Exploit the possiblities
Showing 1 - 25 of 231 RSS Feed

Files

Red Hat Security Advisory 2014-0448-01
Posted Apr 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0448-01 - Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
MD5 | eeb3c82493f0f6f4adfcb521cf2b33f3
Red Hat Security Advisory 2014-0447-01
Posted Apr 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0447-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-0515
MD5 | 5c8f0d1c55094787c5986f1f9f636164
Struts 1 ClassLoader Manipulation
Posted Apr 29, 2014
Authored by Rene Gielen | Site struts.apache.org

Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.

tags | advisory
advisories | CVE-2014-0114
MD5 | 51bfefc7623fa8972b16f2416ca2ad29
HP Security Bulletin HPSBMU03020 2
Posted Apr 29, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03020 2 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
MD5 | c121f7b62fd2913cabe25cc2ecdcae5e
Ubuntu Security Notice USN-2185-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2185-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
MD5 | 7bebc044b3d716ef3d5746ff8fb59bd0
Ubuntu Security Notice USN-2184-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2184-1 - Frederic Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session.

tags | advisory, local
systems | linux, ubuntu
MD5 | 02967c10b021ac963a0d5b953d4628d9
SAP BusinessObjects InfoView Cross Site Scripting
Posted Apr 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
MD5 | e7cfd970ff9045845b2fdab329187329
SAP BASIS Missing Authorization Check
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - SAP BASIS suffers from a missing authorization check. SAP Netweaver ABAP Application Server is affected.

tags | advisory
MD5 | 08aba0292ad0cd72b3c7184e63334d04
SAP NW Portal WD Information Disclosure
Posted Apr 29, 2014
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - It has been detected that some functionality of the affected webdynpro displays all the SAP systems that are registered on the SLD without requiring username or password. This situation will bring valuable information to an attacker to plan a more complex attack over the SAP environment. SAP Netweaver Java Application Server is affected.

tags | advisory, java
MD5 | 1685a904c8138ef95ff27aa8e27e4eee
SAP Profile Maintenance Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.

tags | advisory
MD5 | 860e252e5719dddb9aef9bf61ee472fe
SAP Background Processing RFC Missing Authorization
Posted Apr 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.

tags | advisory, remote
MD5 | 97299c20a11ae86f6f1d45c826fd0513
Red Hat Security Advisory 2014-0442-01
Posted Apr 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0442-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-0105
MD5 | 8a92db657a8bcc87dfa39c2aeee560e2
HP Security Bulletin HPSBUX02963 SSRT101297 2
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02963 SSRT101297 2 - A potential security vulnerability has been identified with HP-UX's m4(1) macro processor command. The vulnerability could be exploited locally resulting in unauthorized access. Revision 2 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2013-6200
MD5 | a62e02e75f94bf8703a8dbb200d24be1
SAP Software Lifecycle Manager Information Disclosure
Posted Apr 28, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.

tags | advisory, info disclosure
MD5 | d4e40349eeb166e5f859efe555dd0504
HP Security Bulletin HPSBMU03022
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 4d3ef57ac566c5a7846a91baacf637cf
HP Security Bulletin HPSBMU03025
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03025 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
MD5 | 201463def39c7c336a218473d5037c0d
HP Security Bulletin HPSBGN03010 2
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03010 2 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
MD5 | 22d5d197aa513e000fc71b5d8ef57b14
HP Security Bulletin HPSBMU02995 6
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02995 6 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol.

tags | advisory, protocol
advisories | CVE-2014-0160
MD5 | 522c307907695f5dcc9f2dee3242ae9f
Debian Security Advisory 2917-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2917-1 - John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.

tags | advisory, kernel, local
systems | linux, debian
advisories | CVE-2014-0470
MD5 | 320e5603e9aa379451e7fdaea7931444
Debian Security Advisory 2916-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2916-1 - Alex Chapman discovered that a buffer overflow in processing "MMS over HTTP" messages could result in the execution of arbitrary code.

tags | advisory, web, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-2892
MD5 | e196a8835c06897566562377041a6b17
Debian Security Advisory 2915-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2915-1 - Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0471
MD5 | 3b8d8b2d4de70d821d767d01552e4214
Red Hat Security Advisory 2014-0441-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0441-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2013-6445
MD5 | f9c88a8e01cd464a825a0138713ca5a1
Red Hat Security Advisory 2014-0440-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0440-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6619, CVE-2013-6445
MD5 | ba089f2b100c2e36b9f79a50d0fcbf3f
Red Hat Security Advisory 2014-0439-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0439-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, redhat
advisories | CVE-2013-7263, CVE-2013-7265, CVE-2014-0069, CVE-2014-1438, CVE-2014-1690, CVE-2014-1874, CVE-2014-2309, CVE-2014-2523
MD5 | ac07ee1af1a7b13769db2b4b3154d678
Debian Security Advisory 2913-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2913-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2014-2983
MD5 | bda7ab0872ae4fd5ea529e88d678714f
Page 1 of 10
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Germany Urges Parents To Destroy Snooping Smartwatches
Posted Nov 20, 2017

tags | headline, privacy, germany
Drone Maker Makes Hacking Accusations
Posted Nov 20, 2017

tags | headline, hacker, flaw
DNS Resolver 9.9.9.9 Will Check Requests Against IBM Threat Database
Posted Nov 20, 2017

tags | headline, malware, dns
F5 DROWNing, Not Waving, In Crypto Fail
Posted Nov 20, 2017

tags | headline, flaw, cryptography
Cap'n Crunch Booted From Conferences Due To Sexual Misconduct Claims
Posted Nov 18, 2017

tags | headline, hacker, phone, conference
3 More Android Malware Families Invade Google Play Store
Posted Nov 18, 2017

tags | headline, malware, phone, google
Shamed TLS/SSL Cert Authority StartCom To Shut Up Shop
Posted Nov 18, 2017

tags | headline, privacy, data loss, flaw, cryptography
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets
Posted Nov 18, 2017

tags | headline, government, privacy, usa, amazon, data loss, flaw, spyware, social
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close