all things security
Showing 1 - 25 of 229 RSS Feed

Files

Debian Security Advisory 2656-1
Posted Mar 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2656-1 - Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2013-2266
MD5 | 5ed1fd977782ea5eccd59456dc1a3466
Technical Cyber Security Alert 2013-088A
Posted Mar 30, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-088A - A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.

tags | advisory, denial of service
MD5 | 4ca42cfab86018f9db32f526263fee25
Slackware Security Advisory - libssh Updates
Posted Mar 30, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libssh packages are available for Slackware 14.0, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-0176
MD5 | a02c1c2ce7e9098a631e2d19024e955d
HP Security Bulletin HPSBUX02859 SSRT101144
Posted Mar 30, 2013
Site hp.com

HP Security Bulletin HPSBUX02859 SSRT101144 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS) or Execute Arbitrary Code. Revision 1 of this advisory.

advisories | CVE-2009-0158, CVE-2009-0159, CVE-2009-3563
MD5 | f111df3c200dc90354002b61f3ac8dfd
Ubuntu Security Notice USN-1783-1
Posted Mar 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1783-1 - Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2266
MD5 | f835413ca1aa2bb19c321f078e829e68
Debian Security Advisory 2655-1
Posted Mar 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2655-1 - Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, debian
advisories | CVE-2011-2932, CVE-2012-3464, CVE-2012-3465, CVE-2013-1854, CVE-2013-1855, CVE-2013-1857
MD5 | 6e9a4c36a5c842bbc63f38cb0b1539e7
Red Hat Security Advisory 2013-0689-01
Posted Mar 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-2266
MD5 | cf7e62f486d152619cd602cc94117fab
Red Hat Security Advisory 2013-0691-01
Posted Mar 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0691-01 - Red Hat Storage is a software only, scale-out storage solution that provides flexible and agile unstructured data storage for the enterprise. A flaw was found in the way the Swift component used Python pickle. This could lead to arbitrary code execution. With this update, the JSON format is used. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack.

tags | advisory, arbitrary, local, root, code execution, python
systems | linux, redhat
advisories | CVE-2012-4406, CVE-2012-5635, CVE-2012-5638
MD5 | 1dcd3fbb4f13f36f971ca73d88fd152c
Red Hat Security Advisory 2013-0690-01
Posted Mar 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-2266
MD5 | fce351f8b68afdcd0216c43bbe76c25b
Red Hat Security Advisory 2013-0688-01
Posted Mar 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0688-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 5.3 will be retired on March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.3 AMC after that date.

tags | advisory
systems | linux, redhat
MD5 | d12d9b8cbe0651ec8215ee84714a89c9
Ubuntu Security Notice USN-1782-1
Posted Mar 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1782-1 - It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0338
MD5 | 4fb039c63bf3b2f82997b99fbc7a8ae6
Asterisk Project Security Advisory - AST-2013-003
Posted Mar 28, 2013
Authored by Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

tags | advisory
advisories | CVE-2013-2264
MD5 | 43a1293557b3fa72ea85345a7645b421
Cisco Security Advisory 20130327-rsvp
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
MD5 | 6a665c100d3ba34b0c22eda59bcec743
Drupal Common Wikis 7.x Access Bypass / Privilege Escalation
Posted Mar 28, 2013
Authored by Ezra Barnett Gildesgame, Joseph Pontani, Jakob Perry | Site drupal.org

Drupal Common Wikis third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
MD5 | f8f004c348fc5d4bb65bf161bcbfa6b5
EMC Smarts Product Cross Site Scripting
Posted Mar 28, 2013
Site emc.com

EMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.

tags | advisory, xss
advisories | CVE-2013-0936
MD5 | c2bc9f8b7521e146d83e67ae084c8a2c
Asterisk Project Security Advisory - AST-2013-002
Posted Mar 28, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.

tags | advisory, web, denial of service
advisories | CVE-2013-2686
MD5 | ae7f44d97919b080bfab8ac0fefe27d5
Cisco Security Advisory 20130327-ike
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, denial of service
systems | cisco
MD5 | 11844e9a9de030a5fc95cbb47821201f
Drupal Common Groups 7.x Access Bypass / Privilege Escalation
Posted Mar 28, 2013
Authored by Ezra Barnett Gildesgame, Joseph Pontani, Jakob Perry | Site drupal.org

Drupal Common Groups third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
MD5 | d4c570dfea778a3b7df86192c1ba1a1b
Cisco Security Advisory 20130327-nat
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 1134c69a818428829942f03097b6cad9
Asterisk Project Security Advisory - AST-2013-001
Posted Mar 28, 2013
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.

tags | advisory, arbitrary
advisories | CVE-2013-2685
MD5 | 2f1e20b7186fbfd0411b4581c2fd8e8e
Drupal Rules 7.x Cross Site Scripting
Posted Mar 28, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Rules third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | da0b7cce077bc4f5ac2ffc0ec665dd02
Cisco Security Advisory 20130327-smartinstall
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 92ac3270dbf3874cd0968ae27ef4abcf
Drupal Zero Point 7.x Cross Site Scripting
Posted Mar 28, 2013
Authored by Dennis Walgaard | Site drupal.org

Drupal Zero Point third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 6b9e2a62702564f874fd37ce748cc084
Cisco Security Advisory 20130327-pt
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | f8116adf42a137bba67df19e7b587065
Red Hat Security Advisory 2013-0687-01
Posted Mar 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0687-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1591
MD5 | f9dff0588d1e5659167e50c12327a6b5
Page 1 of 10
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close