Exploit the possiblities
Showing 1 - 25 of 190 RSS Feed

Files

Debian Security Advisory 2830-1
Posted Dec 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2830-1 - Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package.

tags | advisory, xss, ruby
systems | linux, debian
advisories | CVE-2013-4492
MD5 | 6760ec0359de3d5742f5db2eed25394f
HP Security Bulletin HPSBMU02959
Posted Dec 31, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02959 - Potential security vulnerabilities have been identified with HP Service Manager WebTier and Windows Client. The vulnerabilities could be remotely exploited including cross-site scripting (XSS) and execution of arbitrary code. Note: The HP Service Manager WebTier and Windows Client resolutions below include updated Oracle JRE7 that addresses security issues in that component. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability, xss
systems | windows
advisories | CVE-2013-6197, CVE-2013-6198
MD5 | 29da3e7e276dc66a8d673d9b94be5c2c
Adobe Flash 11.9.900.152 / 11.9.900.170 Denial Of Service
Posted Dec 31, 2013
Authored by MustLive

Adobe Flash versions 11.9.900.152 and 11.9.900.170 suffer from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | 230066c7d96372a14735084efe0985da
Debian Security Advisory 2829-1
Posted Dec 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2829-1 - Multiple vulnerabilities have been found in the HP Linux Printing and in PackageKit and the insecure hp-upgrade service has been disabled.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-0200, CVE-2013-4325, CVE-2013-6402, CVE-2013-6427
MD5 | 6caf6e5a66d89f4c313dbee4aa8cce43
Debian Security Advisory 2828-1
Posted Dec 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2828-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation.

tags | advisory, vulnerability, code execution
systems | linux, debian
advisories | CVE-2013-6385, CVE-2013-6386
MD5 | b9051b551387ee554a124f54c5772677
Gentoo Linux Security Advisory 201312-16
Posted Dec 28, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-16 - A vulnerability in Xfig could result in execution of arbitrary code or Denial of Service. Versions less than 3.2.5b-r1 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2010-4262
MD5 | aa2d76566e3c3a6916d0cd7e15527b2c
Mandriva Linux Security Advisory 2013-302
Posted Dec 26, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-302 - Bryan Quigley discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-6425
MD5 | fd64870aa82044c4b4d525f204cc6bcd
EMC Replication Manager Unquoted File Path Enumeration
Posted Dec 24, 2013
Site emc.com

EMC Replication Manager allows a user to create scripts with unquoted element such as whitespace or other separators. This may allow local malicious users to access resources in a parent path and execute them. EMC Replication Manager versions prior to 5.5 are affected.

tags | advisory, local
advisories | CVE-2013-6182
MD5 | ec28a1d330fad5f08556140b430a8b9c
EMC Watch4net Information Disclosure
Posted Dec 24, 2013
Site emc.com

EMC Watch4Net stores passwords of devices polled during monitoring in clear text in Watch4Net installation repository. This could allow a malicious user with access to Watch4Net installation repository to view those passwords. EMC Watch4Net versions prior to 6.3 are affected.

tags | advisory
advisories | CVE-2013-6181
MD5 | 4ec9e87081c4f0d014174584db14531c
Debian Security Advisory 2827-1
Posted Dec 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2827-1 - It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process.

tags | advisory, remote, web, arbitrary, file upload
systems | linux, debian
advisories | CVE-2013-2186
MD5 | edac1f08fbe8454dc071fb62f6557be3
Gentoo Linux Security Advisory 201312-15
Posted Dec 24, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-15 - A vulnerability has been found in Tinyproxy, allows remote attackers to cause a Denial of Service condition. Versions less than 1.8.3-r3 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2012-3505
MD5 | 288b8038edfaae17e07e2737d31e0ae8
VMware Security Advisory 2013-0016
Posted Dec 23, 2013
Authored by VMware | Site vmware.com

VMware Security Advisory 2013-0016 - VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege “Add Existing Disk" to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot.

tags | advisory, arbitrary, local, code execution
advisories | CVE-2013-5973
MD5 | f235de8b15df97d4050dafe7867aba5b
Mandriva Linux Security Advisory 2013-301
Posted Dec 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-301 - Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozillas root store, was loaded into a man-in-the-middle traffic management device. This certificate was issued by Agence nationale de la scurit des systmes d'information , an agency of the French government and a certificate authority in Mozilla's root program. A subordinate certificate authority of ANSSI mis-issued an intermediate certificate that they installed on a network monitoring device, which enabled the device to act as a MITM proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The issue was not specific to Firefox but there was evidence that one of the certificates was used for MITM traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking trust in the intermediate used by the sub-CA to issue the certificate for the MITM device. The NSS packages has been upgraded to the 3.15.3.1 version which is unaffected by this security flaw. Additionally the rootcerts packages has been upgraded with the latest certdata.txt file as of 2013/12/04 from mozilla.

tags | advisory, root
systems | linux, mandriva
MD5 | 5abad57e0016ad2012e849cafbdeb950
Mandriva Linux Security Advisory 2013-300
Posted Dec 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-300 - Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service via a 16-bit SMS message. The updated packages has been upgraded to the 11.7.0 version which resolves various upstream bugs and is not vulnerable to this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-7100
MD5 | 2d6b6dca46883bfb2dbc2de73e4ea305
Debian Security Advisory 2826-1
Posted Dec 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2826-1 - Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses.

tags | advisory, remote, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2013-6890
MD5 | 84a82f7aad72e4e571ee6a3943d23360
Mandriva Linux Security Advisory 2013-299
Posted Dec 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-299 - The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. The updated packages has been upgraded to the 3.6.22 version which resolves various upstream bugs and is not vulnerable to these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-6150, CVE-2013-4408
MD5 | d8afd9b72497c1414e548a4f7fe44d94
Slackware Security Advisory - gnupg Updates
Posted Dec 23, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4576
MD5 | 8fa1ea5880d65b8dd963324e318e1f74
Ubuntu Security Notice USN-2063-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2063-1 - It was discovered that an intermediate certificate was incorrectly issued by a subordinate certificate authority of a trusted CA included in NSS. This intermediate certificate could be used in a man-in-the-middle attack, and has such been marked as untrusted in this update.

tags | advisory
systems | linux, ubuntu
MD5 | af48f1c80556b91e11850ccff4f11db8
Mandriva Linux Security Advisory 2013-298
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-298 - The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate that is not properly handled by the openssl_x509_parse function. The updated packages have been upgraded to the 5.3.28 version which is not vulnerable to this issue. Additionally, some packages which requires so has been rebuilt for php-5.3.28.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, mandriva
advisories | CVE-2013-6420
MD5 | cb859dace563529b36f141520a646272
Debian Security Advisory 2825-1
Posted Dec 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2825-1 - Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-7113, CVE-2013-7114
MD5 | e35a3cd7df5d403acafdb47f03c4d4c1
Mandriva Linux Security Advisory 2013-297
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-297 - The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master. A malicious node, with a plugin enabled using multigraph as a multigraph service name, can abort data collection for the entire node the plugin runs on.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6048, CVE-2013-6359
MD5 | 3959761842ae6f7f66128bfe6f6e8ad1
Mandriva Linux Security Advisory 2013-296
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-296 - The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service via a crafted packet. Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service via a long domain name in a packet. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-7112, CVE-2013-7114
MD5 | eea83e2136e4d1095d5f39e75c12c435
Red Hat Security Advisory 2013-1869-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1869-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-6425
MD5 | 1b9fca88f19613a0754509a6535adc27
Red Hat Security Advisory 2013-1868-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1868-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-6424
MD5 | 90fb4a36d157682e8b65d94444a58fcf
Ubuntu Security Notice USN-2062-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2062-1 - Chris Chapman discovered cross-site scripting (XSS) vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting (XSS) attacks against users viewing these pages in order to modify the contents or steal confidential data within the same domain.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-6858
MD5 | 861ad64c1cd1debed25104b680a88859
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close