what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2012-12-04

Debian Security Advisory 2581-1
Posted Dec 4, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2581-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, CVE-2012-5611
MD5 | 0714b6a1dfad19c051f809a2bc142984
Ubuntu Security Notice USN-1653-1
Posted Dec 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-4565
MD5 | 3850bf1f5afaddbc0bbd17e5cdd7b564
Red Hat Security Advisory 2012-1541-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1541-01 - These packages contain the Linux kernel. A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-4131, CVE-2012-2313
MD5 | 8eb1a0bdd08c312b7c91d2dd937b2dbe
Red Hat Security Advisory 2012-1542-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.

tags | advisory, remote, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-2139, CVE-2012-2140, CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-3864, CVE-2012-3865, CVE-2012-3867
MD5 | e57ad96523b395ece603fe69fec783e1
Red Hat Security Advisory 2012-1540-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1540-01 - These packages contain the Linux kernel. A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2012-2372, CVE-2012-3552, CVE-2012-4508, CVE-2012-4535, CVE-2012-4537, CVE-2012-5513
MD5 | b91458cfe9a71a259fc48800519ec6ce
Red Hat Security Advisory 2012-1543-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1543-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the following security issues: It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3538, CVE-2012-4574, CVE-2012-5603, CVE-2012-5605
MD5 | 09ad22a8b9412ce8ceaeea634a03becf
Red Hat Security Advisory 2012-1539-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1539-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Proxy 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Proxy must be restarted.

tags | advisory, remote, spoof, protocol
systems | linux, redhat
advisories | CVE-2012-3525
MD5 | e4fdead382f0a5533509aaad9b5f9e18
Red Hat Security Advisory 2012-1537-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1537-01 - JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service. This update also fixes the following bugs: Adding a user to any ROLE caused an unexpected exception.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
MD5 | 0d1fb1f00967f87786626d86a121c46e
Red Hat Security Advisory 2012-1506-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1506-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the Red Hat Enterprise Virtualization Manager part of the fix. The RHSA-2012:1508 VDSM update must also be installed to completely fix this issue.

tags | advisory, local, python
systems | linux, redhat, windows
advisories | CVE-2011-4316, CVE-2012-0860, CVE-2012-0861, CVE-2012-2696, CVE-2012-5516
MD5 | 3da59e6e432296e90b77079bdcaf1038
Red Hat Security Advisory 2012-1538-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1538-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Satellite 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Satellite must be restarted.

tags | advisory, remote, spoof, protocol
systems | linux, redhat
advisories | CVE-2012-3525
MD5 | 2ce4277cb69fe535849c515bd9898f1a
Red Hat Security Advisory 2012-1508-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1508-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux 6.3 hosts. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2012-0860, CVE-2012-0861
MD5 | 85e8f314c2e66a89e03227c1fb1b2de1
Red Hat Security Advisory 2012-1505-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1505-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Red Hat Enterprise Virtualization Hypervisor hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were downloaded in an insecure way, that is, without properly validating SSL certificates during HTTPS connections. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, potentially gaining root access to the host being added to the Red Hat Enterprise Virtualization environment. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.

tags | advisory, web, kernel, local, root, python
systems | linux, redhat
advisories | CVE-2012-0861
MD5 | f9e212942c2ebf6a7220b0a84f50196e
Red Hat Security Advisory 2012-1491-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1491-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Netlink messages without SCM_CREDENTIALS data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.

tags | advisory, kernel, local, root, spoof
systems | linux, redhat
advisories | CVE-2012-0957, CVE-2012-2133, CVE-2012-3400, CVE-2012-3430, CVE-2012-3511, CVE-2012-3520, CVE-2012-4508, CVE-2012-4565
MD5 | aece63615129fd789a2fd3c42520e29c
ManageEngine MSPCentral 9 Cross Site Request Forgery / Cross Site Scripting
Posted Dec 4, 2012
Authored by Cartel

ManageEngine MSPCentral version 9 suffers from cross site request forgery, insecure session cookies, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | a6b249d821b0d77e77659a38b9618210
Twitter SMS Spoofing
Posted Dec 4, 2012
Authored by Jonathan Rudenberg

Twitter is apparently vulnerable to an SMS spoofing vulnerability?

tags | advisory, spoof
MD5 | b5bdfe4e34bb192cfacb16d4df651ce8
Panda Internet Security Binary Planting
Posted Dec 4, 2012
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Panda Internet Security versions 2012 and 2013 suffer from a binary planting privilege escalation vulnerability.

tags | advisory
MD5 | 0de792645d740c4750a9112fa9b925fb
Wirtualna Polska S.A. (WP) XSS / CSRF
Posted Dec 4, 2012
Authored by Jakub Zoczek

Wirtualna Polska S.A. (WP) suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | c7aa22c81deed635329a459cba9795b0
Secunia Security Advisory 51456
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Kingcope has reported a vulnerability in SSH Tectia Server, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | ba3b45071f47d177b8529962df50ca25
Secunia Security Advisory 51397
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
MD5 | fadca92b803802f29046d3b4a5bb07fc
Secunia Security Advisory 51483
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in RSA NetWitness Informer, which can be exploited by malicious people to conduct click-jacking and cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
MD5 | d6f6080f2219e7706dfd97952d89cabe
Secunia Security Advisory 51416
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mysql-5.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service) and potentially execute arbitrary code, and by malicious people to potentially compromise a vulnerable system.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, debian
MD5 | af021546c7a3295c80ad62b1c3fe3596
Secunia Security Advisory 50974
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Zhao Liang has discovered a vulnerability in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
MD5 | 3d2f9b315e362c81a37d3e370bd0881c
Secunia Security Advisory 51399
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in The Sleuth Kit, which can be exploited by malicious people to hide certain data.

tags | advisory
MD5 | 3272c8e5a77265eb8cbd020da7610fd5
Secunia Security Advisory 51463
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Newscoop, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 0dd3122677434f9f3eaaa3069ffdc019
Secunia Security Advisory 51142
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matthew Joyce has discovered multiple vulnerabilities in ConcourseConnect, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
MD5 | 62be12769f955cc9df9376dae9bf15fa
Page 1 of 2
Back12Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close