exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 193 RSS Feed

Files

Drupal Spaces 6.x Access Bypass
Posted Oct 23, 2013
Authored by Hunter Fox | Site drupal.org

Drupal Spaces third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | df3e0fcffa7289c1f26334f4231e81a29adcea09a16966d616fdf1a5fdcb3a0f
Cisco Security Advisory 20131023-iosxr
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling fragmented packets that may result in a denial of service condition of the Cisco CRS Route Processor cards listed under "Affected Products". The vulnerability affects IOS XR Software versions 3.3.0 to 4.2.0. The vulnerability is a result of improper handing of fragmented packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the SMU for CSCtz62593 are not affected by this vulnerability. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco, osx, ios
SHA-256 | ed63f824d536f6bf27a168cf61ea113a3a4f38fecf82bf83014bc5a3d93e2f0d
Cisco Security Advisory 20131023-ise
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains the arbitrary command execution and authentication bypass vulnerabilities. Successful exploitation of Cisco ISE Authenticated arbitrary command execution vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information download authentication bypass vulnerability could allow an attacker to obtain sensitive information including administrative credentials.

tags | advisory, remote, arbitrary, vulnerability, bypass
systems | cisco
SHA-256 | f4a9a1b82bf3ddc9ef51a98ce97dca0268226fb4a5465b44488089166821760f
Cisco Security Advisory 20131023-struts2
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options.

tags | advisory, remote, arbitrary
systems | cisco
SHA-256 | 08ccd9dce572e6e9d6b66d224373326a1c84b94213d1a961cba1f28be3e298e4
Ubuntu Security Notice USN-2005-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2005-1 - Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. Grant Murphy discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4183, CVE-2013-4202, CVE-2013-4179, CVE-2013-4183, CVE-2013-4202
SHA-256 | c777310c03c01583333fab2c17424fcb89ab74aada494927544c9f3dc1f62ca7
Ubuntu Security Notice USN-2004-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2004-1 - Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2013-4111
SHA-256 | 49833e618822d71e2bcc8b846d23ba92227a7be26865b3323fd15cf894feac55
Ubuntu Security Notice USN-2002-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2002-1 - Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4222, CVE-2013-4294, CVE-2013-4222, CVE-2013-4294
SHA-256 | f6c7d78a98e19bff9d96af24e8f2c061c076b9f02b37bf3bb46129464f18077f
Ubuntu Security Notice USN-2003-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2003-1 - Stuart McLaren discovered that Glance did not properly enforce the 'download_image' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4428
SHA-256 | 5bcbdd5172766f1b92e4ef0b761c84adf1aef699272f16fcfbd37fb1410bdc54
Ubuntu Security Notice USN-2001-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2001-1 - Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4155
SHA-256 | 73226047ae2dbc4a6888652a822a499a41ebc82357f5abd22238f6d268c6e4d1
Ubuntu Security Notice USN-2000-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2000-1 - It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. Grant Murphy discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-2256, CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-4278
SHA-256 | eb4e594341e0a8e657da13d029ba42e404cf5d54c108b6fc6051975c9ea0508f
Red Hat Security Advisory 2013-1456-01
Posted Oct 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1456-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073
SHA-256 | 5f2a4d8e195f018a24a54b255421a802c2fe7798ae208c88ddb47eb51cc14a7c
Red Hat Security Advisory 2013-1455-01
Posted Oct 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1455-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561
SHA-256 | 2a16ca4e3556d5578b8bb8f42cdd84dd4a88fcdcdffc9e83948a5f1f3e4d7b65
Mandriva Linux Security Advisory 2013-257
Posted Oct 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-257 - Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the flaw has been fixed in NSS. The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11. The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory.

tags | advisory, remote, denial of service, root
systems | linux, mandriva
advisories | CVE-2013-1739
SHA-256 | f1386d2817faab7a95e01d2ce8eef7faadad17f6df2003fbcbe1f9bbbd73a913
WordPress e-Commerce Payment Gateways Caller Local File Inclusion
Posted Oct 23, 2013
Authored by Keith Makan

WordPress e-Commerce Payment Gateways Caller plugin versions prior to 0.1.1 suffer from a local file inclusion vulnerability.

tags | advisory, local, file inclusion
SHA-256 | 4b7cc666e0544bf1b99dc9b0b53a2d7281d3b66937b17f7d862c053ee55c7440
Packet Storm Advisory 2013-1022-1 - Microsoft Silverlight Invalid Typecast / Memory Disclosure
Posted Oct 23, 2013
Authored by Vitaliy Toropov | Site packetstormsecurity.com

Microsoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.

tags | advisory, arbitrary, vulnerability, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896
SHA-256 | 3bb4d92511f689e34dee499a420b6463240d5b229dbaa5033abb953fb0ba3421
Netgear ReadyNAS Complete System Takeover
Posted Oct 23, 2013
Authored by Craig Young | Site tripwire.com

Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2013-2751, CVE-2013-2752
SHA-256 | b3eefdfb27dbf2c8f6fecde888ea1eb5e5c4319117d673b20584fe6385aacbae
Red Hat Security Advisory 2013-1452-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1452-01 - Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-5745
SHA-256 | 8918c51a4d5096f3603f0ccb0d01438f72d90b8af5cba89f0c34d75790db9bfb
Red Hat Security Advisory 2013-1451-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1451-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850
SHA-256 | 2830afe752112f60de3a3605472783ff304efaec102c0abddb10db6ca1586335
Red Hat Security Advisory 2013-1449-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1449-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled, an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel, local, info disclosure
systems | linux, redhat
advisories | CVE-2013-0343, CVE-2013-4299, CVE-2013-4345, CVE-2013-4368
SHA-256 | aace845a09644be52cb6b598679ab31730442e1c2bb5e7f17b6cee8c6a7a54ac
Red Hat Security Advisory 2013-1450-01
Posted Oct 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1450-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, denial of service, kernel, local, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2224, CVE-2013-2852, CVE-2013-4299
SHA-256 | bec42a1124d17a24babb445c0086c515568c978ad5ba4a0a9bda8deab480db7f
Debian Security Advisory 2784-1
Posted Oct 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2784-1 - Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-4396
SHA-256 | 82535cd588a62e5fc585f940c3816c00eb6aca566b9ff38c936e61a5a546ec92
Ubuntu Security Notice USN-1996-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1996-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147
SHA-256 | b0b5321c721ce6390aa2e111ac2673c1b2bf2223671959b7b7598ed25471d53f
Ubuntu Security Notice USN-1994-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1994-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2147
SHA-256 | 4ece68db30f10fd1d7fda3af2dcb83064de8a1d751b5b15cb0acc4f7b104a5e9
Ubuntu Security Notice USN-1993-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1993-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237
SHA-256 | ddaff993b996ad7f4bb575a24a8c31c6ab3dd219c1b54202bfa65d8eecdb4cff
Ubuntu Security Notice USN-1995-1
Posted Oct 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1995-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300, CVE-2013-2237, CVE-2013-2888, CVE-2013-2892, CVE-2013-2896, CVE-2013-2898, CVE-2013-2899, CVE-2013-4300
SHA-256 | 0e828e972162722656770066732a813580466305366a1309823de26dd0b6dd6d
Page 3 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close