exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 201 RSS Feed

Files

Slackware Security Advisory - seamonkey Updates
Posted Feb 16, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 7cd19932e1851777c31991fea89e31286ece90a8b0e795a9932b1ff7b009863e
Slackware Security Advisory - patch Updates
Posted Feb 16, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1196
SHA-256 | fe238ef2150aeead7d26e594876ec8bf81a81d4520601e123f7712c1a3a86010
Siemens SIMATIC STEP 7 (TIA Portal) V13 Privilege Escalation
Posted Feb 16, 2015
Authored by Siemens ProductCERT | Site siemens.com

The latest update for SIMATIC STEP 7 (TIA Portal) V13 fixes two vulnerabilities. Device user passwords in TIA portal project files are stored using a weak hashing algorithm. Attackers with read access to the project file could possibly reconstruct the passwords for device users. Privilege information for device users is stored unprotected in the TIA portal projects. Attackers with access to the project file could possibly read and modify the permissions for device users in the project file. If unsuspecting users are tricked to download the manipulated project files to the device, the user permissions become active.

tags | advisory, vulnerability
advisories | CVE-2015-1355, CVE-2015-1356
SHA-256 | b243dfbab181ed3d05528d9c6f66e15488a6f9b74d9b5897afced4508f4b1aae
Siemens SIMATIC WinCC (TIA Portal) V13 Privilege Escalation
Posted Feb 16, 2015
Authored by Siemens ProductCERT | Site siemens.com

The latest update for SIMATIC WinCC (TIA Portal) V13 fixes two vulnerabilities. The remote management module of WinCC (TIA Portal) Multi Panels and Comfort Panels, and WinCC RT Advanced transmits weakly protected credentials over the network. Attackers capturing network traffic of the remote management module could possibly reconstruct used passwords. A hard coded encryption key used in WinCC RT Professional could allow attackers to escalate their privileges if the application's network communication with an authenticated user was captured.

tags | advisory, remote, vulnerability
advisories | CVE-2014-4686, CVE-2015-1358
SHA-256 | 8eaaadac7bd62a1372b3f4832ed7853c5bfabaa509311247fc900d53d44cd1e6
Gentoo Linux Security Advisory 201502-12
Posted Feb 16, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-12 - Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code. Versions less than 1.7.0.71 are affected.

tags | advisory, java, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414
SHA-256 | 946956dea19a3274d6fb6db363ac9cb4f3556abb6e68ec9eeff943208a8be906
Gentoo Linux Security Advisory 201502-11
Posted Feb 16, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-11 - Two vulnerabilities have been found in GNU cpio, the worst of which could result in execution of arbitrary code. Versions less than 2.11-r3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9112, CVE-2015-1197
SHA-256 | f1f78684fd995e9d27931a80192594ed6935913d54f7976cc9c14a41f436eb3f
Gentoo Linux Security Advisory 201502-10
Posted Feb 16, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-10 - Two vulnerabilities have been found in libpng, possibly resulting in execution of arbitrary code. Versions less than 1.6.16 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9495
SHA-256 | 67d11ac2a7cb95e97d8640dff6a24b5b8ed323460de161e636a523867f73d0ca
Linux ASLR Improper Randomization
Posted Feb 16, 2015
Authored by Hector Marco

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow.

tags | advisory, overflow
systems | linux
advisories | CVE-2015-1593
SHA-256 | 9890952521e3cd5f5015f68364d858db61068493b180f85994b13d9035ba96b2
HumHub 0.10.0 File Upload / Remote Code Execution
Posted Feb 14, 2015
Authored by Jos Wetzels

HumHub versions 0.10.0 and below suffer from .htaccess file upload and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution, file upload
SHA-256 | 270e4348775db45bf8d7044ae1b7d6bb66a03193fd05759df6b2527b2e04fce4
HP Security Bulletin HPSBGN03258 1
Posted Feb 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03258 1 - A potential security vulnerability has been identified with HP Insight Control server deployment Windows Pre-boot Execution Environment that could be exploited remotely resulting in arbitrary execution of code. This is the vulnerability known as Winshock. HP Insight Control server deployment uses the Windows Automated Installation Kit 2.0 to generate the Windows Pre-boot Execution Environment service operating system. WAIK 2.0 is vulnerable to CVE-2014-6321 (Microsoft Schannel Remote Code Execution vulnerability). This bulletin provides instructions to update the Windows Pre-boot Execution Environment with updates from Microsoft. Revision 1 of this advisory.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2014-6321
SHA-256 | fdb36a29c9f919ae18292d8cf51a2c7d25c56db903151def63ed21febd08e1c0
Netatmo Weather Station Cleartext Password Leak
Posted Feb 13, 2015
Authored by jullrich

During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.

tags | advisory
advisories | CVE-2015-1600
SHA-256 | 26c45dc9330c4b9106868739be6a04123e25c4881dd15ee9236e856c7b66fbf4
Ubuntu Security Notice USN-2488-2
Posted Feb 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2488-2 - USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS. Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6497, CVE-2014-9328
SHA-256 | 1ba3829916f38cc8b6f3e2bbeba9b556ef562873a7a035d0f40069446390f3fd
WordPress Failed Randomness
Posted Feb 12, 2015
Authored by Scott Arciszewski

All versions of WordPress fail to implement a cryptographically secure pseudorandom number generator.

tags | advisory
advisories | CVE-2014-6412
SHA-256 | 170595a1bbe7e09d77645ac1e3ed66ad3b2cd04dd4cb157b616751c9edc794df
Open-Xchange Server 6 / OX AppSuite 7.6.1 Exposure
Posted Feb 12, 2015
Authored by Martin Heiland

Open-Xchange Server 6 / OX AppSuite suffers from an information exposure vulnerability in versions 7.6.1 and below.

tags | advisory
advisories | CVE-2014-9466
SHA-256 | 8229982ea2c858877843bfc93dec828d259e06e7d9ea4893899722e0857cf8f5
Mandriva Linux Security Advisory 2015-044
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-044 - Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+ still holds onto and might access later. The updated packages have been patched to correct this issue.

tags | advisory, perl
systems | linux, mandriva
SHA-256 | e73da39c4f4f83b3f336e55cc33673138264f90452afaeb86dafd1ea189a8695
Debian Security Advisory 3161-1
Posted Feb 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3161-1 - Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes. A malicious local user could use this flaw to trick dbus-daemon into thinking that systemd failed to activate a system service, resulting in an error reply back to the requester.

tags | advisory, denial of service, local, root
systems | linux, debian
advisories | CVE-2015-0245
SHA-256 | 2aa70c387619edf5818fcdac52d8d84392b4ab17ce8511cb0c1f79f7b11e9cc6
Mandriva Linux Security Advisory 2015-047
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-047 - Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-9447
SHA-256 | 72bdd7da941cefc3fb4d3fcab073210f54c6225dc876df7b77489666a6946e4f
Mandriva Linux Security Advisory 2015-048
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-048 - Multiple vulnerabilities has been discovered and corrected in Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that PostgreSQL incorrectly handled memory in the pgcrypto extension. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. Emil Lenngren discovered that PostgreSQL incorrectly handled extended protocol message reading. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly inject query messages. This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues.

tags | advisory, denial of service, arbitrary, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
SHA-256 | 634d97dbd89e3a11f0f04718cbf5534aac49ac2bfae32de2e27000b2b448d65e
Mandriva Linux Security Advisory 2015-046
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-046 - Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed.

tags | advisory, denial of service
systems | linux, suse, mandriva
advisories | CVE-2014-9297, CVE-2014-9298
SHA-256 | 1738bc161859133a34d1c1b3f945bb293d62965b7ce6af9e1ab54e8936be9dd5
Mandriva Linux Security Advisory 2015-045
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-045 - The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-0247
SHA-256 | afbd08dd885b278be82cc4c96d75245e87201d6fbcf427b723ce8ce64f54f3c9
Ubuntu Security Notice USN-2499-1
Posted Feb 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2499-1 - Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly handled buffers in to_char functions. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244
SHA-256 | ece0ed1fa664c2cfc993dd729652d029bc60850f5ddde36ddea4ba499be6ec0d
Red Hat Security Advisory 2015-0158-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0158-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface .

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2012-6153, CVE-2014-0151, CVE-2014-0154, CVE-2014-3577
SHA-256 | d9bb9ff72c6bd97b60e38ccf8918a120f640422e9b3d209587866a2130fb7674
Debian Security Advisory 3160-1
Posted Feb 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3160-1 - Olivier Fourdan discovered that missing input validation in the Xserver's handling of XkbSetGeometry requests may result in an information leak or denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2015-0255
SHA-256 | a8c6a3b27aaa3ff3ec4661dad807a413a2b37a89aa34950221b7a1e87856681f
Cisco Security Advisory 20150211-csacs
Posted Feb 12, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Secure Access Control System (ACS) prior to version 5.5 patch 7 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, sql injection
systems | cisco
SHA-256 | 0316ff4c6325490cd4330984306d52e82eba029c3763085c673dc708d5d17e38
Red Hat Security Advisory 2015-0215-01
Posted Feb 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0215-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-7827, CVE-2014-7839, CVE-2014-7849, CVE-2014-7853, CVE-2014-8122
SHA-256 | 57ab1fc8b9507ca56ece907b266ce7c9eb4bd0abbef003b66b314ffee42dde44
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close