exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 179 RSS Feed

Files

ElasticSearch Cloud-Azure Insecure Transit
Posted Sep 19, 2015
Authored by Pedro Andujar

The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of the indexes snapshots.

tags | advisory, web, info disclosure
SHA-256 | b9cb4d374481587d608107ba93bf30d52ff5610e4e98d41e70599fe1f0ceeca7
HP Security Bulletin HPSBST03418 1
Posted Sep 19, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03418 1 - A potential security vulnerability has been identified with HP P6000 Command View Software. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 6ae337d939bf448b06c10ea85187149a2b1745cdc37402b354297b874e1fd073
Microsoft Security Bulletin Revision Increment For September, 2015
Posted Sep 18, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for September, 2015.

tags | advisory
SHA-256 | 5f6f682ba4880eb8f48a1278d89725dd322fec002101dc9129c07563b29930a9
Microsoft Exchange Outlook Web 2013 Information Disclosure
Posted Sep 18, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Outlook Web Access (OWA) does not properly handle web requests. A remote user can send a specially crafted request to the target web application to view potentially sensitive stack trace information on the target system.

tags | advisory, remote, web
advisories | CVE-2015-2505
SHA-256 | 9bdf7b9f1342306a29ba881af9aafb71cc796dc11f06d569ced59e02889dbd3f
Red Hat Security Advisory 2015-1808-01
Posted Sep 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1808-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. A command injection flaw was found in the rubygem-openshift-origin- console. A remote, authenticated user permitted to send requests to the Broker could execute arbitrary commands with elevated privileges on the Red Hat OpenShift server. All rubygem-openshift-origin-console users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2015-5274
SHA-256 | f0b9a48166303ff75b1891b35399b39a3d7149e4e20088ae35f13479021807e4
Ubuntu Security Notice USN-2741-1
Posted Sep 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2741-1 - It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-1319
SHA-256 | 2f97d1e5a13a3e486c03923183ff4afc1da1bb5e37d852222980d141e6c049ed
Ubuntu Security Notice USN-2742-1
Posted Sep 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2742-1 - Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, unix, ubuntu
advisories | CVE-2014-9713, CVE-2015-6908
SHA-256 | 9b6a8ed19fb6f7e3f64b01c4aa1fe8b45478ce1971f92272242e7566e492728c
Ubuntu Security Notice USN-2740-1
Posted Sep 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2740-1 - Atte Kettunen discovered that ICU incorrectly handled certain converter names. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash. It was discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, a remote attacker could possibly cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1270, CVE-2015-2632, CVE-2015-4760
SHA-256 | 5b1f2476f7d96386a0e049410bd7ee7fa6c1fb9fe8f352f7db36cdd24e4825a8
Cisco Security Advisory 20150916-tps
Posted Sep 17, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, overflow, protocol
systems | cisco
SHA-256 | bac9daba4b8d9bd57593f1f8a8f4bfc66fd04b0a66b8c836ece70d3f7b0d32c2
Cisco Security Advisory 20150916-pcp
Posted Sep 17, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web framework of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to access higher-privileged functions. An exploit could allow the attacker to access functions some of which should be accessible only to users who have administrative privileges. This includes creating an administrative user.

tags | advisory, remote, web
systems | cisco
SHA-256 | 1d1dbc012d8430484519427c0ddc88f33f0a15c34a13848704a6941fe740c798
Cisco Security Advisory 20150916-pca
Posted Sep 17, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Collaboration Assurance Software contains access bypass, information disclosure, and privilege escalation vulnerabilities.

tags | advisory, vulnerability, info disclosure
systems | cisco
SHA-256 | b531432647ab2690ba36458cf4972a611863a08fb56b5a1606bcba27d87c28fb
HP Security Bulletin HPSBGN03393 2
Posted Sep 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03393 2 - A potential security vulnerability has been identified with HP Operations Manager i (OMi) running on Linux and Windows. The vulnerability could be exploited remotely to execute code. Revision 2 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2015-2137
SHA-256 | 3bc5a0be2c31ee31bbfa01e93eed43ef63948ec86558cc789102b39977887c71
Red Hat Security Advisory 2015-1788-01
Posted Sep 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1788-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the kernel's implementation of the Berkeley Packet Filter. A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, redhat
advisories | CVE-2014-9585, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366
SHA-256 | 25d0c7614c07675f849c3b6d3284745ade70ce6f99faadcd640f7598d955b66c
Red Hat Security Advisory 2015-1793-01
Posted Sep 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1793-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-5165
SHA-256 | 23f5662e8c68f25e52a00f8571a08ea77f3d89480a7c38085c4fe015a42ea14a
Red Hat Security Advisory 2015-1778-01
Posted Sep 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1778-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the kernel's implementation of the Berkeley Packet Filter. A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, redhat
advisories | CVE-2014-9585, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366
SHA-256 | 6931087e4966ef5af97d58d33a14d67431f59be2eca9c49d74bab95c4b9e66ae
Red Hat Security Advisory 2015-1787-01
Posted Sep 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1787-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. A flaw was found in the way the Linux kernel's ext4 file system handled the "page size > block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system.

tags | advisory, remote, denial of service, kernel, local, udp
systems | linux, redhat
advisories | CVE-2014-9585, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, CVE-2015-5364, CVE-2015-5366
SHA-256 | f0b5d577a1722a4499ab101e9890afb3978e9fdaacc73e56678021c7283bdb72
Debian Security Advisory 3360-1
Posted Sep 17, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3360-1 - It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with x- , which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-1270
SHA-256 | 103abcee976e68dc4bc87a60c3cd4a6c9d40f8fc87ea73f56e263122853840ff
HP Security Bulletin HPSBHF03509 1
Posted Sep 17, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03509 1 - HP has released updates to the HP ThinPro and HP Smart Zero Core operating systems to address two vulnerabilities found in Adobe Flash Player versions v11.x through v11.2.202.481 on Linux. These vulnerabilities allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that either leverages improper handling of the opaqueBackground property or overrides a ValueOf function, as exploited in the wild in July 2015. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux
advisories | CVE-2015-5122, CVE-2015-5123
SHA-256 | e6bb7bc9c737d98fc3a4dca51f25b28ad5851e17a20b20cf3f300bd1ed5f397c
HP Security Bulletin HPSBMU03392 2
Posted Sep 15, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03392 2 - Potential security vulnerabilities have been identified with HP ArcSight Logger. These vulnerabilities could be exploited remotely to allow users to bypass certain authorization restrictions. Revision 2 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-2136
SHA-256 | 02ecb7683903bd243b2fe6788080935130ec21a2b15ff6c6fc8b016bc58dd000
Debian Security Advisory 3358-1
Posted Sep 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3358-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838
SHA-256 | 096b1086b1a1d3d75329d6e4c2d3f8595e3acba94ffdbe5e8cbeee41cfdc303c
Debian Security Advisory 3359-1
Posted Sep 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3359-1 - This update fixes an unspecified security issue in VirtualBox related to guests using bridged networking via WiFi. Oracle no longer provides information on specific security vulnerabilities in VirtualBox.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-2594
SHA-256 | f96adf0a02b3ed9a6d42cccf01b4b757ef437a9005af3f30b469727317eed808
Debian Security Advisory 3357-1
Posted Sep 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3357-1 - It was discovered that vzctl, a set of control tools for the OpenVZ server virtualization solution, determined the storage layout of containers based on the presence of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over ploop-based containers.

tags | advisory, local, root
systems | linux, debian
SHA-256 | a5736c73d44073dc09fa91a1aec0de6a2d4fddd8f94091fc6774e6a78e013eb5
Red Hat Security Advisory 2015-1772-01
Posted Sep 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1772-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-5225
SHA-256 | d8888c492f070c1a8971b9494b040b6a9998fbdaff29040fb9aa63f5e800db26
Debian Security Advisory 3356-1
Posted Sep 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3356-1 - Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.

tags | advisory, remote, denial of service, protocol
systems | linux, debian
advisories | CVE-2015-6908
SHA-256 | 6ea26f64cefbfb2556a3754993d105f8cd15fe3aedccdcdf9a191f239a95031f
HP Security Bulletin HPSBHF03408 2
Posted Sep 15, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03408 2 - Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2015-5367, CVE-2015-5368
SHA-256 | ac6860964580e91b1d2845e814210a6cd3cc690f2525412763b1402758a55794
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close