what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 188 RSS Feed

Files

HP Security Bulletin HPSBGN03286 1
Posted May 20, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03286 1 - A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.

tags | advisory, overflow
advisories | CVE-2015-2110
SHA-256 | 77e1f0017599d488ff29131b60913d103e2951095b7a7763d0e85a09c3bd04a5
Apple Security Advisory 2015-05-19-1
Posted May 20, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, xxe
systems | apple
advisories | CVE-2015-1067, CVE-2015-1092, CVE-2015-1093, CVE-2015-1094, CVE-2015-1096, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1117
SHA-256 | f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b263
Ubuntu Security Notice USN-2616-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-9710, CVE-2015-3331, CVE-2015-3332
SHA-256 | 6d5e854fce22dc7828dfb7fdb530544b850ada7e6eb90e28677f9de08e01f7b9
Ubuntu Security Notice USN-2611-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2611-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system).

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9715
SHA-256 | b4c3e998a7d49a92e110bfc778dcffdf6db3890e165a13a0f8516fe439bbd4d6
Ubuntu Security Notice USN-2612-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2612-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges. Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9715, CVE-2015-3339
SHA-256 | 34f987f7f6f67822ddd0219c9c83f04635ee710cc9f38ec4ba1174eb68d51de2
Ubuntu Security Notice USN-2615-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2615-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-9710, CVE-2015-3331, CVE-2015-3332
SHA-256 | 25638b80ace2c9f2bdf94815e626ecd8374cf275dfb2ac0988ee18aff2f04ed3
Ubuntu Security Notice USN-2613-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2613-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9715, CVE-2015-2150, CVE-2015-2830, CVE-2015-3331
SHA-256 | b64bb60c18c519b0ed27d58ee2e71d6a5fbd6269a6aab22e4be17fc12e4cf9e1
Ubuntu Security Notice USN-2614-1
Posted May 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2614-1 - Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-9715, CVE-2015-2150, CVE-2015-2830, CVE-2015-3331
SHA-256 | e0987162501d8a55fc1a3e8a6bf474732d7e1427471124e0dc77fe43dbc3b88a
HP Security Bulletin HPSBPI03322 1
Posted May 19, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03322 1 - A potential security vulnerability has been identified with HP Access Control Pull Print Software. The vulnerability could result in local unauthorized access. Revision 1 of this advisory.

tags | advisory, local
advisories | CVE-2015-2118
SHA-256 | c41b46e2bff66e8a2991041e786d7ac9469f217dc88129793900c0d52b9b5447
Debian Security Advisory 3175-2
Posted May 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3175-2 - It was discovered that by sending crafted Router Advertisement packets, an attacker on the local network could lower the Current Hop Limit and cause the system to lose the ability to communicate with another IPv6 node on a different network.

tags | advisory, local
systems | linux, debian
advisories | CVE-2015-1414, CVE-2015-2923
SHA-256 | dd4761dc19a5e09e9419df727372fc9503d4306a2ae881376aa305dcb3c79b3d
Debian Security Advisory 3262-1
Posted May 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3262-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential execution of arbitrary code. This only affects HVM guests.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-3456
SHA-256 | f85b7e0dba35842d0a29aa4cdf7466ad52be076a8bdee2b113210207ea2f0fe7
WordPress Simple Backup Arbitrary Download
Posted May 19, 2015
Authored by Ashiyane Digital Security Team

The WordPress Simple Backup plugin suffers from an arbitrary download vulnerability.

tags | advisory, arbitrary
SHA-256 | 2f1879ea63c04f1d1bdc1146437974cb35370b7761eb8ab23b2cca9b2c380294
Wireless Photo Transfer 3.0 Local File Include
Posted May 19, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The Vulnerability Laboratory Research Team discovered a local file include vulnerability in the official Wireless Photo Transfer Mobile version 3.0 iOS application.

tags | advisory, local
systems | apple
SHA-256 | 8c45956de7bbff8e824ef289258164e1927f4f4d9ddcc638bb142469272f0b3b
Crucial Networking CRUCMS SQL Injection
Posted May 19, 2015
Authored by Vulnerability Laboratory, kjfido | Site vulnerability-lab.com

An independent Vulnerability Laboratory researcher discovered a remote SQL injection web vulnerability in the official Crucial Networking CRUCMS web application.

tags | advisory, remote, web, sql injection
SHA-256 | 012e19951d4d4560a4e25753146c9e294b8586acbbc08fc70636504e77a9384a
Slackware Security Advisory - mozilla-thunderbird Updates
Posted May 19, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 28ba9a29fcf8e79902d2f5303182ce5016a62b20569dbc733bb5ebcc86d7c741
Ubuntu Security Notice USN-2603-1
Posted May 18, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2603-1 - Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716
SHA-256 | 071dd2ac5a46c4050e07f2243d084650f3d54e4d6c7d9fccfaf5fd1b448736a0
Red Hat Security Advisory 2015-1012-01
Posted May 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1012-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716
SHA-256 | 498b88d7e4d4bfa225ad0f2324ddcb350d365f2ef56d95457029b86ee7abc553
Red Hat Security Advisory 2015-1011-01
Posted May 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1011-01 - The rhev-hypervisor packages provide a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2015-3456
SHA-256 | fcbc36d6af9b56bdac9fa408b51df2cd12d225527fdf8a1df853277bc89bbdfd
EMC Document Sciences xPression SQL Injection
Posted May 16, 2015
Site emc.com

The xAdmin interface in EMC Document Sciences xPression contains a SQL injection vulnerability that could potentially be exploited by a remote attacker to access or modify information on the affected system by causing execution of SQL commands on the server. EMC Document Sciences xPression versions 4.2 and 4.5 SP1 are affected.

tags | advisory, remote, sql injection
advisories | CVE-2015-0540
SHA-256 | 2ed855828dabc6672e56d704dda878b94cd6d33e894c669eaf764e4c6d6aa90c
phpBugTracker 1.7.5 XSS / SQL Injection / Auth Bypass
Posted May 16, 2015
Authored by indoushka

phpBugTracker 1.7.5 suffers from cross site scripting, authorization bypass, and SQL injection vulnerabilities.

tags | advisory, vulnerability, xss, sql injection, add administrator
SHA-256 | c13cabadc360f27c984d04adba9d6bfada7181ed571ba4c7d23192572f34182b
Debian Security Advisory 3261-1
Posted May 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3261-1 - Multiple vulnerabilities were discovered in libmodule-signature-perl, a Perl module to manipulate CPAN SIGNATURE files.

tags | advisory, perl, vulnerability
systems | linux, debian
advisories | CVE-2015-3406, CVE-2015-3407, CVE-2015-3408, CVE-2015-3409
SHA-256 | eead0929d7129f41a4c2167795dd6001b8ef81899e44f2f0daae91e38e8f7984
Concrete 5.7.3.1 Cross Site Scripting
Posted May 15, 2015
Authored by Netsparker

Concrete version 5.7.3.1 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | bc47fcda67ebda1d45c2ef30d588e722aa0845a565cf2e28ac9f78fe588936d2
DBKiss 1.16 Cross Site Scripting
Posted May 15, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

DBKiss Database Admin version 1.16 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | b7c97d61aeece0ece3e89c725db8ab4f63a9b7b25f3a9791f902e1c54c690fcd
Sidu 5.2 Admin Cross Site Scripting
Posted May 15, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Sidu version 5.2 suffers from a cross site scripting vulnerability in the admin section.

tags | advisory, xss
SHA-256 | 0009de29df8d129f5c212f158cedc225c1a5e6274156ecc778eb9b6f37b73b51
Tiny MySQL Cross Site Scripting
Posted May 15, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Tiny MySQL suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 3c2b3741ec292a1669642f6785ed7dee511bccef9add168cfad9a9570d7cc73c
Page 3 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Move Over, Cobalt Strike. Splinter's The New Post Exploit Menace In Town
Posted Sep 23, 2024

tags | headline, hacker, malware, backdoor
Apple's Latest macOS Release Is Breaking Security Software, Network Connections
Posted Sep 23, 2024

tags | headline, denial of service, flaw, apple
Exploiting Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE
Posted Sep 20, 2024

tags | headline, hacker, microsoft, flaw
Using YouTube To Steal Your Files
Posted Sep 20, 2024

tags | headline, hacker, flaw, google
Life Imitates xkcd Comic As Florida Gang Beats Crypto Password From Retiree
Posted Sep 20, 2024

tags | headline, cybercrime, data loss, cryptography
1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage
Posted Sep 20, 2024

tags | headline, denial of service
Cyber Crooks Strut Away With Haute Couture Harvey Nichols Data
Posted Sep 20, 2024

tags | headline, hacker, privacy, britain, cybercrime, data loss, fraud
Noise Storms: Massive Amounts Of Spoofed Web Traffic Linked To China
Posted Sep 20, 2024

tags | headline, china
Tor Network Denies Report That Anonymity Is Completely Canceled
Posted Sep 20, 2024

tags | headline, government, privacy, cryptography
Marko Polo Hackers Found To Be Running Dozens Of Scams
Posted Sep 20, 2024

tags | headline, hacker, cybercrime, fraud, phish, cryptography
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close