exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 223 RSS Feed

Files

Red Hat Security Advisory 2014-0212-01
Posted Feb 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0212-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2172, CVE-2013-4152
SHA-256 | 083d0305dc9b69b6fb620edee0c12f90b0c62b6152a1739f807e78fc9c42146c
Ubuntu Security Notice USN-2121-1
Posted Feb 26, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2121-1 - Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-1959
SHA-256 | e31472c1008f49db136961e116376c9d6245bcd51804c58ec233ad40a1dc16b3
HP Security Bulletin HPSBMU02971
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02971 - A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure. Revision 1 of this advisory.

tags | advisory, remote, web, info disclosure
advisories | CVE-2013-6203, CVE-2013-6204
SHA-256 | 7fa114f44e68956bc8ed3ff8e81ed51edc85fcef8252cb59af1e782d0de5c135
Apache Tomcat Information Disclosure Via XXE
Posted Feb 26, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability via XXE when running untrusted web applications.

tags | advisory, web, info disclosure, xxe
advisories | CVE-2013-4590
SHA-256 | e5038c902c4a597115e468b2cd9304969026597458d6fd3280891c6e2c2d59df
Red Hat Security Advisory 2014-0211-01
Posted Feb 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0211-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
SHA-256 | b42104045524c5b6c7136d8eb51782dbe945f7f2d689f9496c733b7271a311ba
Apache Tomcat Denial Of Service
Posted Feb 26, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from a denial of service vulnerability due to an incomplete fix for CVE-2012-3544.

tags | advisory, denial of service
advisories | CVE-2012-3544, CVE-2013-4322
SHA-256 | 8ac3ea938f07d2896bed13e92312af0a063d45b0633a23f122e4629acf2c3085
HP Security Bulletin HPSBST02937
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02937 - A potential security vulnerability has been identified with HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly known as HP LeftHand Virtual SAN Appliance) dbd_manager. The vulnerability could be remotely exploited resulting in execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2013-4841
SHA-256 | a65650fb55a317acafa21e8f72f0a1f4fada511dee733a20476db56dbb334434
Apache Tomcat Session Fixation
Posted Feb 25, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 6.0.33 through 6.0.37 suffer from a session fixation vulnerability.

tags | advisory
advisories | CVE-2014-0033
SHA-256 | 36ba52ce6c47d3e65da9ef3538ecc03acfbac6781df236369fa3d9cf1cbe32e3
Apache Tomcat Information Disclosure
Posted Feb 25, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1, 7.0.0 through 7.0.42, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability due to an incomplete fix for CVE-2005-2090.

tags | advisory, info disclosure
advisories | CVE-2005-2090, CVE-2013-4286
SHA-256 | 85aca72a0ab50801bdc11f8b35cd76f7c8566b582f96d36c721332941fd2bdcc
IO File Manager 2.0.5 Path Traversal
Posted Feb 25, 2014
Authored by Keith Makan

IO File Manager version 2.0.5 suffers from a path traversal vulnerability.

tags | advisory, file inclusion
SHA-256 | 0cfee755a5b538954bca4d085dca80c9d4c553ed657879443b0b2b5db33e2aa0
Microsoft Server 2008 Denial Of Service
Posted Feb 25, 2014
Authored by Pedro Luis Karrasquillo

There is a minor bug on the Microsoft Server 2008 DNS service that responds with the list of all root servers when queried for non-authoritative domains, even when recursion is set to OFF. This allows a malicious party to spoof the source ip on a udp DNS request to any Microsoft Server 2008 DNS and elicit a 533 byte response to a victim, making the server a contributor to coordinated distributed denial of service attacks. The response contains the default list of root DNS servers.

tags | advisory, denial of service, root, udp, spoof
SHA-256 | 3ab734fcb865afbabdc1004a74625865444aad1020e90004c4aa22a1133b0f2a
Red Hat Security Advisory 2014-0206-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0206-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon performed reference counting when using the rwm overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2013-4449
SHA-256 | 9c689b3ebd6223f8dbf725d5945bc082153a9b46734afbac8556f3e603864fd4
Red Hat Security Advisory 2014-0207-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0207-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-4287
SHA-256 | b6fc9c49b408a54729b4c85557930045fbbf125f724779636954247247d8f72d
Red Hat Security Advisory 2014-0205-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0205-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
SHA-256 | 476cc57ac7d2a60a70463bd1508b65b17563cc85cab064c2e1c8b1038f6f9dd7
HP Security Bulletin HPSBMU02964
Posted Feb 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02964 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, xss, csrf
advisories | CVE-2013-1493, CVE-2013-2067, CVE-2013-6202
SHA-256 | c063f157a63c0bae841f9ebeda8031d30b8036d3ba7f4f41bb8a0666b7788340
Apple Security Advisory 2014-02-21-1
Posted Feb 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-21-1 - iOS 6.1.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

tags | advisory
systems | apple, ios
advisories | CVE-2014-1266
SHA-256 | 5ff242039ba1164c5154f5b9eca7a76ae9b70fea05b0d0ef8d9136918a22e3f7
Red Hat Security Advisory 2014-0204-01
Posted Feb 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0204-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
SHA-256 | b67208dcdf210c09e5b4aed78b79095618e66ddc70d9229c3e0746396ac3abdb
Apple Security Advisory 2014-02-21-3
Posted Feb 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-21-3 - Apple TV 6.0.2 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

tags | advisory
systems | apple
advisories | CVE-2014-1266
SHA-256 | dd231ddc63d5bd4e78ec35443cb800485be3539a4ef4d9b0848ea0b76b742225
Debian Security Advisory 2867-1
Posted Feb 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2867-1 - Several vulnerabilities were discovered in otrs2, the Open Ticket Request System.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1471, CVE-2014-1694
SHA-256 | add38397d641158072ed0535ee9bae0d24e191990da4d7231da74ebcb6e627d6
Ubuntu Security Notice USN-2120-1
Posted Feb 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2120-1 - Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066
SHA-256 | 039ef81162af14d534e58d3e4c726daecdff46174ce77ce12a5dd6bd5a3dade4
Debian Security Advisory 2866-1
Posted Feb 22, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2866-1 - Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1959
SHA-256 | 267bbb9a2b3339b537b0cb41a2ddf6033c2c06e9019ecfde71c400bd8e04dd45
Slackware Security Advisory - gnutls Updates
Posted Feb 22, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-1959
SHA-256 | b1bcf86b50f13945e4651ed0ce9e77e77e5768f77e86c3da6c298710f5d17100
Red Hat Security Advisory 2014-0196-01
Posted Feb 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0196-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0498, CVE-2014-0499, CVE-2014-0502
SHA-256 | 03252ceafb915633f418a58306c46d3c67d076e73055b5e2d6fc69c4a5d1415c
Mandriva Linux Security Advisory 2014-047
Posted Feb 22, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-047 - Multiple vulnerabilities has been discovered and corrected in postgresql. Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. Various other issues have also been addressed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067
SHA-256 | c056bd5ca9b35038413312e652959f8070f5e5ff57a1435e0827ea375cacaa0a
Gentoo Linux Security Advisory 201402-26
Posted Feb 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-26 - Multiple vulnerabilities have been found in libssh, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.5.3 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562, CVE-2012-6063
SHA-256 | 54bc1c3293e955ccb3036adb8153e9f984fd1924bbf3e67b7588d7e7d05af3f8
Page 2 of 9
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close