exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 212 RSS Feed

Files

Slackware Security Advisory - libpng Updates
Posted Dec 18, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-8540
SHA-256 | 463a099c97a10c82afc5272db79e75f365c7be110e4bba31d43d7cfcc2e05c11
Debian Security Advisory 3426-1
Posted Dec 18, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3426-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-7446, CVE-2015-7799, CVE-2015-7833, CVE-2015-8104, CVE-2015-8374, CVE-2015-8543
SHA-256 | eefa8528c8f76d273a5ac0c5e68a8ee3b0c177db643785311de84b9e1b210774
Ubuntu Security Notice USN-2845-1
Posted Dec 18, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2845-1 - Dolev Farhi discovered an information disclosure issue in SoS. If the /etc/fstab file contained passwords, the passwords were included in the SoS report. This issue only affected Ubuntu 14.04 LTS. Mateusz Guzik discovered that SoS incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files or gain access to temporary file contents containing sensitive system information. Various other issues were also addressed.

tags | advisory, arbitrary, local, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-3925, CVE-2015-7529
SHA-256 | 35969627a5eb4d0bc47c9ea660f4346a68543a1d58dbd5d4042313fd0105be85
Samsung SoftAP Weak Password
Posted Dec 18, 2015
Authored by Augusto Pereyra

Samsung's SoftAP WPA2-PSK password generation is weak and can be cracked in a few hours.

tags | advisory
advisories | CVE-2015-5729
SHA-256 | d07302b705ff9d90ee5c3f1bd5da6e5f61c13558040cb8ca8a031f9fbc137494
EMC Isilon OneFS Security Privilege Escalation
Posted Dec 17, 2015
Site emc.com

EMC Isilon OneFS contains a privilege escalation vulnerability when SmartLock compliance mode is in use. In SmartLock compliance mode, the system is designed to prevent root-level user logins to the system. However, this security vulnerability allows OneFS users with administrative privileges to create root-level users and log in to the system.

tags | advisory, root
advisories | CVE-2015-4545
SHA-256 | f4f6d1a7ab19143caa64aabd4726e3e092c57198ac322964a7c8b8aafcb47f52
Apache Camel Java Object Deserialization
Posted Dec 17, 2015
Authored by Claus Ibsen

Apache Camel's Jetty/Servlet usage is vulnerable to a Java object de-serialization vulnerability.

tags | advisory, java
advisories | CVE-2015-5348
SHA-256 | 2dc9dd223b8636940a69a92a2c8ec700896baacff115824e13e45e41f355a595
Gentoo Linux Security Advisory 201512-02
Posted Dec 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-2 - A vulnerability in IPython could result in execution of arbitrary JavaScript. Versions less than 3.2.1-r1 are affected.

tags | advisory, arbitrary, javascript
systems | linux, gentoo
advisories | CVE-2015-7337
SHA-256 | 602eab51ddd4b20b9c24db1a3a698f76e84e569b728c2455b0f878be507ba348
Red Hat Security Advisory 2015-2665-01
Posted Dec 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2665-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.106, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-6792
SHA-256 | 038818a7be890b246a3237c4c06352a87f9d25899dca0c4f09b790698f9f76c6
Gentoo Linux Security Advisory 201512-01
Posted Dec 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-1 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.72-r2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-3294
SHA-256 | 30a91cd4814a5a2c048a34695fee5c59ce22a6bd5ce21ccec15e04dba9849a93
Ubuntu Security Notice USN-2840-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2840-2 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7872
SHA-256 | 24c157bc5fb11507b05110e988d7bc8ac2a3a57436e0dee3534be4d8df1784a6
Ubuntu Security Notice USN-2843-3
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-3 - =E9=83=AD=E6=B0=B8=E5=88=9A discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885
SHA-256 | 49334a6b730ea953bb24db7899076e4caa9a090dbe9937e4c72b50efb8cce3a4
Ubuntu Security Notice USN-2843-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | c5e55d2c73f862fc096ea1440ff05f9e135387c9eb19edd0e68e6a85dc021481
Red Hat Security Advisory 2015-2666-01
Posted Dec 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2666-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could use this flaw to leak certain memory buffer contents from a past request or session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-3281
SHA-256 | c4327e8c7d421a0cbc4ff37663cdff357f709ac3ab9cbc77ba10759b1555132d
Microsoft Unicode Scripts Processor Arbitrary Code Execution
Posted Dec 17, 2015
Authored by Secunia, Hossein Lotfi

On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2015-6130
SHA-256 | ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
OLE DB Provider For Oracle DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

Multiple DLL side loading vulnerabilities were found in the OLE DB Provider for Oracle. These issues can be exploited by loading various OLE components as an embedded OLE object. When instantiating the object Windows will try to load the DLLs oci.dll, and ociw32.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary, vulnerability
systems | windows
SHA-256 | 780d7323edb86b5d1ef9bec50bd1ae3f33562db71bf215b552d8c2ebc37b7cc4
Shockwave Flash Object DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the Flash version that ships with Windows. This issue can be exploited by loading the Shockwave Flash object as an embedded OLE object. When instantiating the object Windows will try to load the DLL spframe.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
SHA-256 | 05acd97f15be7119fb1100ff641cd7b269e04fe167eaf70a9f77c55c83191102
Shutdown UX DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the Shutdown UX DLL. This issue can be exploited by loading the Authentication UI Shutdown Choices object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-6128, CVE-2015-6132
SHA-256 | b96ff440d177a2b1c8d194a3eeb5ba6a3405ca91223f3d328cdc4c4755b3ac20
PyAMF 0.7.2 XXE Injection
Posted Dec 17, 2015
Authored by Nicolas Gregoire, Open Source CERT

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

tags | advisory, denial of service, xxe
advisories | CVE-2015-8549
SHA-256 | 939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
Libnsbmp 0.1.2 Heap Overflow / Out-Of-Bounds Read
Posted Dec 17, 2015
Authored by Hans Jerry Illikainen

Libnsbmp version 0.1.2 suffers from heap overflow and out-of-bounds read vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2015-7507, CVE-2015-7508
SHA-256 | c0939b0e25b9fa643a0b63b47d68e7bdfab3e7978f4d2f6956a53d8dd28806ec
Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read
Posted Dec 17, 2015
Authored by Hans Jerry Illikainen

Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2015-7505, CVE-2015-7506
SHA-256 | d53a9d5fac2511420bc71e8fceb0367db6d018335d2f3c8a2c530b88f9f9e266
Debian Security Advisory 3425-1
Posted Dec 17, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3425-1 - Cedric Krier discovered a vulnerability in the server-side of Tryton, an application framework written in Python. An authenticated malicious user can write arbitrary values in record fields due missed checks of access permissions when multiple records are written.

tags | advisory, arbitrary, python
systems | linux, debian
advisories | CVE-2015-0861
SHA-256 | 514f808f0d9e7117f9207a8b5ef1610e417dcbc3ef385ae1b78d2ea6da00647f
Ubuntu Security Notice USN-2844-1
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2844-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7885, CVE-2015-8104
SHA-256 | b4cd0bc253990e55a6ecc2c204566cda6ed9cd5f6cf7e24e01d7c2684add877f
Ubuntu Security Notice USN-2843-1
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | f479df664dd8312e1d62280d98193f75f0d711e3ff7b1a9290dd88a9b27a19bc
Ubuntu Security Notice USN-2842-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2842-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | a5afc6600211fee4092359c7676a6587ef99dbb6b0927cfbf42276bdf656c3e8
Ubuntu Security Notice USN-2842-1
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2842-1 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | f15c2f33f4786bc4f7ee04869838e57eaef6dac30e29cec3994dd7170aca39f8
Page 3 of 9
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close