all things security
Showing 1 - 25 of 264 RSS Feed

Files

EMC Documentum eRoom Unverified Password Change
Posted Jan 31, 2017
Site emc.com

EMC Documentum eRoom includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions affected include 7.4.4 and 7.4.4 SP. Versions prior to 7.4.5 P04 and 7.5.0 P01 are also affected.

tags | advisory
advisories | CVE-2017-2766
MD5 | 62c98ebaabdc33171a6c9cedb03eff2b
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation
Posted Jan 31, 2017
Authored by Matteo Beccati

Revive Adserver versions 4.0.0 and below suffer from cross site scripting, session fixation, and deserialization of untrusted data vulnerabilities.

tags | advisory, vulnerability, xss
MD5 | 7851849891b07f255ee87bf675b8f570
HP Security Bulletin HPESBMU03701 1
Posted Jan 31, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBMU03701 1 - A potential vulnerability has been identified in HPE Smart Storage Administrator. The vulnerability could remotely be exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-8523
MD5 | a37fac57f6b400f299b2d624177ae9ab
Gentoo Linux Security Advisory 201701-77
Posted Jan 31, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-77 - A vulnerability in Ansible may allow rogue clients to execute commands on the Ansible controller. Versions less than 2.1.4.0_rc3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2016-9587
MD5 | 84c112fe876902fc9416ce5cef08eaea
Red Hat Security Advisory 2017-0215-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0215-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
MD5 | b6b51646d7eeb6cb05e3487a005801dd
Red Hat Security Advisory 2017-0216-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0216-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-7117
MD5 | 9d83bee949a2f4126fa56f181cd889a6
Red Hat Security Advisory 2017-0217-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0217-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

tags | advisory, remote, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2016-2847, CVE-2016-7117
MD5 | cea80dcfe48bd14c5f1e1ca23e97031f
Gentoo Linux Security Advisory 201701-76
Posted Jan 31, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-76 - Multiple vulnerabilities have been found in HarfBuzz, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.0.6 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-8947, CVE-2016-2052
MD5 | f7d865d41adce0ee542b52d57ed5a3f5
Red Hat Security Advisory 2017-0214-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0214-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2008-7313, CVE-2014-5008, CVE-2014-5009, CVE-2016-9565, CVE-2016-9566
MD5 | 177badea5657017f0302647f63bd8e6f
Red Hat Security Advisory 2017-0212-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0212-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2008-7313, CVE-2014-5008, CVE-2014-5009, CVE-2016-9565, CVE-2016-9566
MD5 | 2e2fbf36e6aaba8787ffe2c8ba135436
Red Hat Security Advisory 2017-0211-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0211-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2008-7313, CVE-2014-5008, CVE-2014-5009, CVE-2016-9565, CVE-2016-9566
MD5 | abccc720066783d21a2eed2a19de132d
Red Hat Security Advisory 2017-0213-01
Posted Jan 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0213-01 - Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Nagios is written in C and designed to run under Linux as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate "plugin" programs which return the status of the checks to Nagios. Nagios plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2008-7313, CVE-2014-5008, CVE-2014-5009, CVE-2016-9565, CVE-2016-9566
MD5 | a1a4fc031e5897f6fc74ab4c9914886f
Libarchive 3.2.2 lha_read_file_header_1() Denial Of Service
Posted Jan 31, 2017
Authored by Jakub Jirasek | Site secunia.com

Secunia Research has discovered a vulnerability in libarchive, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "lha_read_file_header_1()" function (archive_read_support_format_lha.c), which can be exploited to trigger an out-of-bounds read memory access via a specially crafted archive. The vulnerability is confirmed in version 3.2.2. Other versions may also be affected.

tags | advisory, denial of service
advisories | CVE-2017-5601
MD5 | 7f2b1a06172c64fbfccd3249ba848140
Hacking Printers Advisory 6
Posted Jan 31, 2017
Authored by Jens Mueller

This post is about putting printers out of their misery and destroying the NVRAM through ordinary print jobs.

tags | advisory
MD5 | 88a8b8c7746260f815b5c8426172bbd1
Hacking Printers Advisory 5
Posted Jan 31, 2017
Authored by Jens Mueller

This post is about resetting a printer to factory defaults through ordinary print jobs, therefore bypassing all protection mechanisms like user-set passwords.

tags | advisory
MD5 | 8131dc45aea9ade9b71766990c74e946
Hacking Printers Advisory 4
Posted Jan 31, 2017
Authored by Jens Mueller

This post is about buffer overflows in a printer's LPD daemon and PJL interpreter which leads to denial of service or potentially even to code execution. Multiple printers are affected.

tags | advisory, denial of service, overflow, code execution
MD5 | b18e89a0bfd80e083499631267c03342
Heimdal Security DLL Hijacking
Posted Jan 31, 2017
Authored by Stefan Kanthak

Heimdal Security's SetupLauncher is vulnerable to DLL hijacking.

tags | advisory
systems | windows
MD5 | ee4eb30eff183cba777c2380ca01fa42
Hacking Printers Advisory 3
Posted Jan 31, 2017
Authored by Jens Mueller

This post is about abusing Brother's proprietary PJL extensions to dump the printers NVRAM and gain access to interesting stuff like passwords.

tags | advisory
MD5 | 2819609db094cc0c6192a444ba2c8f34
Ubiquiti Networks Cross Site Scripting / Cross Site Request Forgery
Posted Jan 31, 2017
Authored by T. Weber | Site sec-consult.com

Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, Power AP N, PicoStation2, and PicoStation2HP, suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 23bc37fc0f1ea3435f5be28e9cd3d366
Debian Security Advisory 3773-1
Posted Jan 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3773-1 - Several vulnerabilities were discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-7056, CVE-2016-8610, CVE-2017-3731
MD5 | 55059b83323f9dfe13d608a6fd08a273
Gentoo Linux Security Advisory 201701-75
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-75 - Multiple vulnerabilities have been found in Perl, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 5.22.3_rc4 are affected.

tags | advisory, remote, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2015-8607, CVE-2015-8853, CVE-2016-1238, CVE-2016-2381, CVE-2016-6185
MD5 | aadc81a6433dc3251362cd7f85b56bd8
Gentoo Linux Security Advisory 201701-74
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-74 - A null pointer dereference in libpng might allow remote attackers to execute arbitrary code. Versions less than 1.6.27 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2016-10087
MD5 | a85b80baa11ef709e0e55956d30dcc3a
Gentoo Linux Security Advisory 201701-73
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-73 - Multiple vulnerabilities have been discovered in SQUASHFS, the worst of which may allow execution of arbitrary code. Versions less than 4.3-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-4645, CVE-2015-4646
MD5 | 1558c8ef7d85c9ea3eb3336743d5fd89
Gentoo Linux Security Advisory 201701-72
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-72 - An integer overflow in libXpm might allow remote attackers to execute arbitrary code or cause a Denial of Service Condition. Versions less than 3.5.12 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2016-10164
MD5 | 8db1c49107984212c6993342bfcb5667
Gentoo Linux Security Advisory 201701-71
Posted Jan 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-71 - Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 2.8.10 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-7122, CVE-2016-7450, CVE-2016-7502, CVE-2016-7555, CVE-2016-7562, CVE-2016-7785, CVE-2016-7905
MD5 | 00a71cbfac9cf9e94224e791feaaaac4
Page 1 of 11
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Millions Of High Security Crypto Keys Crippled By Newly Discovered Flaw
Posted Oct 16, 2017

tags | headline, flaw, cryptography
Pizza Hut Latest To Be Hit In Card Data Breach
Posted Oct 16, 2017

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Artificial Intelligence - Hype, Hope, And Fear
Posted Oct 16, 2017

tags | headline, botnet, cyberwar
KRACK Attacks: Breaking WPA2 By Forcing Nonce Reuse
Posted Oct 16, 2017

tags | headline, privacy, phone, wireless, flaw, cryptography
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close