Exploit the possiblities
Showing 1 - 25 of 179 RSS Feed

Files

Debian Security Advisory 3297-1
Posted Jun 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3297-1 - It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.

tags | advisory
systems | linux, debian
advisories | CVE-2015-1330
MD5 | e1bfb9fcd342c13c223348d603eef16f
Ubuntu Security Notice USN-2657-1
Posted Jun 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2657-1 - It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-1330
MD5 | 76e72a1b0c27e889bc1a783ed6a95ea6
Red Hat Security Advisory 2015-1196-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1196-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
MD5 | da2c72b9bf1a0022408352489e8bf31f
Red Hat Security Advisory 2015-1195-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1195-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
MD5 | bd12f3c7b235bd69d7892745677126ab
Red Hat Security Advisory 2015-1193-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1193-01 - Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. All xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-0252
MD5 | 3293c14d90ad49b393c4a730c4af033a
Red Hat Security Advisory 2015-1194-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1194-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
MD5 | 6eb214026b61f80501e00fbbc2c8e097
CollabNet Subversion Edge Management CSRF
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, csrf
MD5 | e640532a8d83b358bb72ef463752a6fd
CollabNet Subversion Edge Management Missing Password Check
Posted Jun 30, 2015
Authored by otr

The management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 5c5e945bd6fbe7ee2639d7b62c44fe62
CollabNet Subversion Edge Management Unsalted Hashes
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 9a5e0db63c6beb06a1d43e2b2f544a7d
CollabNet Subversion Edge Management Multiple Logins
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, web
MD5 | ffbdfb8c5b73603f5cbf7e21cddc1c3e
Courier Heap Overflow / Out Of Bounds Read Access
Posted Jun 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Courier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | c1c0df32acb8ba606085012203b1f8be
CollabNet Subversion Edge Management Brute Forcing
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, cracker
MD5 | 6d046d663fd351c4799bc1ce6833b6d1
CollabNet Subversion Edge Management Clickjacking
Posted Jun 30, 2015
Authored by otr

CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 5fe4e2ca44b7b6f105f4a8570deae178
CollabNet Subversion Edge Management Weak Password Policy
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | c06b2e95c34cfb2a3db30a9d9a407d18
CollabNet Subversion Edge Management Autocomplete Enabled
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 0d01d245276d4b4f33ee4051e9fc8c59
Microsec e-Szigno / Netlock Mokka XML Signature Wrapping
Posted Jun 29, 2015
Authored by Imre Rad

Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.

tags | advisory
advisories | CVE-2015-3931, CVE-2015-3932
MD5 | 47183f89b14f6e7c9b5b026c7106b06d
ESRS VE 3.0x Certificate Validation / Insufficient Randomness
Posted Jun 29, 2015
Site emc.com

Secure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.

tags | advisory, remote, spoof
advisories | CVE-2015-0543, CVE-2015-0544
MD5 | da19ab19bdcb3356ed22c692dab516a8
Debian Security Advisory 3296-1
Posted Jun 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2015-2141
MD5 | 453ae21ea5cd8dd0d927d2967d2c5371
HP Security Bulletin HPSBPI03360 2
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03360 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 51dba08e3e7c9d04460c18720ff4cd1c
HP Security Bulletin HPSBPI03107 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | b374de59b2daf2912e6ff07c3ec3a972
HP Security Bulletin HPSBGN03362 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
MD5 | 0a67598c67d86cbb659b552704703e06
HP Security Bulletin HPSBMU03267 3
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | 1d915b8324ef08916206b474bc901b91
HP Security Bulletin HPSBUX03359 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03359 1 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory.

tags | advisory, local
systems | hpux
advisories | CVE-2015-2126
MD5 | 70e9131a7cc33b5dbeb1660f27f46850
HP Security Bulletin HPSBGN03351 1
Posted Jun 29, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-4000
MD5 | fecfd03520186267322244256b55056d
EMC Unisphere For VMAX 8.0.x Remote Code Execution
Posted Jun 26, 2015
Site emc.com

EMC Unisphere for VMAX version 8.0.3.4 contains a fix for a remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 8.0.0, 8.0.1, and 8.0.2 are affected.

tags | advisory, remote, code execution
advisories | CVE-2015-0545
MD5 | 15b48221d87db3700c9b0bad1f913fc4
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close