The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.
f33086fbee9f7124aeac1e79a41679cd8f0bbbf1e8197cf0cad44c79bd7aa876HP Security Bulletin HPSBUX02864 SSRT101156 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
94d7052e1808f3cc5dffc4cea67d8ea2fa749b0c45b5bee62879235f94f05154HP Security Bulletin HPSBUX02859 SSRT101144 2 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 2 of this advisory.
665670bd5973873632baa834e8dbf771524847c5e81a9fb7b9cd98878e0d98cdThis bulletin summary lists two re-released Microsoft security bulletins for April, 2013.
ff3f2c0b7f350c54a3e95fb2f4d722aedb269b481fa85178d019257b8c7d8f79Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.
dd1b24534bc513df316ed360fb139f228b8988566fe55fe24f004ec934cc9308ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.
1ad9d4b2dbdf42d96561ba07e7956a32432227a3ff63dc81f94e3ce9afd25f47Mandriva Linux Security Advisory 2013-136 - A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem. Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).
c9195b3910f07ceccfadb0fdbba608fed8688c11391191f1397e836c44551d20Mandriva Linux Security Advisory 2013-134 - Updated viewvc packages fix security vulnerabilities. Several other bugs were fixed as well.
47e40b9e1d60e4166d005a6238f3f61b1293cb5260e9b55e75c718861f662289Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
97ef8bcb916420d4415444226f145e62867a5c2ca8b49fbfaeb4914d3e2495a2Mandriva Linux Security Advisory 2013-141 - Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service.
ba105617f9b49c067580043638d41bca274e6de4874426e2495d3f721335ce2eRed Hat Security Advisory 2013-0737-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash.
bf0ca63e524790367e96c86fc60ab52802e57e9de51c4c02705bbc4e7bc38d78ftpd on Mac OS X 10.8.3 suffers from a denial of service vulnerability. This appears to be an old vulnerability that has not been properly addressed.
13b77811aa62fba78277a75249e3609cc4a3861977ccbcd966b983a25d221503
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed