HP Security Bulletin HPSBMU02902 2 - A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI. The vulnerability could allow authentication bypass. Revision 2 of this advisory.
23d095d23f55e5c9a2c9a75fd6f55e9bRed Hat Security Advisory 2013-1166-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash.
9d28e7559e20553180abb7781f1f8af4Ubuntu Security Notice 1936-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.
3b21dc94da4abaa05cfa6345172f84cdUbuntu Security Notice 1935-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.
151b80459d636052139abc39fddf9beaUbuntu Security Notice 1931-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.
15c24492c1d0f01c26bfa7d51e43af19Ubuntu Security Notice 1930-1 - An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
19b639375a3d1a7f739416ce5b3cde11Ubuntu Security Notice 1929-1 - An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory.
aae7e94ff4b878290ff3c328500a024bUbuntu Security Notice 1932-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.
abbb2222ae51b661d1e9433776938d9dUbuntu Security Notice 1934-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Kees Cook discovered a format string vulnerability in the Linux kernel's disk block layer. A local user with administrator privileges could exploit this flaw to gain kernel privileges. Various other issues were also addressed.
3a579a1211115300ee360558accf48adUbuntu Security Notice 1933-1 - Chanam Park reported a Null pointer flaw in the Linux kernel's Ceph client. A remote attacker could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the Linux kernel's fanotify interface. A local user could exploit this flaw to obtain sensitive information from kernel memory. Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. Various other issues were also addressed.
573bcd01d87474e732e2807d4422598bThis whitepaper analyzes the extent of infection, business risk, data exposure, and more in regards to the malware known as VBS/Jenxcus.A.
e8f667fd47ee9fff424c5b1fe5f11ee5RSA Authentication Agent for PAM version 7.0.2 and prior relied on the PAM-enabled application to restrict the number of login attempts that may be made via the agent, rather than natively enforcing such restriction.. This may allow attackers to carry brute-force attacks against the vulnerable systems. RSA Authentication Agent for PAM 7.0.2.1 and 7.1 and later support Exponential Backoff feature that is designed to mitigate this vulnerability.
d42f64ee802b05aa7a7e19e89a949a31Samsung DVRs put usernames and passwords base64 encoded into cookies. They also fail to validate the cookies in many places, so any values work, allowing for authentication bypass. A proof of concept exploit that lists all users and passwords is included.
2b4dcb70387cbebcb1fc92c1e2470d57ZedLog is a robust cross-platform input logging tool (or key logger). It is based on a flexible data logging system which makes it easy to get the required data. It captures all keyboard and mouse events, has a full GUI, and supports logging to a file and basic hiding.
a5bd0021f0467160da984e7030099128HP Security Bulletin HPSBUX02922 SSRT101305 - Potential security vulnerabilities have been identified in Java5 Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
ed176f0f1f69582b9cb05a4ebd039d80Multiple buffer overflows and a race condition was discovered in NAS version 1.9.3
bdc95b52146e98c1147378f55a2740e3Bo-Blog version 2.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
ad3a89139420c4fb38aad074bef3977fPCMAN FTP version 2.07 suffers from a buffer overflow vulnerability.
db645d5c87b995cf54b597ff25eeaf9c
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed