what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2012-12-04

Debian Security Advisory 2581-1
Posted Dec 4, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2581-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.66, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, CVE-2012-5611
SHA-256 | 2748ff0438a47e32d4a6b316d340dc682a7a93eb1de4bc28cc97456932e6000f
Ubuntu Security Notice USN-1653-1
Posted Dec 4, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1653-1 - Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local, tcp
systems | linux, ubuntu
advisories | CVE-2012-4565
SHA-256 | 25dbc32f4481135cb784c26cf3323fd9be5f2611d4444404eaf7b8702ea2e461
Red Hat Security Advisory 2012-1541-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1541-01 - These packages contain the Linux kernel. A malicious NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. A flaw in the dl2k driver could allow a local, unprivileged user to issue potentially harmful IOCTLs, possibly causing Ethernet adapters using the driver to malfunction.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-4131, CVE-2012-2313
SHA-256 | be0924f7d8cbe1f7cf8954b30f8836cc0f44bc53af0db061f11bc5a34bbe9465
Red Hat Security Advisory 2012-1542-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1542-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. Multiple input validation vulnerabilities were discovered in rubygem-activerecored. A remote attacker could possibly use these flaws to perform an SQL injection attack against an application using rubygem-activerecord. Multiple cross-site scripting flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack.

tags | advisory, remote, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-2139, CVE-2012-2140, CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-3864, CVE-2012-3865, CVE-2012-3867
SHA-256 | f96ce0acf37d0bdcad39fc2ad186927a862b5bffbd7f653a2b6e60984426c0c4
Red Hat Security Advisory 2012-1540-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1540-01 - These packages contain the Linux kernel. A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level.

tags | advisory, arbitrary, kernel, local
systems | linux, redhat
advisories | CVE-2012-2372, CVE-2012-3552, CVE-2012-4508, CVE-2012-4535, CVE-2012-4537, CVE-2012-5513
SHA-256 | 906829b1fdfb32f66974a1ab2f6683d5132fe8b3ba63296b4d8f44c8427f38d5
Red Hat Security Advisory 2012-1543-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1543-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. This update fixes bugs in and adds enhancements to the System Engine packages, and upgrades the system to CloudForms 1.1. This update also fixes the following security issues: It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3538, CVE-2012-4574, CVE-2012-5603, CVE-2012-5605
SHA-256 | 22f3f332ed35da1015db8d34aa29e8ec55196a746922e31cf4c92143aa01b2c5
Red Hat Security Advisory 2012-1539-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1539-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Proxy 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Proxy must be restarted.

tags | advisory, remote, spoof, protocol
systems | linux, redhat
advisories | CVE-2012-3525
SHA-256 | e907f8d70934f8b7ddcdae8908ef3296b5df2bfaec46c912fa4d4da07ce23413
Red Hat Security Advisory 2012-1537-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1537-01 - JasperReports Server is a reporting server. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service. This update also fixes the following bugs: Adding a user to any ROLE caused an unexpected exception.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2009-2625
SHA-256 | cda5cf73ac28123921171e07794e18b614763addcc34da268f4c05547a3e7c1f
Red Hat Security Advisory 2012-1506-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1506-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the Red Hat Enterprise Virtualization Manager part of the fix. The RHSA-2012:1508 VDSM update must also be installed to completely fix this issue.

tags | advisory, local, python
systems | linux, redhat, windows
advisories | CVE-2011-4316, CVE-2012-0860, CVE-2012-0861, CVE-2012-2696, CVE-2012-5516
SHA-256 | 827981ca03784d929de9ef99db03f9cf2d158d195c8885fbc46b4047733ab92c
Red Hat Security Advisory 2012-1538-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1538-01 - This package provides jabberd 2, an Extensible Messaging and Presence Protocol server used for XML based communication. It was discovered that the XMPP Dialback protocol implementation in jabberd 2 did not properly validate Verify Response and Authorization Response messages. A remote attacker able to connect to the jabberd's server-to-server communication port could possibly use this flaw to spoof source domains of the XMPP messages. Users of Red Hat Network Satellite 5.5 are advised to upgrade to this updated jabberd package, which resolves this issue. For this update to take effect, Red Hat Network Satellite must be restarted.

tags | advisory, remote, spoof, protocol
systems | linux, redhat
advisories | CVE-2012-3525
SHA-256 | 573e9e8ca5dedf78211e67deacd545deab8f1e99e4fb9bad0557b6012b5aebb0
Red Hat Security Advisory 2012-1508-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1508-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux 6.3 hosts. A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the "/tmp/" directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2012-0860, CVE-2012-0861
SHA-256 | f23aec50bf85d8befcc402c011734c5241da0c3905b76229c047ebe869e86e5b
Red Hat Security Advisory 2012-1505-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1505-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Red Hat Enterprise Virtualization Hypervisor hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were downloaded in an insecure way, that is, without properly validating SSL certificates during HTTPS connections. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, potentially gaining root access to the host being added to the Red Hat Enterprise Virtualization environment. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue.

tags | advisory, web, kernel, local, root, python
systems | linux, redhat
advisories | CVE-2012-0861
SHA-256 | 84796c777bb708049ce36a161e0ba33def3d4ed37f76e6574ef10904edf67aa8
Red Hat Security Advisory 2012-1491-01
Posted Dec 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1491-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way Netlink messages without SCM_CREDENTIALS data set were handled. When not explicitly set, the data was sent but with all values set to 0, including the process ID and user ID, causing the Netlink message to appear as if it were sent with root privileges. A local, unprivileged user could use this flaw to send spoofed Netlink messages to an application, possibly resulting in the application performing privileged operations if it relied on SCM_CREDENTIALS data for the authentication of Netlink messages.

tags | advisory, kernel, local, root, spoof
systems | linux, redhat
advisories | CVE-2012-0957, CVE-2012-2133, CVE-2012-3400, CVE-2012-3430, CVE-2012-3511, CVE-2012-3520, CVE-2012-4508, CVE-2012-4565
SHA-256 | 9fc196ee7e1a6d99be88df166bba11b7dfc2a6af8804a850b507161ce71b9c93
ManageEngine MSPCentral 9 Cross Site Request Forgery / Cross Site Scripting
Posted Dec 4, 2012
Authored by Cartel

ManageEngine MSPCentral version 9 suffers from cross site request forgery, insecure session cookies, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | b983739d5c9e6e3348d2323d71a796d500798b6a460b49fa2b179cee9582484f
Twitter SMS Spoofing
Posted Dec 4, 2012
Authored by Jonathan Rudenberg

Twitter is apparently vulnerable to an SMS spoofing vulnerability?

tags | advisory, spoof
SHA-256 | f68d4c349c7a270efa26fb68eb4ecbfe690dac850bc158eac09c4abf1aada8e9
Panda Internet Security Binary Planting
Posted Dec 4, 2012
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Panda Internet Security versions 2012 and 2013 suffer from a binary planting privilege escalation vulnerability.

tags | advisory
SHA-256 | bb5e0bc6193168eed57fb6bbfba969ff0bf9390984a659efaec285d1a2979727
Wirtualna Polska S.A. (WP) XSS / CSRF
Posted Dec 4, 2012
Authored by Jakub Zoczek

Wirtualna Polska S.A. (WP) suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 48204cff42f9e6114adbec6fc76d881ec3f74ff71b09eebcc19e175aaf50773f
Secunia Security Advisory 51456
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Kingcope has reported a vulnerability in SSH Tectia Server, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 60635631055ae2dafa997fbc0eb1ab54915b8238d93fc01eb0d738e7408b48b9
Secunia Security Advisory 51397
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
SHA-256 | 1974e25bc570504c384e578590a3f8b6428e458133cf83d3128607ea6676843d
Secunia Security Advisory 51483
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in RSA NetWitness Informer, which can be exploited by malicious people to conduct click-jacking and cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
SHA-256 | 878bdd7e8065c75a3e41d7635b804dd4f5e860f0fd14f3ea6c6506e45d85ff71
Secunia Security Advisory 51416
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for mysql-5.1. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to cause a DoS (Denial of Service) and potentially execute arbitrary code, and by malicious people to potentially compromise a vulnerable system.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, debian
SHA-256 | 5911ff79791ccbb8767593ad9ed93d096168dcded2b2f56fd47ba787dc462dcb
Secunia Security Advisory 50974
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Zhao Liang has discovered a vulnerability in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
SHA-256 | 27eee729b112897540ac8c42ad2fe2ab49b45bda7ed9092a058fcf0ab955493a
Secunia Security Advisory 51399
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in The Sleuth Kit, which can be exploited by malicious people to hide certain data.

tags | advisory
SHA-256 | 5316868bdb882e064ebc74fc3f8f9db1ce3f503aedc57f048dbceae5900c9d76
Secunia Security Advisory 51463
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Newscoop, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 2c4019000ff52a63f42e87c599ae4f4d56d88179b8884d446b2b40765374a461
Secunia Security Advisory 51142
Posted Dec 4, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matthew Joyce has discovered multiple vulnerabilities in ConcourseConnect, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
SHA-256 | a3812bbf3a4ed50502753925782835a7c267f64d518b1970a3d149b1804ee056
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close