exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 680 RSS Feed

Files

Mandriva Linux Security Advisory 2011-180
Posted Nov 29, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-180 - crypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-2483
SHA-256 | 85ae71cce8d402b96351cb33db9d042151aea8e4589468011395fc30dc5cfb4d
Ubuntu Security Notice USN-1284-1
Posted Nov 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1284-1 - David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-3152, CVE-2011-3154
SHA-256 | 3a1f12a70bce649dae30f56f951837892b1f9b26277b3050dbb126a532be042a
Zero Day Initiative Advisory 11-336
Posted Nov 29, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-336 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4255
SHA-256 | 9d53034c4b494677e64872a2ededd13105e2853f31741bbb3f677d42af486353
Zero Day Initiative Advisory 11-335
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4252
SHA-256 | 19263aa6e1a5b59b2ad9eb7e45da961a8ebdf4fe7400684eb0e1c596149cc1f1
Zero Day Initiative Advisory 11-334
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4251
SHA-256 | a7a0e1f5a510767a203883c22ca987a3d6527f55342b4946f60fee31cb02af82
Zero Day Initiative Advisory 11-333
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-333 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. When decoding the sample, the application will use the transformed data to initialize another structure. Due to the sizes being unbound, this can be used to corrupt memory outside the original allocation. This type of memory corruption can be leveraged to gain code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4250
SHA-256 | e577e50ea5b9346d525ea656c752164cf4ed9edf71adb8964e1a8881dc18bf98
Ubuntu Security Notice USN-1283-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-3634
SHA-256 | 327413c22646f7456258bc2947fe0d8a48a8445340fd324511f04b9e940e42e2
Zero Day Initiative Advisory 11-332
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4248
SHA-256 | 7dd13629ad3b9e3ac3af5a7df51e788585cc5b43f7e85085a0f86d547a44ce3d
Zero Day Initiative Advisory 11-331
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4259
SHA-256 | 6a8d26996f84e01bae44e66eb7acdcfb123b54cf4dcae161cb23df3bf1115b61
Ubuntu Security Notice USN-1282-1
Posted Nov 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1282-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, javascript
systems | linux, ubuntu
advisories | CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
SHA-256 | 173dd2dc6e40dec5c7c9c41431ee90ad71887b768a7cbbe149bad7a87ed33359
Secunia Security Advisory 47033
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for OFED. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, suse
SHA-256 | cce758d55acab7249f9a9fee24990aa9e3ec5f41af59366d1d98ca9bf67c7679
Secunia Security Advisory 46973
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Celery, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 4f3bca3f1a6856136673cf01ef59f4af10ffab8f015b5f6cd47fde33521b9e84
Secunia Security Advisory 47043
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
SHA-256 | cd785fb410937f18bb137c044081710571ec1d09d666661d8bb0cc13760db581
Secunia Security Advisory 47039
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, conduct session hijacking attacks, and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
SHA-256 | d134437382538e6cefa7dc44ceeec54679919d1def6f0cc9a5fd30290e9aa4ec
Secunia Security Advisory 46978
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and potentially compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
SHA-256 | 1af7dbe7b7fc4f005d1b57e5f928de9ce4ed69a254b5f7933386415366f0eb71
Secunia Security Advisory 47036
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ismail Kaleem has discovered a vulnerability in the Fabrik component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 7b8b83c9a6d67b0cfd61af443d5ba79d5a97931d6c5dbdcb4827d7b1abaecc08
Secunia Security Advisory 46979
Posted Nov 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered multiple vulnerabilities in Siemens Automation License Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data.

tags | advisory, denial of service, vulnerability
SHA-256 | e1bf931bcea281e0eb63e8f960facb62fb5d1b4a9bba66933a71119f82f2edae
Mandriva Linux Security Advisory 2011-179
Posted Nov 27, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, local
systems | linux, osx, mandriva
advisories | CVE-2011-1089, CVE-2011-1659, CVE-2011-2483
SHA-256 | 28900655297d1ea4816e5de8820317856a37994a5877afdb6697329afc3ec425
Debian Security Advisory 2353-1
Posted Nov 27, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2353-1 - David Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-3581
SHA-256 | 30834ae6dd79c9c782b27e64bf7d40a0b116914d4d1800c26f3abff17771d053
Ubuntu Security Notice USN-1281-1
Posted Nov 27, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2011-2183, CVE-2011-2479, CVE-2011-2491, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2517, CVE-2011-2905, CVE-2011-2909, CVE-2011-3363
SHA-256 | 872fb0971665c7f419fc03b97528a458416b56407dc592de5dc20aa1368746fa
Secunia Security Advisory 46993
Posted Nov 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-ec2. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | a48d4e0dd8232d3af91feee97404ec62dba4dd7aaad8f834abc3c9caf65b26a7
Secunia Security Advisory 46985
Posted Nov 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
SHA-256 | 0d6229d3f53528fc176b553f50fca3625f06851bb0ea89bdb428a00c90e6b555
Secunia Security Advisory 46990
Posted Nov 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for phpldapadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

tags | advisory, vulnerability, xss
systems | linux, fedora
SHA-256 | ce4d69c9271027903bf32ccdea788f9aa506c04f8d4732ccdc0f809f913ff2d6
Secunia Security Advisory 46926
Posted Nov 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for ldns. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.

tags | advisory
systems | linux, debian
SHA-256 | 4abfb65fb0c981d8433f6c4c84894edc694018e611381a26193d1ed007498c4e
Secunia Security Advisory 46974
Posted Nov 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.

tags | advisory, spoof, vulnerability, xss
SHA-256 | 5d0c453a53f2d9bda6320774df9f323ba2bf3c11f3d62252ef30eb831bc7db47
Page 2 of 28
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close