Exploit the possiblities
Showing 1 - 25 of 168 RSS Feed

Files

Debian Security Advisory 2717-1
Posted Jun 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2717-1 - Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2013-2210
MD5 | e77b2ac1c69587019e6303726502b7af
Mandriva Linux Security Advisory 2013-186
Posted Jun 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-186 - Updated puppet packages fix remote code execution vulnerability. When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.

tags | advisory, remote, code execution, ruby
systems | linux, mandriva
advisories | CVE-2013-3567
MD5 | d84c160ca7e05a2b999e98cd41a576ac
Slackware Security Advisory - ruby Updates
Posted Jun 28, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4073.

tags | advisory, ruby
systems | linux, slackware
advisories | CVE-2013-4073
MD5 | 4f6fde76da879e81713e68dd639551e4
Red Hat Security Advisory 2013-1001-01
Posted Jun 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1001-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired on December 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, after December 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.

tags | advisory
systems | linux, redhat
MD5 | d6e9e6e8bab7cfee4a7eb576004543db
Sony Playstation Network Password Reset
Posted Jun 28, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A critical password reset (session) vulnerability was detected in the Sony PSN Network web server auth system account application. The vulnerability allows remote attackers without a privileged application account to exchange session values and reset any psn user accounts.

tags | advisory, remote, web
MD5 | d6e4bc15b8000387851d15849913b56b
Apache Santuario XML Security For C++ Heap Overflow
Posted Jun 27, 2013
Authored by Jon Erickson

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154, CVE-2013-2210
MD5 | 94f3d21daa75c010adc2c62206b9ca7d
HP Security Bulletin HPSBUX02886
Posted Jun 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02886 - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, shell
systems | hpux
advisories | CVE-2010-5107
MD5 | 5b1893de2900ee77fcd2f6bd22011007
HP Security Bulletin HPSBST02890
Posted Jun 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02890 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. A user who is logged in via the HPSupport user account does not have access to the data that has been backed up to the HP StoreOnce Backup system, and hence is not able to read or download the backed up data. However, it is possible to reset the device to factory defaults, and hence delete all backed up data that is present on the device. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-2342
MD5 | b63d30eb84bd01e6b908a514cacd7356
Red Hat Security Advisory 2013-0992-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0992-01 - Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw was found in the way python-keystoneclient handled encrypted data from memcached. Even when the memcache_security_strategy setting in "/etc/swift/proxy-server.conf" was set to ENCRYPT to help prevent tampering, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to bypass intended restrictions and modify data in memcached that will later be used by services utilizing python-keystoneclient.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2013-2166, CVE-2013-2167
MD5 | 4eeb9d4e18db369c37944f65c60769f3
Red Hat Security Advisory 2013-0997-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0997-01 - This is the 5-Month notification of the End Of Life plans for Red Hat Storage Software Appliance 3.2 and Red Hat Virtual Storage Software Appliance 3.2. In accordance with the Red Hat Storage Software Appliance Support Life Cycle Policy, support will end on November 30, 2013. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat Storage Server product once the life cycle for SSA and VSA is complete. If customers cannot migrate, the product will become unsupported. In addition, after November 30, 2013, technical support through Red Hat’s Global Support Services will no longer be provided. We encourage customers to plan their migration from Storage Software Appliance 3.2 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.

tags | advisory
systems | linux, redhat
MD5 | e918eb2e9ba033725b43ec2f02ffc2a1
Red Hat Security Advisory 2013-0993-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0993-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. An XML injection flaw in OpenStack Swift could allow remote attackers to manipulate the contents of XML responses via specially-crafted data. This could be used to trigger a denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-2161
MD5 | 4671a0bd48279fb67b8ad8d799857797
Red Hat Security Advisory 2013-0996-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0996-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.6 will be retired on July 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.

tags | advisory
systems | linux, redhat
MD5 | 67bb0d0dacc01ee2b92ad0d013b44a33
Red Hat Security Advisory 2013-0994-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0994-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-2157
MD5 | e241a0013afa054da6c5a8578ae3e5ef
Red Hat Security Advisory 2013-0995-01
Posted Jun 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0995-01 - A flaw was found in the create method of the Foreman Bookmarks controller. A user with privileges to create a bookmark could use this flaw to execute arbitrary code with the privileges of the user running Foreman, giving them control of the system running Foreman and all systems managed by Foreman.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-2113, CVE-2013-2121
MD5 | 2e27abd7dce5c3e457e195e62642dbe4
Debian Security Advisory 2715-1
Posted Jun 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2715-1 - It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2013-3567
MD5 | f3e66ef67821a19fc6cd2c36bfee688f
Ubuntu Security Notice USN-1893-1
Posted Jun 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1893-1 - Alexander Klink discovered that the Subversion mod_dav_svn module for Apache did not properly handle a large number of properties. A remote authenticated attacker could use this flaw to cause memory consumption, leading to a denial of service. Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain LOCKs. A remote authenticated attacker could use this flaw to cause Subversion to crash, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884, CVE-2013-1968, CVE-2013-2112, CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849, CVE-2013-1884, CVE-2013-1968, CVE-2013-2112
MD5 | c833818fc32e4a1d42b2569f97fe21ce
Ubuntu Security Notice USN-1892-1
Posted Jun 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1892-1 - It was discovered that ubuntu-release-upgrader would fail when a user requested an upgrade to Ubuntu 13.04. This would prevent a user from migrating easily to Ubuntu 13.04 before the Ubuntu 12.10 support period ended.

tags | advisory
systems | linux, ubuntu
MD5 | 09daf7a42a5f1d68d63446ed8ea47bad
Mandriva Linux Security Advisory 2013-185
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-185 - Updated perl-Module-Signature package fixes CVE-2013-2145. Arbitrary code execution vulnerability in Module::Signature before 0.72.

tags | advisory, arbitrary, perl, code execution
systems | linux, mandriva
advisories | CVE-2013-2145
MD5 | c96266e2e5eba319baed63a28f85af65
Mandriva Linux Security Advisory 2013-184
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-184 - Updated perl-Dancer package fixes CVE-2012-5572. A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie() and cookies() methods. A remote attacker could use this flaw to inject arbitrary headers into responses from applications, that use Dancer.pm.

tags | advisory, remote, web, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2012-5572
MD5 | d3717a5c5bb6b1ddd8ee7165ad1c1b80
Mandriva Linux Security Advisory 2013-183
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-183 - Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. Various other issues were addressed.

tags | advisory, java, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472
MD5 | 84a10f72031d9918827ec433ca37e07a
Mandriva Linux Security Advisory 2013-182
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-182 - Updated mesa packages fix multiple vulnerabilities. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-1872, CVE-2013-1993
MD5 | fa0e2202a9160638315a3d0f4227eece
Mandriva Linux Security Advisory 2013-181
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-181 - Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XF86DRIOpenConnection and XF86DRIGetClientDriverName functions. The updated packages have been patched to correct this issue.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-1993
MD5 | 414e91553320da09db09d3f2c1b16d58
Mandriva Linux Security Advisory 2013-180
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-180 - libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2174
MD5 | ce001f7e3f8ac0ca3d741d058b0161c2
Cisco Security Advisory 20130626-ngfw
Posted Jun 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ASA Next-Generation Firewall (NGFW) Services contains a Fragmented Traffic Denial of Service (DoS) vulnerability. Successful exploitation of this vulnerability on the Cisco ASA NGFW could cause the device to reload or stop processing user traffic that has been redirected by the parent Cisco ASA to the ASA NGFW module for further inspection. There are no workarounds for this vulnerability, but mitigations are available. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service
systems | cisco
MD5 | a1a5901e7a3157972080b7a14d7e1cdf
Cisco Security Advisory 20130626-sma
Posted Jun 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Content Security Management Appliance is affected by command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, denial of service, vulnerability
systems | cisco
MD5 | 8cccfb82e39b887291b0a5737d280cf9
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
FCC Blocks LEA Net Neutrality Comment Investigation
Posted Dec 13, 2017

tags | headline, government, usa, russia, fraud
Starbucks Wi-Fi Makes Computers Mine Cryptocurrency
Posted Dec 13, 2017

tags | headline, hacker, wireless, fraud, cryptography
Put Down The Eggnog, It's Patch Tuesday
Posted Dec 13, 2017

tags | headline, microsoft, flaw, patch
Archive Of 1.4 Billion Creds Found On Dark Web
Posted Dec 12, 2017

tags | headline, hacker, data loss, password
MoneyTaker Steals Millions From US, UK, Russian Banks
Posted Dec 12, 2017

tags | headline, malware, bank, usa, britain, russia, cybercrime, fraud
Web Pioneers Plead To Cancel US Net Vote
Posted Dec 12, 2017

tags | headline, government, usa, fraud
Google Releases Tool To Help iPhone Hackers
Posted Dec 12, 2017

tags | headline, hacker, phone, google, apple
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close