exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 168 RSS Feed

Files

Ubuntu Security Notice USN-1891-1
Posted Jun 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1891-1 - Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free bugs. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2013-1685,CVE-2013-1686) Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1682, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697, CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | 3ed99560bfcc1801f775973b6f002c03a20fca98adaee9a2e0e5b6eeac71f887
Debian Security Advisory 2716-1
Posted Jun 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2716-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery.

tags | advisory, web, arbitrary, vulnerability, info disclosure, csrf
systems | linux, debian
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | 5ebe91542f6fe7da0420bd343e5011912bd953cd6de2607de103d318b6008305
Ubuntu Security Notice USN-1890-1
Posted Jun 27, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1890-1 - Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free bugs. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699, CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695, CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699
SHA-256 | ac94c2cd9ce8eb413dd2b48e8bd494ce46fe84e71be3a9fb57c00d03ebbeeaff
Cisco Security Advisory 20130626-wsa
Posted Jun 27, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by multiple command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, web, denial of service, vulnerability
systems | cisco
SHA-256 | bc277a683674b0d081255c33fb124f365f7e4cf928a696d60228bf202361ef7b
Cisco Security Advisory 20130626-esa
Posted Jun 26, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | 932804e2be92ceffb38ea7ef95554351baadb97daa74dff946b5066e74d61a87
Mandriva Linux Security Advisory 2013-179
Posted Jun 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-179 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. Various other security issues were also addressed. The mozilla firefox packages have been upgraded to the latest ESR version which is unaffected by these security flaws.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | b0b72cafbc2361750e49e061e443bf4c31ccb39cd9f5d1f6c678247054a8cf27
Drupal Fast Permissions Administration Access Bypass
Posted Jun 26, 2013
Authored by Philip Boden | Site drupal.org

Drupal Fast Permissions Administration third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 11a82716b74d3388b64c64bd8529925dddcbabc2d3026fe8afbb8b4d42c34108
Debian Security Advisory 2714-1
Posted Jun 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2714-1 - Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation.

tags | advisory, kernel
systems | linux, freebsd, debian
advisories | CVE-2013-2171
SHA-256 | 26e535e94e7f71003a1fffd0d098d7f8d670f7c87a3b3313885b7e81b305b395
Red Hat Security Advisory 2013-0982-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0982-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.

tags | advisory, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | 91f56531f39853c2f2a1ca750e63373cbb3dcd514af9628c72e9ad093402a100
Mandriva Linux Security Advisory 2013-177
Posted Jun 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-177 - Updated dbus packages fix security vulnerability. Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to complete system crash.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2013-2168
SHA-256 | ed69c941247755b87316d8236dd675a2060fc54bc73a88d694ef3c9461b2a491
Red Hat Security Advisory 2013-0981-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0981-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that Firefox allowed data to be sent in the body of XMLHttpRequest HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery attacks.

tags | advisory, web, arbitrary, csrf
systems | linux, redhat
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
SHA-256 | bb2fefe37dacf96fb5a3a797951020c7907c180ac273dbfd9ed79f4bd0e90792
Microsoft Security Bulletin Re-Release For June, 2013
Posted Jun 25, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for June, 2013.

tags | advisory
SHA-256 | 7be8a748fe11f05e2477449bf46e22be71e0183fc7fe28d11901091eee25333c
HP Security Bulletin HPSBHF02878
Posted Jun 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02878 - A potential security vulnerability has been identified with the HP Smart Zero Client. This vulnerability could be exploited by a local user on the device to gain unauthorized access. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2013-2339
SHA-256 | 91be9a52473f882f112ec519c2376429e317345e0d0a9fcedb76aeeda522a789
Mandriva Linux Security Advisory 2013-178
Posted Jun 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-178 - Updated nfs-utils packages fix a security vulnerability. It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to a victim's computer, they would be able to trick rpc.gssd into talking to another server than the intended server (with stricter security). If the victim has write access to the second server, and the attacker has read access (when they normally might not on the secure server), the victim could write files to that server, which the attacker could obtain (when normally they would not be able to). To the victim this is transparent because the victim's computer asks the KDC for a ticket to the second server due to reverse DNS resolution; in this case Krb5 authentication does not fail because the victim is talking to the correct server.

tags | advisory, spoof
systems | linux, mandriva
advisories | CVE-2013-1923
SHA-256 | a1e3a132caeeb99ce5cc2a4afed913edaa8f9c54dbe4627d420f48c92e348f9f
Red Hat Security Advisory 2013-0983-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2013-2174
SHA-256 | a7fa5f3acd97b0e062e7116dd627f4fc0ac45395d1e94fe95cabb6cf342a2e84
Debian Security Advisory 2713-1
Posted Jun 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2713-1 - Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2013-2174
SHA-256 | 2a3177b0decec0b66bb06d3fca3d92f4d480348652de9adecb14f0adf482aa97
Mandriva Linux Security Advisory 2013-176
Posted Jun 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-176 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5532, CVE-2012-6548, CVE-2012-6549, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0290, CVE-2013-0311, CVE-2013-0914, CVE-2013-1763, CVE-2013-1767, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2141, CVE-2013-2146, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2596, CVE-2013-2634, CVE-2013-2635
SHA-256 | ae2f3459ec3bdf76b4bab9b9b1aed7e5bb62fecbaa5d70cf041846a180464d66
Slackware Security Advisory - curl Updates
Posted Jun 24, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2174.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-2174
SHA-256 | 855af579db0811459acf4ff6e9f91c46f29a0716757bc8ca7f05fa2b305301ff
HP Security Bulletin HPSBUX02876 SSRT101148 2
Posted Jun 21, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02876 SSRT101148 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2013-2266
SHA-256 | 8b167f87f0c9355815506c7eeefa983f0028d1289171609aacb0fef7b45c84a6
Ubuntu Security Notice USN-1887-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.

tags | advisory, remote, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2012-4406, CVE-2013-2161, CVE-2012-4406, CVE-2013-2161
SHA-256 | 5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfa
Ubuntu Security Notice USN-1889-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1889-1 - David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2175
SHA-256 | 170292e05c69610f96572ca3fc5b216de334532198eb00640de7931e0985c857
Ubuntu Security Notice USN-1888-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1888-1 - It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1872, CVE-2013-1993, CVE-2013-1872, CVE-2013-1993
SHA-256 | fb7ddb2e13b7cbcbdd9feed3cb6af9c5992db485bff28fb98a834c152dcbdaed
Red Hat Security Advisory 2013-0963-01
Posted Jun 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0963-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463
SHA-256 | fa788ed6640724a39a9d27888724662f9a0a62c5a8c9253349f00f832be6d023
Red Hat Security Advisory 2013-0964-01
Posted Jun 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0964-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-2067
SHA-256 | d96b4622d35295cb0cd295bda0028994ae0856b43e509797204db45817e27fea
Cisco Security Advisory 20130619-tpc
Posted Jun 20, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate the Cisco TelePresence TC and TE Software SIP Denial of Service vulnerabilities are available.

tags | advisory, remote, denial of service, shell, root, vulnerability, protocol
systems | cisco
SHA-256 | ead88e974b036c9c7fbb50018682a7c6c17b58507aa6e49c8be0b7d9d6c659ee
Page 2 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close