exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 198 RSS Feed

Files

Red Hat Security Advisory 2013-1603-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1603-02 - Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file.

tags | advisory, web, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2013-4481, CVE-2013-4482
SHA-256 | 390b92c4abaa15b7e89a39f5215aff24625e8e3e48eef514bab0df512a2a6246
Red Hat Security Advisory 2013-1591-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1591-02 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config man page. These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

tags | advisory, remote, shell, protocol
systems | linux, redhat, openbsd
advisories | CVE-2010-5107
SHA-256 | a4f28ff7392407cc2b25c64fb8ce70d6d9dd9cbe74095327d51804e531223977
Red Hat Security Advisory 2013-1536-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1536-02 - Libguestfs is a library and set of tools for accessing and modifying guest disk images. It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local attacker could use this flaw to intercept and modify other user's guestfish command, allowing them to perform arbitrary guestfish actions with the privileges of a different user, or use this flaw to obtain authentication credentials.

tags | advisory, arbitrary, shell, local
systems | linux, redhat
advisories | CVE-2013-4419
SHA-256 | 2ea5dead0a2607a799545568508db440ef0819dada2e1fe26cb1ae151696e649
Debian Security Advisory 2798-2
Posted Nov 21, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2798-2 - The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour (#729965). This update disables host verification too when using the --insecure option.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4545
SHA-256 | ce1a6610897ebeb0ecc8600b5d5a1134408350f1241fe3beff51b07c1ce9e564
Drupal 6.x / 7.x PRNG / XSS / Open Redirect
Posted Nov 21, 2013
Site drupal.org

Drupal Core versions 6.x and 7.x suffer from PRNG weaknesses, cross site scripting and open redirection vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 8b71c2acab67fed36a5047f2121643a2cc7ad3f1855e24a59cd60198f53221de
Gentoo Linux Security Advisory 201311-13
Posted Nov 20, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-13 - Multiple vulnerabilities have been found in OpenVPN, allowing remote attackers to read encrypted traffic. Versions less than 2.3.1 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3555, CVE-2013-2061
SHA-256 | d2f81af3f93b9da61e7132428ea1952938c2cc2f98696e6c78aa0f34389ff15f
Gentoo Linux Security Advisory 201311-12
Posted Nov 20, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-12 - A vulnerability in Open DC Hub could result in execution of arbitrary code. Versions less than 0.8.2 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2010-1147
SHA-256 | 0639f78feef4b7766dd42b74cd9299e430c37af7bff8fced8f131c7c33e533f8
Gentoo Linux Security Advisory 201311-11
Posted Nov 20, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-11 - A stack-based buffer overflow in CTorrent might allow a remote attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.2-r1 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-1759
SHA-256 | 737368af1259f8ff95a25fe794f06dd4030a9bc406f8acbd7d38c92617b20d93
Mandriva Linux Security Advisory 2013-270
Posted Nov 20, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-270 - Multiple security issues was identified and fixed in mozilla NSPR and NSS. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
SHA-256 | 89688cb44f72d5c0610b28222e48ec4e53e14de8388bf3ba17ef5960b2f31817
Mandriva Linux Security Advisory 2013-269
Posted Nov 20, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-269 - Multiple security issues was identified and fixed in mozilla NSPR, NSS, and firefox. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues have also been addressed.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
SHA-256 | 5ff6af659aa173d788e6b24e0437553faf1a51ae5b75cb0fcc5088c05d600b14
Ubuntu Security Notice USN-2031-1
Posted Nov 20, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2031-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-2566, CVE-2013-5605, CVE-2013-5607, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607
SHA-256 | 3684065bb99c7b7f886ea12ba63ebd3fae46ae85cf46667f49f7d182e3e6f644
Drupal Entity Reference 7.x Access Bypass
Posted Nov 20, 2013
Authored by Jakob Perry | Site drupal.org

Drupal Entity Reference third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 79ec26c04814cae95cfa614ef3c9cf049782c96bcc442b5a595e09eb5d56a74d
Drupal EU Cookie Compliance 7.x CSRF
Posted Nov 20, 2013
Authored by Lode Vanstechelman | Site drupal.org

Drupal EU Cookie Compliance third party module version 7.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | c30c092d31ec22a4a89a6e7afd57a697d9bf85b456388e714e46ab976d71fbde
Drupal Organic Groups 7.x Access Bypass
Posted Nov 20, 2013
Authored by Jakob Perry, Richard Goodrow, Bruce Hoppe | Site drupal.org

Drupal Organic Groups third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 92946572ee7bab6bb347a2ad606428b2f2932f8a7baea52cf920cc0f1f180618
Drupal Invitation 7.x Access Bypass
Posted Nov 20, 2013
Authored by j1ndustry | Site drupal.org

Drupal Invitation third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 176d222c03bc1e9a7a15daf5f2ef794edc06ffc1f8f08ea0cb40c33dbcae33e5
Mandriva Linux Security Advisory 2013-268
Posted Nov 20, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-268 - A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server.

tags | advisory, shell, root
systems | linux, mandriva
advisories | CVE-2013-4495
SHA-256 | a4c6115df5d048c850bad6f088d5ab624ebf5cb3604103dc810827abac8ee136
FreeBSD Security Advisory - OpenSSH AES-GCM Memory Corruption
Posted Nov 19, 2013
Site security.freebsd.org

FreeBSD Security Advisory - A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.

tags | advisory, shell, code execution
systems | freebsd
advisories | CVE-2013-4548
SHA-256 | 878536e73df64b2ee9e3165866803aec2f9d6c286c5bb0c627ff2c9aed8e06fe
Mandriva Linux Security Advisory 2013-267
Posted Nov 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-267 - Updated java-1.7.0-openjdk packages fix security vulnerabilities. Multiple input checking flaws were found in the 2D component native image parsing code. Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. Various other issues have also been addressed.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850
SHA-256 | 8b32231f3be824fc65edd36c6c741a539c6f8764b9f0b2df3642c98ec0f554d7
EMC Document Sciences xPression XSS / CSRF / Redirect / SQL Injection
Posted Nov 19, 2013
Authored by Sertan Kolat, Omer Coskun | Site emc.com

EMC Document Sciences xPression suffers from cross site request forgery, cross site scripting, remote SQL injection, open redirect, and directory traversal vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177
SHA-256 | e9ad599fa7aadd0343497f514a3525982b44b99c5dceb2b4c2ce1bfed295fcc7
Slackware Security Advisory - seamonkey Updates
Posted Nov 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | a3301a042bc8d951719327c15f57d7d9ef9ae27d0ca6bb827933869ea6a87b72
Slackware Security Advisory - samba Updates
Posted Nov 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Related CVE Numbers: CVE-2013-4475,CVE-2013-4476.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4475, CVE-2013-4476
SHA-256 | 6077253fad54c06ed812c11cc13d9cb3628acec4c093751ec33306900bdd44f0
Mandriva Linux Security Advisory 2013-266
Posted Nov 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-266 - Updated java-1.6.0-openjdk packages fix security vulnerabilities. Multiple input checking flaws were found in the 2D component native image parsing code. Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. Various other issues were also addressed.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850
SHA-256 | 80f00ff11dce05f1425ec1702654ef4d49baaf3e1c0ad1a7b758127c08efd279
Slackware Security Advisory - openssh Updates
Posted Nov 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssh packages are available for Slackware 14.1 and -current to fix a security issue. Related CVE Numbers: CVE-2013-4548.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4548
SHA-256 | 0ec99ec21c4e670141a83c9c5c98eeacd33c86ad07dc08457b0a9ce52e6e078b
Slackware Security Advisory - mozilla-firefox Updates
Posted Nov 19, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 9664ec4fa4f868a394369a03400a8bfe78ad9682a2d514267d32851202799dd8
Gentoo Linux Security Advisory 201311-10
Posted Nov 19, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-10 - Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions prior to 1.3.18 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1097, CVE-2009-1882, CVE-2009-3736, CVE-2013-4589
SHA-256 | e0c124eaa158477a4b9518946b776b08c9ff20ff126ef0c29d0bd17f28158e99
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close