ignore security and it'll go away
Showing 1 - 25 of 177 RSS Feed

Files

Drupal Flippy 7.x Access Bypass
Posted Jul 31, 2013
Authored by daviddr | Site drupal.org

Drupal Flippy third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 5a8d71d6a263d09d9c2e523e9254b29a
Ubuntu Security Notice USN-1920-1
Posted Jul 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1920-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | b1aeea2ce7a6f0dfa9615c0ef77ad088
Red Hat Security Advisory 2013-1121-01
Posted Jul 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1121-01 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2012-2664
MD5 | ab01156837ebb799fef874ae618f4beb
Mandriva Linux Security Advisory 2013-203
Posted Jul 31, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-203 - Multiple vulnerabilities have been discovered and corrected in phpmyadmin. Inclusive are cross site scripting, path disclosure, and SQL injection issues.

tags | advisory, vulnerability, xss, sql injection
systems | linux, mandriva
advisories | CVE-2013-4995, CVE-2013-4996, CVE-2013-4998, CVE-2013-5000, CVE-2013-5002, CVE-2013-5003
MD5 | 1b05573500d8fdec1a13aeea621f4792
Red Hat Security Advisory 2013-1120-01
Posted Jul 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1120-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration.

tags | advisory, remote, web, tcp
systems | linux, redhat
advisories | CVE-2013-2175
MD5 | 56a7e5820e6894300510e932df76538f
Red Hat Security Advisory 2013-1119-01
Posted Jul 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1119-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-2219
MD5 | 2d3dc56f41373bebb98b38079eba8e43
Mandriva Linux Security Advisory 2013-204
Posted Jul 31, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-204 - An updated wireshark package fixes multiple security vulnerabilities. The Bluetooth SDP dissector could go into a large loop. The DIS dissector could go into a large loop. The DVB-CI dissector could crash. The GSM RR dissector could go into a large loop. The GSM A Common dissector could crash. The Netmon file parser could crash. The ASN.1 PER dissector could crash.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4927, CVE-2013-4929, CVE-2013-4930, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935
MD5 | 51ffb4703a68ca3ad1659d26735a2dff
Red Hat Security Advisory 2013-1115-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1115-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4854
MD5 | 9c65945612e3581011723ef25d54df28
Red Hat Security Advisory 2013-1116-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1116-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that Red Hat Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-2219
MD5 | 39fc28a50880b164efb211cd9e901332
Red Hat Security Advisory 2013-1114-01
Posted Jul 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1114-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4854
MD5 | 89b30d877c8ab37edd6678c40156375d
HP Security Bulletin HPSBGN02904
Posted Jul 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02904 - Potential security vulnerabilities have been identified with HP SiteScope running SOAP. The vulnerabilities could be remotely exploited to allow execution of code. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2013-2367
MD5 | baea08097059aa34e175c45855634e8d
Ubuntu Security Notice USN-1914-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1914-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | cf38aba678e6d1443fe7fc99783ec1c3
Ubuntu Security Notice USN-1912-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1912-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851
MD5 | f7081bbd33fd99951255957966b1d807
Ubuntu Security Notice USN-1913-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1913-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851
MD5 | 15593f075ab1375f6bf2ad62c532c290
Ubuntu Security Notice USN-1918-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1918-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 334b45483613f6e585f6541bee6932d3
Ubuntu Security Notice USN-1917-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1917-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | f59e6e241936919b46f7f7d31f47d7ad
Ubuntu Security Notice USN-1919-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1919-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | b4c08885e4786f1af20ba426c85f500f
Ubuntu Security Notice USN-1915-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1915-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 350ffcd77f0b13e37295bc1d0cdfefe9
Ubuntu Security Notice USN-1916-1
Posted Jul 30, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1916-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2852
MD5 | 0cb60c758ed5219a86c8591323aab74b
Debian Security Advisory 2731-1
Posted Jul 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2731-1 - Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.

tags | advisory, local
systems | linux, debian
advisories | CVE-2013-4242
MD5 | 186cef92434fe810db9d11d6c7553ae9
Ubuntu Security Notice USN-1911-1
Posted Jul 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1911-1 - It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4160
MD5 | 26389e2f60404d8f7ab9cf3796f09bdf
EMC NetWorker Information Disclosure
Posted Jul 29, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Versions affected include EMC NetWorker 8.0.0.x, 8.0.1.x, and 7.6.x.x.

tags | advisory
advisories | CVE-2013-0943
MD5 | e330884abd7899cc0cd10e53e1f4d026
FreeBSD Security Advisory - NFS Incorrect Privilege Validation
Posted Jul 29, 2013
Authored by Tim Zingelman, Christopher Key, Rick Macklem | Site security.freebsd.org

FreeBSD Security Advisory - The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks.

tags | advisory, remote, kernel, root
systems | freebsd
advisories | CVE-2013-4851
MD5 | cbce467b7418702904d48e4d09f0a883
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jul 29, 2013
Authored by Maxim Shudrak | Site security.freebsd.org

FreeBSD Security Advisory - Due to a software defect a specially crafted query which includes malformed rdata, could cause named(8) to crash with an assertion failure and rejecting the malformed query. This issue affects both recursive and authoritative-only nameservers.

tags | advisory
systems | freebsd
advisories | CVE-2013-4854
MD5 | d067b3d4cb8f83293e2e8c872f363ce9
Debian Security Advisory 2730-1
Posted Jul 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2730-1 - Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.

tags | advisory, local
systems | linux, debian
advisories | CVE-2013-4242
MD5 | 3919d7da930a5f478fa1fc4a5c9c7c44
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
Equifax Removes Webpage After Malware Issue
Posted Oct 12, 2017

tags | headline, malware, fraud, flaw, adobe
Malware Checks Into Hyatt Hotels Again
Posted Oct 12, 2017

tags | headline, privacy, malware, bank, cybercrime, data loss, fraud
Rick And Morty Episode? Nope, Another CoinMiner
Posted Oct 12, 2017

tags | headline, fraud, cryptography
Judge Says US Government Has No Right To Rummage Through Anti-Trump Protest Website Logs
Posted Oct 12, 2017

tags | headline, government, privacy, usa, fraud
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close