exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 237 RSS Feed

Files

Scalix Web Access 11.4.6.12377 / 12.2.0.14697 XXE Injection / XSS
Posted Oct 31, 2014
Authored by A. Kolmann, R. Giruckas | Site sec-consult.com

Scalix Web Access versions 11.4.6.12377 and 12.2.0.14697 suffer from cross site scripting and XXE injection vulnerabilities.

tags | advisory, web, vulnerability, xss, xxe
SHA-256 | 06005f4468db5341e14d28b6675844085a2d7dcf7832f80cd854ed5ae0b5f8e6
HP Security Bulletin HPSBUX03162 SSRT101767
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 6652a13d7c69ae6a2897c9474ac902a1366196ab08a094e82c693ce4abdb973b
HP Security Bulletin HPSBPI03147
Posted Oct 31, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03147 - A potential security vulnerability has been identified with certain HP Color LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to data or to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-7875
SHA-256 | 3253f74b9dfbfd88385a7efd4013942b78451133375742ae039538ac8dc7514b
Ubuntu Security Notice USN-2396-1
Posted Oct 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2396-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647
SHA-256 | 1d4a66fe54824b3a2195cd038c40ef51592bd26fe3b58cb42617177ebcf73bf4
Debian Security Advisory 3060-1
Posted Oct 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3060-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-7207
SHA-256 | 0afeb11e0e11425c8fc0a72b1d9c7150c102cb8b37d56b7e26245c2aa0015544
HP Security Bulletin HPSBUX03159 SSRT101785 2
Posted Oct 30, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03159 SSRT101785 2 - A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 2 of this advisory.

tags | advisory, denial of service, kernel, local
systems | hpux
advisories | CVE-2014-7877
SHA-256 | d592e404a9df52626f4d4ac8d77c7964bbc612c53b35818dcd8dabdda25cda59
Red Hat Security Advisory 2014-1767-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1767-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
SHA-256 | 78b1201f69c5e999cdf1289682b98e77d68dc3cbb298213c7a3dd20d1b464f94
Red Hat Security Advisory 2014-1768-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1768-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
SHA-256 | 71a5ac727d78f68fe7e70cd4f0164845733dc36f0d7b98bf3edfbee37f295efb
Red Hat Security Advisory 2014-1766-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1766-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
SHA-256 | c3530e2eb3a2547c8de58c72a285a5c384c312184ea908e8519aa2069c9d6a3a
Red Hat Security Advisory 2014-1765-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6712, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
SHA-256 | 362757b3bfd3a6b631b51131cc90b35f3677fc1a047df1d9dd2a1a227704367b
Red Hat Security Advisory 2014-1764-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1764-01 - The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally.

tags | advisory, web, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-4877
SHA-256 | d36bbbede02f913b084b4361c228e65d7ef334e4d5f06eccc25479f06659a9ba
Red Hat Security Advisory 2014-1762-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1762-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. Stored and reflected cross-site scripting flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2014-3654
SHA-256 | 02a101d80c33b14f3940a3a404d2336555f32306ccd6090ed51d43d57b679580
Red Hat Security Advisory 2014-1763-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1763-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2014-0205, CVE-2014-5077
SHA-256 | d11690383c89e9c75a248988ea658d63fe0dc12f7c3772b59090ce8623debdc3
Ubuntu Security Notice USN-2395-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2395-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647, CVE-2014-7145
SHA-256 | cbe5adeb256340729c24722da0132420fbce771084cef02f02569fc8720c64cd
Ubuntu Security Notice USN-2394-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2394-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647, CVE-2014-7145
SHA-256 | 8f5ed0f7e7e1843a5ee309f342ca16e238c19172360ab78300a22bde4e498b02
Ubuntu Security Notice USN-2393-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2393-1 - HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2014-4877
SHA-256 | be489e5ed4b4f1ef450838f84b3ff51fa70f4752a4054d60cc9e25f0142d6f2c
Slackware Security Advisory - wget Updates
Posted Oct 30, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-4877
SHA-256 | 23a5b34c8621b180b34363b354480359e81aa737a51689af40b6b5bb9c2bbc39
Ubuntu Security Notice USN-2392-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2392-1 - It was discovered that systemd-shim incorrectly shipped with a debugging clause enabled. A local attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-8399
SHA-256 | 36c407f08860cd7138dc1328699e8450fdc374f306709d6161f2b20b068f42fc
Debian Security Advisory 3059-1
Posted Oct 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3059-1 - Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-8761, CVE-2014-8762, CVE-2014-8763, CVE-2014-8764
SHA-256 | a881ccb2698541b47ef309514396dc2db9a8f3327d0d875491da6937ad99f6b8
Red Hat Security Advisory 2014-1744-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1744-01 - V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8.

tags | advisory, remote, overflow, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704, CVE-2014-5256
SHA-256 | e802520edef60024e56d1cd85e5ac99fc243bce62e6c6b92b128f61cf6d76168
Ubuntu Security Notice USN-2391-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2391-1 - Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
SHA-256 | d573f5bd6e6dca5b43238cf2e360788cb9a1ff269aef4f15414eceaf135e4d06
Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection
Posted Oct 29, 2014
Authored by Alexander Antukh, A. Baranov | Site sec-consult.com

Vizensoft admin panel suffers from authentication bypass, cross site scripting, remote shell upload, source code disclosure, missing password policy, and remote SQL injection vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss, sql injection
SHA-256 | 86c3d3136a47777dab5048f2131cfc777d265bca2bea04ee8b5d79dbaa6551d9
Mandriva Linux Security Advisory 2014-212
Posted Oct 29, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-212 - Wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP. The default settings in wget have been changed such that wget no longer creates local symbolic links, but rather traverses them and retrieves the pointed-to file in such a retrieval. The old behaviour can be attained by passing the --retr-symlinks=no option to the wget command.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-4877
SHA-256 | bf0915948536e4eaf028020281ada0528221b6ad662a3169b50ade6d2b53bef7
ASUS Router Man-In-The-Middle
Posted Oct 29, 2014
Authored by David Longenecker

ASUS wireless router updates are vulnerable to a man-in-the-middle attack.

tags | advisory
advisories | CVE-2014-2718
SHA-256 | c1093c4d9e185b2da2cb611ca0367c395f6f46eb72eb2b177a6f7525b498c7d3
HP Security Bulletin HPSBUX03159 SSRT101785
Posted Oct 29, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03159 SSRT101785 - A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 1 of this advisory.

tags | advisory, denial of service, kernel, local
systems | hpux
advisories | CVE-2014-7877
SHA-256 | 7073fbb2e757fa637f62761488163b44a40ec047d44d0ecfe57f718f96ecacc3
Page 1 of 10
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close