what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 203 RSS Feed

Files

Sierra Library Services Platform 1.2_3 XSS / Enumeration
Posted Aug 29, 2014
Authored by CAaNES

Sierra Library Services Platform version 1.2_3 suffers from cross site scripting, user enumeration, and HTTP parameter pollution vulnerabilities.

tags | advisory, web, vulnerability, xss
advisories | CVE-2014-5136, CVE-2014-5137, CVE-2014-5138
SHA-256 | a6b55b2f25753f6aa79f465b7dad177fd8822701d788d595cf90f0a72f217779
Gentoo Linux Security Advisory 201408-12
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6438, CVE-2014-0098, CVE-2014-0226
SHA-256 | 74c770647893db7bdefa7fe626d5e7a9771e8d4cd1ddee8a7bd68e3e8bb6436e
Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
SHA-256 | 603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1
Gentoo Linux Security Advisory 201408-10
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-5270
SHA-256 | dc140fe843d5ab6ab9a5998f40aeb6364054dfe18d31c18f4b8b0f7836c3a02e
Gentoo Linux Security Advisory 201408-09
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-9 - Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
SHA-256 | 9eb259c7ad52db023b5746739662027753337b7e5aa8cf8018a3c533be9cfb5b
Gentoo Linux Security Advisory 201408-08
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-8 - A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-7345
SHA-256 | 0142ad27148e5ac6699d382c815155e6f2bc50d4ef090fea10e1dcdb1eff30b8
Ubuntu Security Notice USN-2328-1
Posted Aug 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-5119
SHA-256 | ba67695dc9b003222520566f863135bb43e18212d94c36bfac54afb17dbc0f23
Red Hat Security Advisory 2014-1110-01
Posted Aug 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0475, CVE-2014-5119
SHA-256 | 546be34b84eb08e6ac3baa3ac0e66b3bfb9668ca3a749ee7e0b2cf5eb2d3a2e3
Gentoo Linux Security Advisory 201408-14
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-14 - A vulnerability in stunnel might allow remote attackers to gain access to private key information. Versions less than 5.02 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-0016
SHA-256 | d86bc9ea6dc2a2497305fc97390f67a9668550351c8f73a702c11287b7c2e7cf
Gentoo Linux Security Advisory 201408-13
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-13 - Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0012, CVE-2014-1402
SHA-256 | 45f5f1798920b592c6c3fbfb7e03ae46684a6d440f2f5afdd03f111a7ff058f6
Aerohive Hive Manager / Hive OS Complete Fail
Posted Aug 28, 2014
Authored by Nick Freeman, Thomas Hibbert, Denis Andzakovic, Carl Purvis, Pedro Worcel, Scott Bell | Site security-assessment.com

Aerohive Hive Manager (Stand-alone and Cloud) versions greater than and equal to 6.1R3 and HiveOS version 6.1R3 suffer from bypass, code execution, cross site scripting, file disclosure, local file inclusion, arbitrary file upload, missing passphrase, and password disclosure vulnerabilities.

tags | advisory, arbitrary, local, vulnerability, code execution, xss, file inclusion, file upload
SHA-256 | cda32b36ba6f19559448f8007c162ba158f4b31d35722a7b7f4a3f40b5f0e800
Debian Security Advisory 3014-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.

tags | advisory, remote, web, denial of service
systems | linux, debian
advisories | CVE-2014-3609
SHA-256 | 5e351a1d139585fb9520a9884e38270f9aa23af5afaf97f0010e61ce08fc9064
Red Hat Security Advisory 2014-1103-01
Posted Aug 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
SHA-256 | 184a842d7a169d9032e982dd7804cbf9c1439b4ed8e0214ae3b6c70cd5f0dfde
Debian Security Advisory 3013-1
Posted Aug 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3013-1 - Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

tags | advisory, arbitrary, python
systems | linux, debian
advisories | CVE-2014-0485
SHA-256 | 08ee1cc3f772b3107bc3b05694ec1d5a52965bb043eb604501975e46017a5876
Ubuntu Security Notice USN-2327-1
Posted Aug 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3609
SHA-256 | 916e29698c752224a8cbb7a9c77d542b4db061a30ba237e61be04fcc7764a84f
Microsoft Security Bulletin Re-Release For August, 2014
Posted Aug 27, 2014
Site microsoft.com

This bulletin summary notes that MS14-045 has undergone a major revision increment as of August 27, 2014.

tags | advisory
SHA-256 | 81b4c6695e127a3c88b4a69d1dce7b9431e665641f9a479bb33ffaf52b7885f8
ManageEngine EventLog Analyzer 7 Cross Site Scripting
Posted Aug 27, 2014
Authored by Rodrigo Contarino

ManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-4930
SHA-256 | 0bf36f68da768952108b58e9e72774b2bf741922f4c175919319cf299d4fe76d
Debian Security Advisory 3012-1
Posted Aug 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-5119
SHA-256 | 1fda609b5a3bc772a28814203d914f8516efd24910c2e122c8383a3dc3d5a4dd
Red Hat Security Advisory 2014-1102-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1102-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2014-3514
SHA-256 | 2cd25f0dba5c66d9dc2d6f4a7e6c235747fedffc056844c7ef6d7252249588e3
Red Hat Security Advisory 2014-1101-01
Posted Aug 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851
SHA-256 | c91898517a883dd6f082a85ce083d572bdff42dd7fb6a67daf132005f8cc8545
Encore Discovery Solution 4.3 Open Redirect / Session Token In URL
Posted Aug 27, 2014
Authored by CAaNES

Encore Discovery Solution version 4.3 suffers from an open redirect vulnerability. It also passes the session token in the URL.

tags | advisory, info disclosure
advisories | CVE-2014-5127, CVE-2014-5128
SHA-256 | e0920eb1e2d0150ca74c5e507a7c2eac753594fae2d4c3fb55d5150e27fe6b15
Red Hat Security Advisory 2014-1098-01
Posted Aug 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1098-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153
SHA-256 | 7df65a02bbc1bc5f61cae3e68e09fedb553701534ae4f7610be73e42d295d8b9
RSA Identity Management And Governance Authentication Bypass
Posted Aug 26, 2014
Site emc.com

RSA IMG systems configured with NovellIM as the authentication source may be subject to a potential authentication bypass vulnerability due to the fact that no password is required to authenticate legitimate users. A malicious user with knowledge of a valid user name can leverage this vulnerability to perform operations with the privileges of the authenticated user and potentially cause audit-attribution problems.

tags | advisory, bypass
advisories | CVE-2014-4619
SHA-256 | 7ed9817568420c9f158ee2e729151f691c893508ded59e56407c1ee1eb06110d
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffef
Debian Security Advisory 3011-1
Posted Aug 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-5241, CVE-2014-5243
SHA-256 | c093fa7246682f73827de1c6b9f5ff7e4aee631748170883f9576b67e222827d
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Sam Bankman-Fried's Sentencing Hearing Over FTX Fraud Begins Today
Posted Mar 28, 2024

tags | headline, fraud, cryptography
Sellafield To Be Prosecuted For IT Security Offenses
Posted Mar 28, 2024

tags | headline, government, britain, flaw
These 17,000 Microsoft Exchange Servers Are A Ticking Time Bomb
Posted Mar 28, 2024

tags | headline, microsoft, email, flaw
Analyse, Hunt, And Classify Malware Using .NET Metadata
Posted Mar 27, 2024

tags | headline, hacker, malware, microsoft
VPN Apps On Google Play Turn Android Devices Into Proxies
Posted Mar 27, 2024

tags | headline, privacy, phone, flaw, google
Fortinet FortiClient EMS SQL Injection Flaw Exploited In The Wild
Posted Mar 27, 2024

tags | headline, hacker, flaw
Google Reveals 0-Day Exploits In Enterprise Tech Surged 64% Last Year
Posted Mar 27, 2024

tags | headline, flaw, google, zero day
Ray AI Framework Vulnerability Exploited To Hack Hundreds Of Clusters
Posted Mar 27, 2024

tags | headline, hacker, flaw
Justice Dept Indicts 7 Accused In 14 Year Long Hack Campaign By Chinese Government
Posted Mar 26, 2024

tags | headline, hacker, government, usa, china, cyberwar, spyware, backdoor
Ransomware Can Mean Life Or Death At Hospital, But DEF CON Hackers Have A Plan
Posted Mar 26, 2024

tags | headline, hacker, malware, conference, cryptography
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close