Exploit the possiblities
Showing 1 - 25 of 433 RSS Feed

Files

Red Hat Security Advisory 2013-0580-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0580-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges.

tags | advisory, web, arbitrary, root
systems | linux, redhat, unix
advisories | CVE-2012-5519
MD5 | bf648581b4b83d21ae2b013ee0e991f5
Airvana HubBub C1-600-RT Cross Site Scripting
Posted Feb 28, 2013
Authored by Scott Behrens

The Airvana Airrave router version 2.5 suffers from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2013-2270
MD5 | 490b802295c66944961c4d1fe20a76c9
Red Hat Security Advisory 2013-0577-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0577-01 - In accordance with the Red Hat Enterprise Virtualization Errata Support Policy, the support for Red Hat Enterprise Virtualization 2 has ended. Customers are recommended to upgrade their existing Red Hat Enterprise Virtualization 2.x installations to version 3.0. The upgrade from RHEV Manager version 2.2 running on Microsoft Windows to Red Hat Enterprise Virtualization Manager 3.0 running on Red Hat Enterprise Linux is fully supported and requires no downtime, during the upgrade all virtual machines will continue to run without loss of service.

tags | advisory
systems | linux, redhat, windows
MD5 | 42bef1f6cce104224d5640cc8019ad5d
Red Hat Security Advisory 2013-0582-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162
MD5 | 719c5cded5fcfb6c3ff7f725bfff0228
Ubuntu Security Notice USN-1732-2
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-2 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0169
MD5 | 67e010cfecf21a6e2196f106c8536117
Mandriva Linux Security Advisory 2013-016
Posted Feb 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-016 - PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If a web application unserializes user-supplied data and tries to execute any method of it, an attacker can send serialized SoapClient object initialized in non-wsdl mode which will make PHP to parse automatically remote XML-document specified in the location option parameter. The updated packages have been upgraded to the 5.3.22 version which is not vulnerable to these issues. Additionally, some packages which requires so has been rebuilt for php-5.3.22.

tags | advisory, remote, web, arbitrary, php
systems | linux, mandriva
advisories | CVE-2013-1635, CVE-2013-1643
MD5 | 1c1539e7ef7a6c642a3752891f38667f
Ubuntu Security Notice USN-1754-1
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1754-1 - Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1775
MD5 | 4193e1a3602621cb1b67b6c0ed5ea93f
Drupal Clean 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Clean third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 315d22cd80990ffb4910e5bbfdfa6c40
Drupal Company Theme 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Company third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 0f031401cf583e2b6b15e8f4286d0f59
Red Hat Security Advisory 2013-0574-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0574-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. A specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. This update also fixes a permissions issue with the Adobe Flash Player Firefox sandbox.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-0504, CVE-2013-0643, CVE-2013-0648
MD5 | e7f3deae8aaeb5c5c04f5dcf8a0772f0
Drupal Professional 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Professional third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 998f70cb943793dfb9369965a0efe93e
Drupal Best Responsive 7.x Cross Site Scripting
Posted Feb 28, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Best Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | a401cddff474407b0a64a26dbd60c3ed
Cisco Security Advisory 20130227-hcs
Posted Feb 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of this vulnerability could interrupt the monitoring of voice services. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | b654275c7ac673b8f88943490f802023
Cisco Security Advisory 20130227-cups
Posted Feb 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | c2e6e112da98b99e3a17772fc7e31195
Ubuntu Security Notice USN-1753-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1753-1 - Sebastian Krahmer and Bastien Nocera discovered that DBus-GLib did not properly validate the message sender when the "NameOwnerChanged" signal was received. A local attacker could possibly use this issue to escalate their privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-0292
MD5 | 1197404d9c9e7ee2412477f130912b03
Debian Security Advisory 2633-1
Posted Feb 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2633-1 - Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-1423
MD5 | 64e0d3526698f131f0a1e0840655222c
Debian Security Advisory 2634-1
Posted Feb 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2634-1 - Several vulnerabilities have been discovered in python-django, a high-level python web development framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665
MD5 | ec59d53a4cee74e8933db14c4354a884
Drupal Creative Theme 7.x Cross Site Scripting
Posted Feb 27, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Creative Theme third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 04cfb5b46aa08c50889359355b388cfc
Drupal Fresh Theme 7.x Cross Site Scripting
Posted Feb 27, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Fresh Theme third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 8ffc66711f8bafd1e36eb4dc481cfd64
Ubuntu Security Notice USN-1752-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1752-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in GnuTLS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2013-1619
MD5 | d2dd30465967af3c5d699031c18c8a54
Ubuntu Security Notice USN-1751-1
Posted Feb 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1751-1 - Mathias Krause discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1763
MD5 | fb8dc1836462d211af1fc6812747e6f1
Red Hat Security Advisory 2013-0570-01
Posted Feb 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0570-01 - Oracle Java SE 6 will no longer receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Red Hat Network channels will continue to be available after February 28, 2013.

tags | advisory, java
systems | linux, redhat
MD5 | 1b3e9c616921f7140fed70e18225f47c
Red Hat Security Advisory 2013-0569-01
Posted Feb 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0569-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | f1fa6ca3fbcdc196fa2c6137375aa6d8
Red Hat Security Advisory 2013-0567-01
Posted Feb 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0567-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-0871
MD5 | 012cddc461348141987e78537673c9f6
Red Hat Security Advisory 2013-0568-01
Posted Feb 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0568-01 - dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-0292
MD5 | cad2f2a04c1f908669eccfe7f2ae5a89
Page 1 of 18
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close