what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 24 of 24 RSS Feed

Files Date: 2012-08-21

Suricata IDPE 1.3.1
Posted Aug 21, 2012
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: AF_PACKET performance was much improved. Defrag engine performance was improved. HTTP URI double decoding handling was made configurable. The stream engine was made more robust. The Windows build was fixed. Various other issues were fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | 31d3eca63bc5336797d434431211c9b76b6cc0fe03c58b449f478d548a355417
Mandriva Linux Security Advisory 2012-142
Posted Aug 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-142 - A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially-crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable. Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP's GIF image file plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. The updated gimp packages have been upgraded to the 2.6.12 version and patched to correct these issues. Additionally for Mandriva Enterprise server 5 the gegl packages was upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the enscript packages was added because of a build dependency, the gutenprint and mtink packages was rebuilt against the gimp 2.6.12 libraries.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3403, CVE-2012-3481
SHA-256 | aec214e418fa063224a016dcb76fa86d1ca6e8c1157010ee36b64648e14af80d
Mandriva Linux Security Advisory 2012-141
Posted Aug 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-141 - The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service via a packet with a next extension offset that references this extension or a previous extension. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2010-3609
SHA-256 | 32969a071019880bdf08afe71a7afa4d8e1614a67ba6042bd53358ae490cc42e
Ubuntu Security Notice USN-1543-1
Posted Aug 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1543-1 - It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files.

tags | advisory, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2012-2451
SHA-256 | 53f59f33b4b7260067b809db7a270c28dc07def87a2cab40d4971d8d23a2bf82
Ubuntu Security Notice USN-1542-1
Posted Aug 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1542-1 - Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users to read data with the privileges of the database server.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-3488, CVE-2012-3489, CVE-2012-3488, CVE-2012-3489
SHA-256 | 9fa0f29d543629dc0f9b504fe146eed8146d9759831fdc2e8de51e84977c2109
Red Hat Security Advisory 2012-1185-01
Posted Aug 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1185-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2012-3406
SHA-256 | 1d700f26a46c1aa77a763d9b4b44ce483439f3fec2a58dcaf4582ed14501fce8
Red Hat Security Advisory 2012-1187-01
Posted Aug 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1187-01 - Katello allows you to manage the application life-cycle for Linux systems. Katello is used by Red Hat Subscription Asset Manager, a distributor application for handling subscription information and software updates on client machines. It was found that the katello-common package's installation script did not correctly generate the secret token used for session cookie generation, leading to every default installation using the same secret token. A remote attacker could use this flaw to create a cookie that would allow them to log into the Subscription Asset Manager web interface as any user, without knowing the passwords.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3503
SHA-256 | 597c317d6628bef13dbbc7a4fc8d6af89eed7367a7de44c2f866d8f5fa21e962
Red Hat Security Advisory 2012-1174-01
Posted Aug 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1174-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-2313
SHA-256 | 7ee7d5169d4fac9dc4ff2a4c95a4c510d96b9b6a6328d7a4882cac5d4db94f38
Red Hat Security Advisory 2012-1186-01
Posted Aug 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1186-01 - Katello allows you to manage the application life-cycle for Linux systems. Katello is used by CloudForms System Engine, an Infrastructure as a Service application that provides tools to update and monitor systems within private and hybrid clouds, and can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. It was found that the katello-common package's installation script did not correctly generate the secret token used for session cookie generation, leading to every default installation using the same secret token. A remote attacker could use this flaw to create a cookie that would allow them to log into the CloudForms System Engine web interface as any user, without knowing the passwords.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3503
SHA-256 | 419b7ab599f5ece96c660a2b774bfadd9192199c652c4d46765643484f55e6d9
Ubuntu Security Notice USN-1540-2
Posted Aug 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1540-2 - USN-1540-1 fixed vulnerabilities in NSS. This update provides the corresponding updates for Ubuntu 12.04 LTS. Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2012-0441
SHA-256 | 8f57cd4a7c1aea015a6435f2f69027c64f4030e74c9def113569254e48b1fe29
Secunia Security Advisory 50335
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in FishEye and Crucible, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 419ca5b8724048bc855f237fa2ef3980ca55aff31c8e2709917c4c5c6ee9bbf2
Secunia Security Advisory 50340
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux
SHA-256 | d91879b1660b78640588499f08c7654a624bd6541364713a50adfeb1893624b4
Secunia Security Advisory 50317
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Hivemail, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
SHA-256 | e496bdfa2163b9182b1d41a7e60cd8a1f8d8e41c0f64e9057d64e0af41961a9a
Secunia Security Advisory 50311
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OCaml Xml-Light Library, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 8814b1dc402dc1a94f351af14f96bcc9d29f10ee0c94e5a9f1d12062b5ba175a
Secunia Security Advisory 50352
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Apple Remote Desktop, which may disclose sensitive information to malicious people.

tags | advisory, remote
systems | apple
SHA-256 | 0f5cee42a0d876a10eb7b3824c7931779dbf81618b0b462008318e10580f5b73
Secunia Security Advisory 50338
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes two vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 0f44f89b24b814c2d814d4da87e8e7c55676d62ca697af61ad46b597e2868547
Secunia Security Advisory 50297
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - hinge has reported a vulnerability in IOServer, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 5c49a9bb6e39d9756504afa7862109c57757521db387e89f48b8b53d732ac52d
Secunia Security Advisory 50098
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Foreground Security has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | b1ac53bd934e18c7a2ef4c44ae6b3a2d9bc6ad0909ad23d219b9284764c7fa80
Secunia Security Advisory 50278
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tinyproxy, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 426a0fcb657ec43463e5461e50d842058f2caa98318e1efb644869d8d11d1c36
Secunia Security Advisory 50330
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Domino, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks.

tags | advisory, web, vulnerability, xss
SHA-256 | 3422fc880f9f4de9406bc76c16c872492c6c967505f80a1589d627e33604a912
TOR Virtual Network Tunneling Tool 0.2.2.38
Posted Aug 21, 2012
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a rare race condition which could crash exit relays, fixes a remotely-triggerable crash bug, and fixes a timing attack which could leak path information.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 8ee32e7fa14ddc1ded299e9c396b5628d473233528c3a22f8bfc7eac9094b4cf
Mobius Forensic Toolkit 0.5.14
Posted Aug 21, 2012
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: This release supports reading multiple segment EWF files. Minor improvements and bugfixes have been made.
tags | tool, python, forensics
systems | unix
SHA-256 | f52e108b90c54dd99b2d01089fae083ef013d8ee1f983714d424b08617f45087
OATH Toolkit 1.12.5
Posted Aug 21, 2012
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: The oathtool --counter parameter now supports larger values.
tags | tool
systems | unix
SHA-256 | 0116f55870f6717a9241bc2f4af4e69e75047c8158dc489d6c9a1c3fc23cd9cb
Fwknop Port Knocking Utility 2.0.2
Posted Aug 21, 2012
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Better handling of GnuPG for SPA packet decryption on the server side (accounts for no passphrase gpg keys when gpg-agent or pinentry are otherwise required). A bugfix in SPA packet replay detection code. A check for the existence of the iptables 'comment' match when the serve is deployed on Linux. Several other bugfixes.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 2a79ffeabce01eff333b2eef7357d4d7d43237af4526cc2bd9b282907439aea7
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close