what you don't know can hurt you
Showing 1 - 25 of 193 RSS Feed

Files

Ubuntu Security Notice USN-2010-1
Posted Oct 31, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2010-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Jordi Chancel discovered that HTML select elements could display arbitrary content. If a user had scripting enabled, an attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2013-5590, CVE-2013-5591, CVE-2013-5593, CVE-2013-5604, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
MD5 | 557b1f920c1d69a8b8ce2279ae57e2f7
Red Hat Security Advisory 2013-1490-01
Posted Oct 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1490-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way IP packets with an Internet Header Length of zero were processed in the skb_flow_dissect() function in the Linux kernel. A remote attacker could use this flaw to trigger an infinite loop in the kernel, leading to a denial of service. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-2888, CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, CVE-2013-2896, CVE-2013-4299, CVE-2013-4343, CVE-2013-4345, CVE-2013-4348, CVE-2013-4350, CVE-2013-4387
MD5 | e0226eb9e649efbdcf79cac838e77f1e
Mandriva Linux Security Advisory 2013-264
Posted Oct 31, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-264 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by these security flaws.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1739, CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | 33c6a56afd1a36e4168ab6db4a04e61f
Debian Security Advisory 2788-1
Posted Oct 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2788-1 - Multiple security issues have been found in iceweasel, Debian's version other implementation errors may lead to the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | 21e003c3cbd4d375206d7068142451e7
Drupal Monster Menus 7.x Access Bypass
Posted Oct 30, 2013
Authored by Dan Wilga | Site drupal.org

Drupal Monster Menus third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 48c402d729d1d8fb245381edb89fb743
Drupal Feed Element Mapper 6.x Cross Site Scripting
Posted Oct 30, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Feed Element Mapper third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 90cad66f3376cb895ea6b526f4d2892c
Cisco Security Advisory 20131030-asr1000
Posted Oct 30, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains multiple denial of service vulnerabilities. Successful exploitation of any of these vulnerabilities could allow an unauthenticated remote attacker to trigger a reload of the embedded services processors (ESP) card or the route processor (RP) card, causing an interruption of services. Repeated exploitation could result in a sustained DoS condition. Note: Cisco IOS Software and Cisco IOS-XR Software are not affected by these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
MD5 | 4f7333e0afe6e43335d3ba0b5ede94fd
Drupal Quiz 6.x Access Bypass
Posted Oct 30, 2013
Authored by nirvanajyothi, Cat Hirst | Site drupal.org

Drupal Quiz third party module version 6.x suffers from multiple access bypass vulnerabilities.

tags | advisory, vulnerability
MD5 | a88dcca090def5cb305f966bc8a1ee47
EMC Unisphere For VMAX Information Disclosure
Posted Oct 30, 2013
Site emc.com

EMC Unisphere for VMAX versions 1.0, 1.1, 1.5, and 1.6 suffer from an LDAP related information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2013-3287
MD5 | a0c5c86f48497b126155ea8fa5971a9c
Drupal FileField Sources 6.x / 7.x Access Bypass
Posted Oct 30, 2013
Authored by Joseph Lee | Site drupal.org

Drupal FileField Sources third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 78d140fb66dd225af3a9166550cfd79c
Red Hat Security Advisory 2013-1482-01
Posted Oct 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1482-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.

tags | advisory
systems | linux, redhat
MD5 | 420b7de6493391a703ff9ff8c0d7841e
Red Hat Security Advisory 2013-1480-01
Posted Oct 30, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1480-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thunderbird JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | c85780837dfcd3b0c46e2a61dc9a0f49
Mandriva Linux Security Advisory 2013-263
Posted Oct 30, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-263 - It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. The updated packages have been patched to correct this issue.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2013-6172
MD5 | 965e821dd48f82ea5726742aaab4d57b
Ubuntu Security Notice USN-2009-1
Posted Oct 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2009-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Jordi Chancel discovered that HTML select elements could display arbitrary content. An attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2013-5592, CVE-2013-5593, CVE-2013-5604, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5602, CVE-2013-5603, CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604
MD5 | d99b26a3ad903065242c1173bde38da3
Red Hat Security Advisory 2013-1474-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1474-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | 9e13b2ee231bfa2a58a2ef96aa6b416b
Red Hat Security Advisory 2013-1473-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1473-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | b37cf5da1da6c875d4c240a0b265a21c
Red Hat Security Advisory 2013-1460-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1460-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4282
MD5 | 7123c56c91833d1a35e693ed914d2ef0
Red Hat Security Advisory 2013-1476-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1476-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
MD5 | 0670605d5acaaae6a3c2623c7347d636
Red Hat Security Advisory 2013-1475-01
Posted Oct 29, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1475-01 - PostgreSQL is an advanced object-relational database management system. An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service or disclosure of certain portions of server memory. A flaw was found in the way the pgcrypto contrib module of PostgreSQL initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2013-0255, CVE-2013-1900
MD5 | dffdfbce766d683054eb367ab26deb30
EMC NetWorker Information Disclosure
Posted Oct 29, 2013
Site emc.com

A vulnerability exists in EMC NetWorker that could allow exposure of sensitive information under specific circumstances. EMC NetWorker version 8.0.x is affected.

tags | advisory
advisories | CVE-2013-3285
MD5 | f614cc7f3cbbb2cec2e4545dd6df1954
Google Play Billing Bypass
Posted Oct 29, 2013
Authored by Dominik Schurmann

All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.

tags | advisory, vulnerability, bypass
MD5 | cb12fd4d1e90a23b8c164629f9856f8d
Nagios Looking Glass 1.1.0 Beta 2 Local File Inclusion
Posted Oct 28, 2013
Authored by Vyacheslav Egoshin

Nagios Looking Glass versions 1.1.0 beta 2 and below suffer from a local file inclusion vulnerability.

tags | advisory, local, file inclusion
MD5 | 93c8d2bb6a3bf34ac4ae8484cfdc6ac7
Mandriva Linux Security Advisory 2013-262
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-262 - In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal sensitive information or cryptographic keys to remote attackers.

tags | advisory, remote, crypto
systems | linux, mandriva
advisories | CVE-2013-1445
MD5 | c914eb6d7cd918d111b7385f10b3736c
Mandriva Linux Security Advisory 2013-261
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-261 - Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-4421, CVE-2013-4434
MD5 | 8acc3d49b0f96fe673ed7e7b8514305b
Mandriva Linux Security Advisory 2013-260
Posted Oct 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-260 - Multiple vulnerabilities have been discovered and corrected in x11-server. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-1166, CVE-2011-4028, CVE-2013-1940, CVE-2013-4396
MD5 | e3591cc9c7148e10a44ce40218eb092e
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close