exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 209 RSS Feed

Files

Liferay Portal 6.2 EE SP8 Cross Site Scripting
Posted Nov 21, 2014
Authored by Ariel Walter Garcia

Liferay Portal versions 6.2 EE SP8 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-8349
SHA-256 | 588c7b3f899dee927dca095f3cb6bd26659601629c29183946a39fcf4cca2ceb
Ubuntu Security Notice USN-2413-1
Posted Nov 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2413-1 - An AppArmor policy miscompilation flaw was discovered in apparmor_parser. Under certain circumstances, a malicious application could use this flaw to perform operations that are not allowed by AppArmor policy. The flaw may also prevent applications from accessing resources that are allowed by AppArmor policy.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-1424
SHA-256 | cb6348b595c35e29fb92f1184a6f07493140def07694f71a448a48054ceb11f8
Red Hat Security Advisory 2014-1885-01
Posted Nov 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1885-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-3660
SHA-256 | 120d63d619224bf9a59430613608c4018524b70c157270d73a38c424b323ecb1
Red Hat Security Advisory 2014-1882-01
Posted Nov 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1882-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 739553eebe194c764860fdf7fef41eee3aed9586ecf57cee33e3e900c897fed5
Red Hat Security Advisory 2014-1881-01
Posted Nov 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1881-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-6457, CVE-2014-6502, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6531, CVE-2014-6558
SHA-256 | 6d075d501782cf382bcc6edcafdc84e55624414d574fe5b16cd42344ff1b187a
Red Hat Security Advisory 2014-1880-01
Posted Nov 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1880-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 5d609a90cdea6dcd204ddaeb5da8097ae2d553d12c9f429fe8566cb0ce22c142
Ubuntu Security Notice USN-2412-1
Posted Nov 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2412-1 - Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2014-8090
SHA-256 | 01722294a0b313f8e8afdbc85a33a5bbad3769b7586918f6bcfb791c4d0d0ccf
Debian Security Advisory 3075-1
Posted Nov 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3075-1 - Two vulnerabilities were discovered in Drupal, a fully-featured content management framework.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-9015, CVE-2014-9016
SHA-256 | 63d4bdbad4a4ce7ba4d2fb743a437a426aa6f86aa2d1044f245f01baa4f1801d
Advantech WebAccess 7.2 Stack-Based Buffer Overflow
Posted Nov 20, 2014
Authored by Core Security Technologies, Joaquin Rodriguez Varela, Ricardo Narvaj | Site coresecurity.com

Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2014-8388
SHA-256 | f1107baceb903ca53318f0f5735854c6a5130cf3da81f5840dce6c8afe32091a
Advantech AdamView 4.3 Buffer Overflow
Posted Nov 20, 2014
Authored by Core Security Technologies, Daniel Kazimirow, Joaquin Rodriguez Varela, Fernando Paez | Site coresecurity.com

Core Security Technologies Advisory - Advantech AdamView version 4.3 has two different fields vulnerable to buffer overflow attacks, which can be exploited by attackers in order to execute arbitrary code by running files with the '.gni' extension that is associated with the AdamView software.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-8386
SHA-256 | 4fe10cda753e8e158ce53fcdfbfe4c893a64dbd2105a91b331e4abac8fc4f063
Mandriva Linux Security Advisory 2014-217
Posted Nov 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-217 - ClamAV 0.98.5 addresses several reported potential security bugs. Certain javascript files causes ClamAV to segfault when scanned with the -a.

tags | advisory, javascript
systems | linux, mandriva
advisories | CVE-2013-6497
SHA-256 | 34d90cc32a544a3c929bee3170979f4f877e9ca2a4c8a7645cb877ec7aae1f39
Mandriva Linux Security Advisory 2014-216
Posted Nov 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-216 - The Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. The updated packages have been upgraded to the latest ZendFramework version which is not vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-8088
SHA-256 | fa7b299f23243117c4d5325a9a21dfaa3642ae63ca4f9d8d4a57c626625d3674
Ubuntu Security Notice USN-2410-1
Posted Nov 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2410-1 - A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-7904, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
SHA-256 | a0eb2e8f1600102c5ce5d378e991cc151504dd74a6f59142caaba94ac7cf77cc
Red Hat Security Advisory 2014-1877-01
Posted Nov 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1877-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 03fd13611ccfc856be5e91a62ee8127d21ba187f8ca92810e9d322950c7c3bc1
Red Hat Security Advisory 2014-1876-01
Posted Nov 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1876-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 6d221975cabbebbc241b0225aff33a5b993018aaf62f538567c220abef5005dd
Faronics Deep Freeze Arbitrary Code Execution
Posted Nov 19, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-2382
SHA-256 | 27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885
Mandriva Linux Security Advisory 2014-215
Posted Nov 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-215 - An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8564
SHA-256 | 09deb94573db19c2095367b2e4855204d2d7f1f688124b59ab0810ec5e393e7a
Debian Security Advisory 3074-1
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-1 - Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.

tags | advisory, denial of service, php
systems | linux, redhat, debian
advisories | CVE-2014-3710
SHA-256 | c3c7f83fc8677e848b0cf6cde29652f956a6c07f2e420aedcf4eb8bc70533181
Debian Security Advisory 3074-2
Posted Nov 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3074-2 - The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy.

tags | advisory
systems | linux, debian
SHA-256 | eb5ca3638356ab944b043dc1e88c1b86cc5025738f16872711478b87772079b4
Apple Security Advisory 2014-11-17-3
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-3 - Apple TV 7.0.2 is now available and addresses arbitrary code execution and unsigned code execution security issues.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
SHA-256 | 64ff89b095ba26114a75a346f55bdedfd3112739360aef178b40c75924a28897
Apple Security Advisory 2014-11-17-2
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-2 - OS X 10.10.1 is now available and addresses a privacy issue, arbitrary code execution, and various other security issues.

tags | advisory, code execution
systems | apple, osx
advisories | CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
SHA-256 | 0070a836f0e45939ac86a47d278a19667a9d9d6640d8631bc2fbfc89036c0713
Apple Security Advisory 2014-11-17-1
Posted Nov 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-11-17-1 - iOS 8.1.1 is now available and addresses code execution and various other security flaws.

tags | advisory, code execution
systems | apple
advisories | CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4455, CVE-2014-4457, CVE-2014-4460, CVE-2014-4461, CVE-2014-4462, CVE-2014-4463
SHA-256 | 602e9d605f73315efc5efaf9ac7b45623e8729c43897fd8782af5548bf6439e1
Red Hat Security Advisory 2014-1873-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1873-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3633, CVE-2014-3657, CVE-2014-7823
SHA-256 | 926fc0cc610c6630f02ce4257be003e8e729f64fc84448045e963d1964416a7a
Red Hat Security Advisory 2014-1872-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash.

tags | advisory, remote, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-5077
SHA-256 | 54407e6e9d70167a75066e417334ef0ce14148e42cf5071246c5480fab521ac3
Microsoft Security Bulletin Re-Release For November, 2014
Posted Nov 18, 2014
Site microsoft.com

This bulletin summary lists one critical bulletin and two revised bulletins for November, 2014.

tags | advisory
SHA-256 | 4aced037c747d3df6acb8046188592f6842998bc6bb7ab3e901046c2cd2f4d04
Page 4 of 9
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close