Twenty Year Anniversary
Showing 1 - 25 of 513 RSS Feed

Files

Ubuntu Security Notice USN-1521-1
Posted Jul 31, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3422, CVE-2012-3423, CVE-2012-3422, CVE-2012-3423
MD5 | 14c3623fa76ed21327ac5ea71b7ed2d5
Red Hat Security Advisory 2012-1130-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1130-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-2625
MD5 | 10bf57d7a33acd87fbb2df4474f87997
Red Hat Security Advisory 2012-1132-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.

tags | advisory, java, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-3422, CVE-2012-3423
MD5 | 50bef58daea95da735fd6ff2b279dfb6
Red Hat Security Advisory 2012-1131-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-1013, CVE-2012-1015
MD5 | 78199fa0e417cea532e33781e5aa3542
Red Hat Security Advisory 2012-1129-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2011-1083, CVE-2012-2744
MD5 | 4bcd06bf478620765f67400c303e5632
Ubuntu Security Notice USN-1520-1
Posted Jul 31, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1520-1 - Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-1015, CVE-2012-1014, CVE-2012-1013, CVE-2012-1012, CVE-2012-1012, CVE-2012-1013, CVE-2012-1014, CVE-2012-1015
MD5 | 785121ba14deb07d09e780a9083a9e38
Red Hat Security Advisory 2012-1125-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3506, CVE-2011-3517, CVE-2011-4605, CVE-2011-4838, CVE-2012-0079, CVE-2012-0818, CVE-2012-2377
MD5 | 0e1c62579e79665cc4974b757ecb0fa8
Red Hat Security Advisory 2012-1123-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1123-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-3817
MD5 | c521f8ee4eeb6e4083da4880a8fc23d8
Red Hat Security Advisory 2012-1122-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1122-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-3817
MD5 | 441a43466c190cd60f82c2b71d975174
Secunia Security Advisory 50095
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 80cbe4d60c02d1d2c7d4aef16b145466
Secunia Security Advisory 50057
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for bind97. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, redhat
MD5 | 4641756353ac4aa64d311d072a6e4728
Secunia Security Advisory 50114
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | 8a9ac97e963572d8fc28a203ee1e78b0
Secunia Security Advisory 50079
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matt Andreko has discovered a vulnerability in Sysax Multi Server, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | 2d61d4df65bf13572051ebfdf400e028
Secunia Security Advisory 50069
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in IBM Rational Directory Server, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 543af9a2e17b2bd0e0e9dcb80681cda8
Secunia Security Advisory 50022
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Ushahidi, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 36e3b2a00caa5ed4d0a24277d5df65d0
Secunia Security Advisory 50063
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the PoodLL plugins for Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | ac8466769b4c1e74072df856bbf37f23
Secunia Security Advisory 50021
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two security issues and a vulnerability have been reported in Django, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, xss
MD5 | 3eda092ab574c2de69610f306c1b1867
Secunia Security Advisory 50099
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Backend Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | eb3105446a618a04f85ecebe3a003f5e
Secunia Security Advisory 50074
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Scrutinizer NetFlow and sFlow Analyzer, which can be exploited by malicious, local users to bypass certain security restrictions.

tags | advisory, local
MD5 | 50da6133a51c204ccf2146d2ae8948a0
Secunia Security Advisory 50116
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in ICONICS GENESIS32 and ICONICS BizViz, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | b3407e768cfe7071e0aef34b9745661c
DataWatch Monarch Business Intelligence (BI) 5.1 SQL Injection
Posted Jul 31, 2012
Authored by Dionach

DataWatch Monarch Business Intelligence (BI) version 5.1 suffers from a remote blind SQL injection vulnerability.

tags | advisory, remote, sql injection
MD5 | 98ae07f30ac4cf57bae8eaa18ee00c18
LedgerSMB 1.3 Denial Of Service
Posted Jul 31, 2012
Authored by Chris Travers

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.

tags | advisory, denial of service
MD5 | cb66e6f2346d3301da55e95082a1e4d3
Debian Security Advisory 2517-1
Posted Jul 31, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3817
MD5 | db2dc5ecc716dc162af2354786fe1bf0
Mandriva Linux Security Advisory 2012-110-1
Posted Jul 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-110 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Mario Gomes and research firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the address bar by canceling the page load. Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues. Various other security issues have also been addressed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1949, CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952, CVE-2012-1955, CVE-2012-1966, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1960, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1967
MD5 | fe7347ff232f759e1925b05ce60f0f75
Mandriva Linux Security Advisory 2012-119
Posted Jul 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-119 - High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a bad cache data structure before it has been initialized. The updated packages have been upgraded to bind 9.7.6-P2 and 9.8.3-P2 which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-3817
MD5 | f9530642686cb32cb7bb2fd45e7edcff
Page 1 of 21
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Google's Project Zero Exposes Unpatched Windows 10 Lockdown Bypass
Posted Apr 20, 2018

tags | headline, microsoft, flaw, google
LinkedIn Bug Allowed Data To Be Stolen From User Profiles
Posted Apr 20, 2018

tags | headline, privacy, data loss, flaw, social
Oracle Releases 254 Security Fixes
Posted Apr 20, 2018

tags | headline, flaw, patch, oracle, java
Yahoo! Webmail Hackers Faces 8 Years Inside
Posted Apr 20, 2018

tags | headline, hacker, email, yahoo
JP Morgan Ousted Security Chief Backed By Palantir After Executives Found Out He Was Spying On Them
Posted Apr 20, 2018

tags | headline, privacy, bank, fraud, spyware
PCI Council Releases Vastly Expanded Cards In Clouds Guidance
Posted Apr 19, 2018

tags | headline, bank, cybercrime, fraud
Gold Galleon Hackers Target Maritime Shipping Industry
Posted Apr 19, 2018

tags | headline, hacker, pirate
IKEA's TaskRabbit Back Online After Data Breach
Posted Apr 19, 2018

tags | headline, privacy, data loss
Facebook To Exclude Billions From European Privacy Laws
Posted Apr 19, 2018

tags | headline, government, privacy, facebook
Bitcoin Heist Suspect Reportly Walked Out Of Low-Security Prison, Onto Flight
Posted Apr 19, 2018

tags | headline, cybercrime, fraud
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close