Squid versions 3.2.5 and 3.2.7 suffer from denial of service vulnerabilities.
c4d06eea797394be5e8a7e5cea188dc34d63ef7dd3794c27bacc71050e6c43f5wdivulge is a tool designed to find and download hidden files from a webserver. This is most commonly pictures, but you can adjust the file definitions to bruteforce any type of file that you'd like. wdivulge technically falls under the definition of a web fusker.
29e6623de8a65649d70f952b6b3e9f12a7eefe3ca42b4b1101b33bdfcc5fc10bVarnish versions 2.1.5 and 3.0.3 suffer from multiple denial of service vulnerabilities.
0ee6066715ad8e1427da738bcb29812323a3edcb471e84fb029d2457ab8265a9This is a brief whitepaper about local file inclusion. Written in Turkish.
28720517dd3e3058b2aecac6522655212b0d51ec200c558888d093f85d7d4523This is a brief whitepaper about local file disclosure. Written in Turkish.
56cbc026695143074979253207e8d8e1efa0310ceab53834f7d371b310f0faabSamsung TVs suffer from a denial of service vulnerability.
22dd16acad9503df5830e173956c4a6b1253e1fe81df3d75e815832346856f90SIP Witch version 0.7.5 with libosip2-4.0.0 suffers from a NULL pointer dereference denial of service vulnerability.
0357bac6b7df26994440977542ae1d9cda8b64bfa51a8804b5459fcdb58e6ddaApache Subversion version 1.6.17 suffers from a denial of service vulnerability.
e9b34e60031efbc5447532dbe3d1f98c7abe97c43a721a45f4c089ca2632b2e5Mandriva Linux Security Advisory 2013-017 - A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. The updated packages have been upgraded to the 2.7.6 version and patched to correct this issue.
34b284fe798b5b0d153a18991515bc5539739d12335991c5a256cbe3ca760674Red Hat Security Advisory 2013-0596-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.2.3, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following security issues: It was found that Keystone failed to properly validate disabled user accounts, or user accounts associated with disabled tenants or domains, when Amazon Elastic Compute Cloud style credentials were in use. Such users could use this flaw to access resources they should no longer have access to.
a0eee1f003b97292b07495385b14bac708bd9b7275241a5fd85c12efc5671706Red Hat Security Advisory 2013-0594-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges.
9f2490ee8154f8499d8688cffe4c37458510ce2b6f0dd7b22a248dc90adb9169Red Hat Security Advisory 2013-0595-01 - PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof of concept installations and more complex multi-node installations. A flaw was found in PackStack. During manifest creation, the manifest file was written to /tmp/ with a predictable file name. A local attacker could use this flaw to perform a symbolic link attack, overwriting an arbitrary file accessible to the user running PackStack with the contents of the manifest, which could lead to a denial of service. Additionally, the attacker could read and potentially modify the manifest being generated, allowing them to modify systems being deployed using OpenStack.
12fbba0d6ed1516d9b1681746001aae8d690496cf1aa51d3f0d933f80c854867Ubuntu Security Notice 1755-1 - It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. It was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. Various other issues were also addressed.
fd1813b8a70a9be8697c148673b902f68c148dbdd12ab1ae7e74fb7ff68d27eeDebian Linux Security Advisory 2639-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
44e04eb86ca8316cfdb9a7e5bc5e0f9dbeeeb5318bc9c3ba26ffbcb190be3442BSides Las Vegas 2013 has announced its Call For Presenters. It will take place July 31st through August 1st, 2013 in Las Vegas, Nevada.
8b93d1b62fea8a3c06fa5e228ba30f2a346994d7c94b25f8add9f58a1b5f3f8b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed