seeing is believing
Showing 1 - 21 of 21 RSS Feed

Files Date: 2013-09-25

Debian Security Advisory 2764-1
Posted Sep 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2764-1 - Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats() function could lead to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-4296
MD5 | 7b8681ada8f617aa99b1276eea4e1d70
Cisco Security Advisory 20130925-rsvp
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device. The vulnerability is due to improper parsing of UDP RSVP packets. An attacker could exploit this vulnerability by sending UDP port 1698 RSVP packets to the vulnerable device. An exploit could cause Cisco IOS Software and Cisco IOS XE Software to incorrectly process incoming packets, resulting in an interface queue wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, udp, protocol
systems | cisco, osx
MD5 | 4077f6bb2b94bbbe4d3e54a5c5ff09af
Cisco Security Advisory 20130925-ike
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An attacker could exploit this vulnerability by sending crafted IKE packets to a device configured with features that leverage IKE version 1 (IKEv1). Although IKEv1 is automatically enabled on a Cisco IOS Software and Cisco IOS XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the vulnerability can be triggered only by sending a malformed IKEv1 packet. In specific conditions, normal IKEv1 packets can also cause an affected release of Cisco IOS Software to leak memory. Only IKEv1 is affected by this vulnerability. An exploit could cause Cisco IOS Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, protocol, memory leak
systems | cisco, osx
MD5 | 1d520310465bae68743df8679408ff03
Gentoo Linux Security Advisory 201309-19
Posted Sep 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-19 - A vulnerability in TPP might allow a remote attacker to execute arbitrary code. Versions less than 1.3.1-r2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2013-2208
MD5 | a013a475a0d975a4db18bff9a8f4af52
Red Hat Security Advisory 2013-1285-01
Posted Sep 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1285-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. This issue only affected systems using PKI tokens with the memcache or KVS token back ends.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-4294
MD5 | 6bce77da4db6e842b593f3fc94e8d883
Mandriva Linux Security Advisory 2013-241
Posted Sep 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-241 - The Crypt::DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. The updated packages have been patched to correct this issue.

tags | advisory, remote, perl, spoof
systems | linux, mandriva
advisories | CVE-2011-3599
MD5 | bcd440483fa2355a63fff0bc70fc1121
Gentoo Linux Security Advisory 201309-18
Posted Sep 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-18 - Multiple vulnerabilities have been found in libvirt, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0.5.1-r3 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0170, CVE-2013-1962
MD5 | b7effa2d9f1a35aee6c7ebfbf040ce91
Nodejs js-yaml load() Code Execution
Posted Sep 25, 2013
Authored by joev | Site metasploit.com

For node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package versions below 2.0.5, specifying a self-executing function allows us to execute arbitrary javascript code. This Metasploit module demonstrates that behavior.

tags | exploit, arbitrary, javascript
advisories | CVE-2013-4660
MD5 | 13ebdbf55dfc348a60df26ecc83b7575
Cisco Security Advisory 20130925-dhcp
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | 0296ead8b79cd9c939c22efd4c0e77cb
Gentoo Linux Security Advisory 201309-17
Posted Sep 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-17 - Multiple vulnerabilities have been discovered in Monkey HTTP Daemon, the worst of which could result in arbitrary code execution. Versions less than 1.2.2 are affected.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2013-2163, CVE-2013-3724, CVE-2013-3843
MD5 | f157ce1531ee82d1887c168ff678f729
Cisco Security Advisory 20130925-wedge
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service (DoS) scenario. The vulnerability is due to incorrect implementation of the T1/E1 driver queue. An attacker could exploit this vulnerability by sending bursty traffic through the affected interface driver. Repeated exploitation could cause a DoS condition. Workarounds to mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | a3cd9900b1430a07f32f5753c6453dfb
Mandriva Linux Security Advisory 2013-240
Posted Sep 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-240 - Multiple security vulnerabilities exist due to improper sanitation of user input in GLPI versions prior to 0.83.9, 0.83.91, and 0.84.2. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-2225, CVE-2013-2226, CVE-2013-5696
MD5 | 41be1e2f836b3cb0c46f96fce895df81
Cisco Security Advisory 20130925-ntp
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of multicast NTP packets that are sent to an affected device encapsulated in a Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message from a configured MSDP peer. An attacker could exploit this vulnerability by sending multicast NTP packets to an affected device. Repeated exploitation could result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 9ea2e951a11115f9756cb95a206c6cf3
Cisco Security Advisory 20130925-cce
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Zone-Based Firewall (ZBFW) component of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload. The vulnerability is due to improper processing of specific HTTP packets when the device is configured for either Cisco IOS Content Filtering or HTTP application layer gateway (ALG) inspection. An attacker could exploit this vulnerability by sending specific HTTP packets through an affected device. An exploit could allow the attacker to cause an affected device to hang or reload. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web
systems | cisco, ios
MD5 | 63b3e9e4770d283a84acf31a8fd6fe18
HP Security Bulletin HPSBMU02872 SSRT101185 2
Posted Sep 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02872 SSRT101185 2 - Potential security vulnerabilities have been identified with HP Service Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable to remote disclosure of information and cross site scripting (XSS). Revision 2 of this advisory.

tags | advisory, remote, web, vulnerability, xss
systems | windows
advisories | CVE-2012-5222, CVE-2013-2321
MD5 | 3ddef7a6a4a15ebd92790a44986a817d
Cisco Security Advisory 20130925-nat
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, ios
MD5 | 741e45c4d52050b82e669e36104c1821
X2CRM 3.4.1 Cross Site Scripting / Local File Inclusion
Posted Sep 25, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

X2CRM version 3.4.1 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2013-5692, CVE-2013-5693
MD5 | bb74395f6638b4f677b6eea07fae41f0
Cisco Security Advisory 20130925-ipv6vfr
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, ios
MD5 | 2a66f5c6c0311c433016daa6a1f2f2df
Zabbix 2.0.5 Password Leak
Posted Sep 25, 2013
Authored by Pablo Gonzalez, Chema Alonso, German Sanchez

Zabbix version 2.0.5 suffers from an issue where it allows for the disclosure of a user's password.

tags | advisory
advisories | CVE-2013-5572
MD5 | a0eaafd4e22f5a224387c8e47119c5cf
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
MD5 | 6aca173027c40771cf3490070e12b3b4
Suricata IDPE 1.4.6
Posted Sep 25, 2013
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: An SSL parsing issue was fixed (CVE-2013-5919). IPv6-in-IPv6 decoding was fixed. Bugs in the pattern matcher and content inspection were fixed. Logging of tagged packets was fixed.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2013-5919
MD5 | d2a5573f16eba95f1124d2f918742cb4
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close