what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2013-05-16

RSA SecurID Sensitive Information Disclosure
Posted May 16, 2013
Site emc.com

The node secret in various RSA products was stored using an encryption key and encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications.

tags | advisory
advisories | CVE-2013-0941
SHA-256 | ec2e53ead8f95b16862d03dec8d43560ce99aebd13724101d98dc9ab2a022eba
EMC VNX / Celerra Control Station Privilege Escalation
Posted May 16, 2013
Authored by Doug DePerry | Site emc.com

A vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.

tags | advisory
advisories | CVE-2013-3270
SHA-256 | 61f490788c1fe52f910e20b8939b8105eaae8a31ecc8dcc9109db760deb50fbc
Ubuntu Security Notice USN-1831-1
Posted May 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1831-1 - Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2096
SHA-256 | 10835c54fdf5939edf3ccaed8afc4356c8a46db6c60df83bf554c2037f70199c
Red Hat Security Advisory 2013-0831-01
Posted May 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0831-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services until libvirtd is restarted.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1962
SHA-256 | 58872bfdc65710ce6f27abe5f80750a55ab6c0365a5514c43bce5a86364a1f81
Ubuntu Security Notice USN-1830-1
Posted May 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1830-1 - Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-2059
SHA-256 | 38838c5ed78fd69e0eaf7bf0a4e219d724788214094082f438bf80465530746a
Red Hat Security Advisory 2013-0830-01
Posted May 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-2094
SHA-256 | e1ba7d97c796e3728e54bbe5dc6f6585c52bd5bbc310c337a723147e6569a753
No cON Name 2013 Call For Papers
Posted May 16, 2013
Authored by No cON CFP | Site noconname.org

Call For Papers for the No cON Name 2013 conference. It will be held in Barcelona, Spain, from November 1st through the 2nd, 2013.

tags | paper, conference
SHA-256 | f2ed55ac7f40b715e2b64d348fd0e038de9ac3ad20e4a1d2268cbb3bb8b5c757
Apple iOS In The Workplace
Posted May 16, 2013
Authored by Russ Spooner | Site portcullis-security.com

This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.

tags | paper
systems | apple
SHA-256 | 2fb5854499fe79eb23aa158b159d2436c11cb67f5adf2372588353dbbffed11d
Ubuntu Security Notice USN-1829-1
Posted May 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1829-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6549, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-2634, CVE-2012-6549, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-2634
SHA-256 | 30065b53ddbc5e3d5f60eb0248680ae22ae7dea007129944316fa5c56d25a3b9
Slackware Security Advisory - mozilla-thunderbird Updates
Posted May 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 7a1e617d18c6f22fa5f90a3098add6003baa0af42b8affb67d6bd5048a7dc3ca
Slackware Security Advisory - mozilla-firefox Updates
Posted May 16, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 84aa8f94c67d69fe136235bcfb4c4057feb9a3ffaed64cd80ce46e1e19c964eb
Debian Security Advisory 2669-1
Posted May 16, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301
SHA-256 | bcfe3afbb4182656ff4cebf2d30b08f1bd994ad473bc4830c1ed33aa786d930e
HTML 5 Good Practice Guide
Posted May 16, 2013
Authored by Tim Brown | Site portcullis-security.com

This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.

tags | paper
SHA-256 | e3b7da92b117e655d18a4b2e648cd4ef9db4d3e700ec2c3b40f6234edae3ba09
Mutiny 5 Arbitrary File Upload
Posted May 16, 2013
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.

tags | exploit, web, arbitrary, root, code execution, file upload
advisories | CVE-2013-0136
SHA-256 | 01d6456aa6f66c843f950a3e95e6b90c8d0c5ec0cde800f6939a9ede83195de8
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close