SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
0f89be3598b185b26e1d2346f6a7fe4fee3bd2aa160be8583d7a7b5cb67d1258
This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'new_home_page' parameter of the 'saveHomePage' method allowing arbitrary PHP code to be written to the config.php file. The config.php file is executed in most pages within the application, and accessible directly via the web root, resulting in code execution. This Metasploit module has been tested successfully on IBM OpenAdmin Tool 3.14 on Informix 12.10 Developer Edition (SUSE Linux 11) virtual appliance.
cb6e9a3b36f0f3954b25245916aa392a5a80294c27ec99178fffa5ccf236d183
Mandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.
6c051822021817ac7fc8875977c5ca320de4662ed0ed8219480997118279051d
Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.
1738bc161859133a34d1c1b3f945bb293d62965b7ce6af9e1ab54e8936be9dd5
This Metasploit module exploits a code execution flaw in Novell ZENworks Configuration Management 10 SP3 and 11 SP2. The vulnerability exists in the ZEnworks Control Center application, allowing an unauthenticated attacker to upload a malicious file outside of the TEMP directory and then make a second request that allows for arbitrary code execution. This Metasploit module has been tested successfully on Novell ZENworks Configuration Management 10 SP3 and 11 SP2 on Windows 2003 SP2 and SUSE Linux Enterprise Server 10 SP3.
cac2ca5c89d3eedff27bc84da293cd736f6780ad4a09e145d499b111dfd7d70d
Secunia Security Advisory - SUSE has issued an update for ruby on rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and to compromise a vulnerable system.
003b99916635d79ac2ea5f23728b08b511d8e360e3c4a3d88e65b94f4d4e96bc
Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
5e92ae7f742fa82fab67fe8e7cef7571e17317c9478de579da12c42cf8b6745f
Secunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to conduct clickjacking attacks.
e4e6b8fec457d64f8f70c9935b61d29af98c716c50be91393d585316dd99d882
Secunia Security Advisory - SUSE has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
b0db8950a3bcae5cfacfd30fe0786ab2318312006549624438b1e2732f2b7280
Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
2a493dfcc767c16f6d06aff5aebbf39787bc065e8d7595b6bcdcd2172cdd69b4
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
0bc9a466ad7fa79732ade010be559491a38d3bb63f5b6d0403367453a4ccab55
Secunia Security Advisory - SUSE has issued an update for opera. This fixes a vulnerability with an unknown impact.
63a30d57056bfc6fec216ffd2139f51684af70d2f9171330a3ea63a1177e3281
Secunia Security Advisory - SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system.
5db6bb4c8dea5aaeb9c3f3e8bbab27563200633b4f24cd7256e2411814fb4dbb
Secunia Security Advisory - SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) in an application using the library.
2383e2bf6443f36b67ca12f5a36d7ecb319121023ea637cdc21fa6101b152fad
Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.
e08a115dd55ab8f1ba2ca44b08217ce6eebddf2055336d3f2b977c1bcabca785
Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
09aa77d4f84b0661fa4c1f1e876eac05266fa0264e39d722d4c4b233a42280d7
Secunia Security Advisory - SUSE has issued an update for v8. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
6872455564784abcad7dc6e121b17f27badd252bd60961f49652b9a619a8ae8c
Secunia Security Advisory - SUSE has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
6b4ae1ffec093c9e24f5aa57b49a28b7d4a084a797a73c02f182629787c51042
Secunia Security Advisory - SUSE has issued an update for apache2. This fixes two weaknesses, a security issue, and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
bc95e9d356193ef09f69dac591db77dbbe6b05535d4ffe0af27ad4e68b8e8fc0
Secunia Security Advisory - SUSE has issued an update for libupnp. This fixes three vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
0f2e44b8d085a0ee97b6b59463e6bf375d60e8307340d164932b80e158d65594
Secunia Security Advisory - SUSE has issued an update for virtualbox. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
134f023056e7d570e539e094e2dd53ba31cd81dc98a92c311107f829c96cacfd
Secunia Security Advisory - SUSE has issued an update for chromium. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
08fe3615164a017ac47ef9f1f361a1b09438f14fda277b440b8ff5ceb1bdf4ea
Secunia Security Advisory - SUSE has issued an update for java-1_7_0-openjdk. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
4d4c484b763f9ab92e1f8e0f3ff1dd1906cb38fec839fe15818c7688b4c22b65
Secunia Security Advisory - SUSE has issued an update for WebYaST and SUSE Studio Standard Edition. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
69e545b46ae1587cecb24bcdf945b32484df927fa42edb3d47fb71a398862ec6
Secunia Security Advisory - SUSE has issued an updated for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
408532807286f17437e2f1297d3acd50f7f3f34a3a7bfc5b26c6ad9d74dc025b