what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 218 RSS Feed

Files

Red Hat Security Advisory 2014-0994-01
Posted Jul 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0994-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3476, CVE-2014-3520
SHA-256 | 949f06302ebdd15da42d9c4bdee91521c3c370bd2d54ff6ea4bcf79a5f68e7ed
Ubuntu Security Notice USN-2304-1
Posted Jul 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2304-1 - It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5033
SHA-256 | 7c89b70af19ac1649bedc4af2973ae7a0695ffbea57fdb9ce67c26a5df6ad153
Ubuntu Security Notice USN-2303-1
Posted Jul 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2303-1 - It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | eb7b8a8bb6ab99c23cd914fc4c3a266681936599f391e8324b01f671abd6a2a2
Mandriva Linux Security Advisory 2014-144
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-144 - The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or server.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
SHA-256 | 53dd71b46de909c852986127d7647538e45baf8456c5132bc8658a346d36743a
Mandriva Linux Security Advisory 2014-143
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-143 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin. Cross-site scripting vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. Cross-site scripting vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Multiple cross-site scripting vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted column name that is improperly handled during construction of an AJAX confirmation message. server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2014-4954, CVE-2014-4955, CVE-2014-4986, CVE-2014-4987
SHA-256 | b2f6ad263b0fb7a8fe5141ff3b59e1af4f3a8645dc84d6ed7677a33d39f72eae
Mandriva Linux Security Advisory 2014-142
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-142 - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.

tags | advisory, remote, denial of service, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
SHA-256 | 6643c25c7b920a477f9ecad591516b72e4c07aed6b35d1aaad3b6ab25aeab395
HP Security Bulletin HPSBMU03078
Posted Jul 30, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03078 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 5d6e7f71334eb28a670d0f277f242ae20b0a2096b54f07c19dcf6c90772314f2
Debian Security Advisory 2992-1
Posted Jul 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3534, CVE-2014-4667, CVE-2014-4943
SHA-256 | b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557
Ubuntu Security Notice USN-2302-1
Posted Jul 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2302-1 - David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099
SHA-256 | 189666d0fdd5b8688f20b755f3d2d041a8e8b55574843f3c4d5cef703fe3b976
Mandriva Linux Security Advisory 2014-140
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-140 - Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs.

tags | advisory
systems | linux, mandriva
SHA-256 | 367ab066b22696b50ca46161ca38e28db8f30f3ee2f7ccdcce8b90c7d3e63a18
Mandriva Linux Security Advisory 2014-141
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-141 - It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions ,. Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. The Diffie-Hellman key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. This update is based on IcedTea version 2.5.1, which fixes these issues, as well as several others.

tags | advisory, java, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
SHA-256 | 410a89a0f8916dd51868002b877ca25334db121005a195e78ff78eaf6e2697fd
Mandriva Linux Security Advisory 2014-139
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1544
SHA-256 | 3d98eba8862e8bda7926d387ee30decd2d5596f62890e780121cd4d4a07565da
SAP Netweaver Business Warehouse Missing Authorization
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.

tags | advisory, remote
SHA-256 | 51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80a
SAP HANA XS Administration Tool Cross Site Scripting
Posted Jul 29, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

tags | advisory
SHA-256 | c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfd
SAP FI Manager Self-Service Hardcoded Username
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.

tags | advisory
SHA-256 | 6af964bfb323ace71af49db49e9c09318bd3bd26ffd097eee87a3bcf28af33bb
SAP_JTECHS HTTP Verb Tampering
Posted Jul 29, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.

tags | advisory, remote, web
SHA-256 | 6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75
SAP HANA IU5 SDK Authentication Bypass
Posted Jul 29, 2014
Authored by Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.

tags | advisory
SHA-256 | 012319929550f40aff45210c9e107a59b2e67cadbe0eba2ea67d08b03dc14274
SAP HANA XS Missing Encryption
Posted Jul 29, 2014
Authored by Manuel Muradas, Sergio Abraham | Site onapsis.com

Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.

tags | advisory
SHA-256 | 3c59882224f4e683e1189c962e0c8f1e472ad02e008d6bd4c6be59028fba9d6b
Siemens SIMATIC WinCC Privilege Escalation
Posted Jul 29, 2014
Authored by Siemens ProductCERT | Site siemens.com

Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2014-4682, CVE-2014-4683, CVE-2014-4684, CVE-2014-4685, CVE-2014-4686
SHA-256 | 7b2386094198c589bb175e6f6352b3527830abc474c16d1dbe09639309362020
Red Hat Security Advisory 2014-0981-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0981-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145
SHA-256 | de80732b0357d6b9f6be6f8c9e7da59e5a32c6ff3a767b3625c79cfd20dbec82
Red Hat Security Advisory 2014-0979-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0979-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange parameters. This could possibly lead to weak encryption being used in communication between the client and the server.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-1491
SHA-256 | 7e472af39243b2111c21f2041f546e46ac85697a4ad1633bc4b0836a92c7ee63
Red Hat Security Advisory 2014-0982-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0982-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429
SHA-256 | b4ddf444c5203044fecdf2fbe1d797919572413a3765151f718ef34faded1004
HP Security Bulletin HPSBGN02936
Posted Jul 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02936 - A potential security vulnerability has been identified with HP and H3C VPN Firewall Module Products. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-4840
SHA-256 | edff2d81ce7184365529aef787166593faca72b38d334fdef41d69d33eb4d493
Parallels Tools 9.0 Privilege Escalation
Posted Jul 28, 2014
Authored by Anastasios Monachos

Parallels Tools version 9.0 for Windows suffers from an unquoted search path local privilege escalation vulnerability.

tags | advisory, local
systems | windows
SHA-256 | 4ac561e0a8ae43976d960ffd7ca304c4850b8d9c8ae4062502ad7e6f64ca3b20
Web Encryption Extension Authentication Bypass
Posted Jul 28, 2014
Authored by Ralf Senderek

Web Encryption Extension (WEE) suffers from an authentication bypass vulnerability.

tags | advisory, web, bypass
SHA-256 | d5595fa91a8fa0538252e28f43e88473d0efbfa67e816fb5451770506195f0b3
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Sam Bankman-Fried's Sentencing Hearing Over FTX Fraud Begins Today
Posted Mar 28, 2024

tags | headline, fraud, cryptography
Sellafield To Be Prosecuted For IT Security Offenses
Posted Mar 28, 2024

tags | headline, government, britain, flaw
These 17,000 Microsoft Exchange Servers Are A Ticking Time Bomb
Posted Mar 28, 2024

tags | headline, microsoft, email, flaw
Analyse, Hunt, And Classify Malware Using .NET Metadata
Posted Mar 27, 2024

tags | headline, hacker, malware, microsoft
VPN Apps On Google Play Turn Android Devices Into Proxies
Posted Mar 27, 2024

tags | headline, privacy, phone, flaw, google
Fortinet FortiClient EMS SQL Injection Flaw Exploited In The Wild
Posted Mar 27, 2024

tags | headline, hacker, flaw
Google Reveals 0-Day Exploits In Enterprise Tech Surged 64% Last Year
Posted Mar 27, 2024

tags | headline, flaw, google, zero day
Ray AI Framework Vulnerability Exploited To Hack Hundreds Of Clusters
Posted Mar 27, 2024

tags | headline, hacker, flaw
Justice Dept Indicts 7 Accused In 14 Year Long Hack Campaign By Chinese Government
Posted Mar 26, 2024

tags | headline, hacker, government, usa, china, cyberwar, spyware, backdoor
Ransomware Can Mean Life Or Death At Hospital, But DEF CON Hackers Have A Plan
Posted Mar 26, 2024

tags | headline, hacker, malware, conference, cryptography
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close