what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-10-01

PDFCool Studio Buffer Overflow
Posted Oct 1, 2013
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Core Security Technologies Advisory - PDFCool Studio Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted PDF file (client-side attack). PDFAX0722_IconCool.dll version 7.22.1125.2121 is affected.

tags | advisory, remote, arbitrary
advisories | CVE-2013-4986
SHA-256 | 323c5add9641831fed5532e2a6ac9c1a00b8d2ddeb873e0a1b86fff6cb87a4be
Rooted CON 2014 Call For Papers
Posted Oct 1, 2013
Site rootedcon.es

RootedCON 2014 Call For Papers - RootedCON is a security congress that will take place between March 6th to the 8th, 2014 in Madrid (Spain). With an estimated capacity of about 1000 people, is one of the largest specialized conferences that take place in the country and one of the largest in Europe, with attendees profiles ranging from students, state forces, to professionals within security market in IT or simply technology enthusiasts.

tags | paper, conference
SHA-256 | 9f810e96b672a49c4f7f33044027e0c4e4589d954199a74e9d6155dd79675073
Ubuntu Security Notice USN-1985-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1985-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
SHA-256 | 0f366392969f20155d45311d551bc121f8cca2af29a02d07e5e1e546d84e407f
Ubuntu Security Notice USN-1983-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1983-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
SHA-256 | 9ab7514520e21d4cb81b76c6be2121d9d8ecc991fae05d293e5e8061b9f84a2a
Ubuntu Security Notice USN-1984-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1984-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
SHA-256 | c673c920639adac95e57596bc8aab64ff8ca0183257ddb8017aaad829ee17e9a
Ubuntu Security Notice USN-1982-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1982-1 - Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2013-4238
SHA-256 | bc6597611282dc3a251d61da8083bd226403c9d6532f0fcc3ca5d47ce5ee0b7e
Ubuntu Security Notice USN-1986-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1986-1 - Hamid Zamani discovered multiple security issues in the Network Audio System (NAS) server. An attacker could possibly use these issues to cause a denial of service or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-4256, CVE-2013-4257
SHA-256 | e69af382d95bfcbe086efae15984d595df5fbd3d8bee8f991759b4a3dfc02778
Red Hat Security Advisory 2013-1294-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1294-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4284
SHA-256 | 863a860708a79179285b4d30836d74e035da527e520bef60b085acc522a7adec
Red Hat Security Advisory 2013-1399-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1399-01 - In accordance with the Red Hat Enterprise MRG Life Cycle policy, the Red Hat Enterprise MRG products, which include the MRG-Messaging, MRG-Realtime, and MRG-Grid, Version 1 and Version 2 offerings for Red Hat Enterprise Linux 5 will be retired as of March 31, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid on Red Hat Enterprise Linux 5 after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided for these products on Red Hat Enterprise Linux 5 after March 31, 2014.

tags | advisory
systems | linux, redhat
SHA-256 | 1a07477f78cf34bf4ed77d392775bbd9c2566da699aee98691cec0f9546f719d
Red Hat Security Advisory 2013-1295-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1295-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4284
SHA-256 | d9d2f9615620e1c143f385fe575ddaebf9bb0002d0f65c958533009a2d2441b5
Red Hat Security Advisory 2013-1323-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1323-01 - Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon, by inserting a specially-crafted smart card.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2010-4530
SHA-256 | 2da3fa4fe75ef1c976d5c6c383db8f8320ad377a63cade41ec75485fe33e2286
Red Hat Security Advisory 2013-1310-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1310-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
SHA-256 | e69591f6034a9eb52e597ccf7c3fb76cdd24eea4c83d5ed81e5a7e8a17ef3a95
Red Hat Security Advisory 2013-1307-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1307-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks.

tags | advisory, remote, web, php
systems | linux, redhat
advisories | CVE-2006-7243, CVE-2011-1398, CVE-2012-0831, CVE-2012-2688, CVE-2013-1643, CVE-2013-4248
SHA-256 | 329966a55bfeee91b34efdf6e4c6fdb40fa5bff4b1c4705ad759326610acb9fd
Red Hat Security Advisory 2013-1319-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1319-01 - SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user.

tags | advisory, remote, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2013-0219
SHA-256 | 68634b43e7aee4755426c826c0975dcc8942e7311527465241566e06d2153a51
Red Hat Security Advisory 2013-1348-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1348-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-4398
SHA-256 | d448f19336e43060f6ea012ad8b6ad5fc6b42872a884e53f7da36f8c5ae39de4
Red Hat Security Advisory 2013-1302-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1302-01 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0862
SHA-256 | 27581daef8415d493d1a3cd28c9fceefe72fcf600211fea0dc86214e4e7eb768
Red Hat Security Advisory 2013-1353-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1353-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2013-1775, CVE-2013-1776, CVE-2013-2776
SHA-256 | f25bdd3057f827733e856a4ea89cd02628b34925763720a3735ef6bbeabeddf3
UniCredit Bank Cross Site Request Forgery / Cross Site Scripting / Shell Upload
Posted Oct 1, 2013
Authored by Juan Carlos Garcia

UniCredit Bank suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities. They have not responded to the authors notifications.

tags | exploit, remote, shell, vulnerability, xss, csrf
SHA-256 | 4b24c6a6204b07ab95aaa3e329aadafb43c09c8b0febd049f499b640d5f76727
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close