versions
Vendor: http://www.altn.com/
Vuln Type: Remote Co

[ more ] [ reply ]

Alt-N MDaemon's WorldClient Disclosure of Authentication Credentials Vulnerability 2013-02-20
demetris papapetrou (demetrispapapetrou gmail com)

========================================================================
==================
Alt-N MDaemon's WorldClient Disclosure of Authentication
Credentials Vulnerability
========================================================================
==================

Software: Alt-N MDaemon v13.0.

[ more ] [ reply ]