Twenty Year Anniversary
Showing 1 - 25 of 202 RSS Feed

Files

Sierra Library Services Platform 1.2_3 XSS / Enumeration
Posted Aug 29, 2014
Authored by CAaNES

Sierra Library Services Platform version 1.2_3 suffers from cross site scripting, user enumeration, and HTTP parameter pollution vulnerabilities.

tags | advisory, web, vulnerability, xss
advisories | CVE-2014-5136, CVE-2014-5137, CVE-2014-5138
MD5 | ebc19844db449e43589f1b4ab31f2008
Gentoo Linux Security Advisory 201408-12
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6438, CVE-2014-0098, CVE-2014-0226
MD5 | 90b789d73e0b343df10f39025867cbfc
Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
MD5 | 9fc05cd1682ef7aee444653346de8eae
Gentoo Linux Security Advisory 201408-10
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-5270
MD5 | 0690da9d71007e8aefe9f21221cca72f
Gentoo Linux Security Advisory 201408-09
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-9 - Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 83ceca25a5a017c52a6e0fe384018509
Gentoo Linux Security Advisory 201408-08
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-8 - A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-7345
MD5 | 1f0060016b49cefa4a91e136bae0cb89
Ubuntu Security Notice USN-2328-1
Posted Aug 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-5119
MD5 | c3b70a29dc019a5a7000c068b0e38d4f
Red Hat Security Advisory 2014-1110-01
Posted Aug 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0475, CVE-2014-5119
MD5 | e1a981440e7e82e521660ed92023f615
Gentoo Linux Security Advisory 201408-14
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-14 - A vulnerability in stunnel might allow remote attackers to gain access to private key information. Versions less than 5.02 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-0016
MD5 | eabb0425739127271c22f9405048c411
Gentoo Linux Security Advisory 201408-13
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-13 - Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0012, CVE-2014-1402
MD5 | 3b76799dce6247a427d2aa3d2649e9c9
Aerohive Hive Manager / Hive OS Complete Fail
Posted Aug 28, 2014
Authored by Nick Freeman, Thomas Hibbert, Denis Andzakovic, Carl Purvis, Pedro Worcel, Scott Bell | Site security-assessment.com

Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.

tags | advisory, arbitrary, local, vulnerability, code execution, xss, file inclusion, file upload
MD5 | 0e50cec8ee468c9b9a606da101ef597a
Debian Security Advisory 3014-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.

tags | advisory, remote, web, denial of service
systems | linux, debian
advisories | CVE-2014-3609
MD5 | 803c58279cce2f414c42d06ed9a15a5c
Red Hat Security Advisory 2014-1103-01
Posted Aug 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
MD5 | 6d62d2c44b8a92d9875cee714c8d6e3a
Debian Security Advisory 3013-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3013-1 - Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

tags | advisory, arbitrary, python
systems | linux, debian
advisories | CVE-2014-0485
MD5 | fdede3657cbd33e95ed55a4452b59dd7
Ubuntu Security Notice USN-2327-1
Posted Aug 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3609
MD5 | a330841c3221fdfce29ea6d40ba9024f
Microsoft Security Bulletin Re-Release For August, 2014
Posted Aug 27, 2014
Site microsoft.com

This bulletin summary notes that MS14-045 has undergone a major revision increment as of August 27, 2014.

tags | advisory
MD5 | 3cd68d921c3a3941f7a7d605dd27fb89
ManageEngine EventLog Analyzer 7 Cross Site Scripting
Posted Aug 27, 2014
Authored by Rodrigo Contarino

ManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-4930
MD5 | b875bbcf8a71f0adf9610370162bd4a6
Debian Security Advisory 3012-1
Posted Aug 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-5119
MD5 | 6363b2297ea55963096a77dd08e30b72
Red Hat Security Advisory 2014-1102-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1102-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2014-3514
MD5 | bf6fb7c8d38b8139a9d171a89de31754
Red Hat Security Advisory 2014-1101-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
MD5 | d833b20ba0b8d3beffdd49cfb456405f
Encore Discovery Solution 4.3 Open Redirect / Session Token In URL
Posted Aug 27, 2014
Authored by CAaNES

Encore Discovery Solution version 4.3 suffers from an open redirect vulnerability. It also passes the session token in the URL.

tags | advisory, info disclosure
advisories | CVE-2014-5127, CVE-2014-5128
MD5 | 40fd62a4c37b237f946ca9716e9ce304
Red Hat Security Advisory 2014-1098-01
Posted Aug 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1098-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153
MD5 | 1617f346bc3f3515e3264cb0a7ccbbed
RSA Identity Management And Governance Authentication Bypass
Posted Aug 26, 2014
Site emc.com

RSA IMG systems configured with NovellIM as the authentication source may be subject to a potential authentication bypass vulnerability due to the fact that no password is required to authenticate legitimate users. A malicious user with knowledge of a valid user name can leverage this vulnerability to perform operations with the privileges of the authenticated user and potentially cause audit-attribution problems.

tags | advisory, bypass
advisories | CVE-2014-4619
MD5 | 7eb1e74417e42cb056337235926bc7f8
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | fc0fb1a5c99c50587972068ea54dd519
Debian Security Advisory 3011-1
Posted Aug 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-5241, CVE-2014-5243
MD5 | 211cac82f52906b63d45d7de433cb5cd
Page 1 of 9
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Mystery Russian Satellite's Behavior Raises Alarm In US
Posted Aug 15, 2018

tags | headline, usa, russia, space, cyberwar, spyware
Adobe Fixes Critical Code Execution Flaws In Latest Patch Update
Posted Aug 15, 2018

tags | headline, flaw, adobe, patch
Instagram Hack Is Locking Hundreds Of Users Out Of Their Accounts
Posted Aug 15, 2018

tags | headline, hacker, denial of service, password, facebook
Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses
Posted Aug 15, 2018

tags | headline, flaw, cryptography, intel
Hackers Can Edit Policy Body Cam Footage Without Anybody Noticing
Posted Aug 15, 2018

tags | headline, hacker, government
Google Tracks Users Who Turn Off Location History
Posted Aug 15, 2018

tags | headline, privacy, google, spyware
Cisco Patches Router OS Against New Crypto Attack
Posted Aug 15, 2018

tags | headline, flaw, patch, cisco, cryptography
TLS 1.3 Approved As Standard While Spies Weep
Posted Aug 15, 2018

tags | headline, privacy, cryptography
macOS Vuln Paves Way For Single Click Compromise
Posted Aug 13, 2018

tags | headline, hacker, flaw, apple, conference
Malicious Faxes Leave Firms Open To Cyber Attack
Posted Aug 13, 2018

tags | headline, hacker, flaw
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close