seeing is believing
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-05-16

RSA SecurID Sensitive Information Disclosure
Posted May 16, 2013
Site emc.com

The node secret in various RSA products was stored using an encryption key and encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications.

tags | advisory
advisories | CVE-2013-0941
MD5 | aa93da7ec23c1eb57fcf8e9e3d4836c3
EMC VNX / Celerra Control Station Privilege Escalation
Posted May 16, 2013
Authored by Doug DePerry | Site emc.com

A vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.

tags | advisory
advisories | CVE-2013-3270
MD5 | f288fa1145143aa5ddc94d8b28db24b4
Ubuntu Security Notice USN-1831-1
Posted May 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1831-1 - Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2096
MD5 | e82abfcead537fff44e6ad855f77d37a
Red Hat Security Advisory 2013-0831-01
Posted May 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0831-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services until libvirtd is restarted.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1962
MD5 | 85f3fdaf74deffdfc7fd121735ba6287
Ubuntu Security Notice USN-1830-1
Posted May 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1830-1 - Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-2059
MD5 | 82566ef97744d2710d8171d67427267b
Red Hat Security Advisory 2013-0830-01
Posted May 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
MD5 | 7bb6dc79bc8e7ab3006a4f2c7b088e28
No cON Name 2013 Call For Papers
Posted May 16, 2013
Authored by No cON CFP | Site noconname.org

Call For Papers for the No cON Name 2013 conference. It will be held in Barcelona, Spain, from November 1st through the 2nd, 2013.

tags | paper, conference
MD5 | c5f2777c4f07f203ffb5ba99626e3fec
Apple iOS In The Workplace
Posted May 16, 2013
Authored by Russ Spooner | Site portcullis-security.com

This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.

tags | paper
systems | apple
MD5 | b36063ebf62406da23afbad2ef455be1
Ubuntu Security Notice USN-1829-1
Posted May 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1829-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6549, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-2634, CVE-2012-6549, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-2634
MD5 | ff3a0e9be566d64fd676635ebcfc874b
Slackware Security Advisory - mozilla-thunderbird Updates
Posted May 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | bfc33a0a53127ca7ded55c5f0c3c05ab
Slackware Security Advisory - mozilla-firefox Updates
Posted May 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 957faf1bb4d106c6a10bb8aad6256832
Debian Security Advisory 2669-1
Posted May 16, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301
MD5 | e762497d8e6cf9758f4005bbd356f707
HTML 5 Good Practice Guide
Posted May 16, 2013
Authored by Tim Brown | Site portcullis-security.com

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.

tags | paper
MD5 | 419f5768fc2814c6e1eeaa774ba42148
Mutiny 5 Arbitrary File Upload
Posted May 16, 2013
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.

tags | exploit, web, arbitrary, root, code execution, file upload
advisories | CVE-2013-0136
MD5 | bcc22eb78076b724aa40a0672ea3118a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close