Red Hat Security Advisory 2013-1514-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.
203782e1514ae70173db7465aa34b5d32fbd6c9a309ccfdb367d261433757054Ubuntu Security Notice 2028-1 - James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures.
88523e4f3d0fedc681e3244a1828a96d2b3216fd12a178efcd46a81d5a07f83bCall For Papers for Troopers 2014 - The conference will be held in Heidelberg, Germany from March 19th through the 20th, 2014.
56f21dc8abad7c1716e0a2a0e1512a411dcb020a50803e22d53460baf99135f5A design bug in X.509 certificate chain validation (RFC 3280) allows attackers to trigger (blind) HTTP requests for both external as well as internal IPs if a specially-crafted, S/MIME-signed email is opened in Microsoft Outlook. This issue, which has been originally reported in 2008, has been revisited and timing differences make it possible to identify open and closed ports on internal networks.
9365e6ebb217675995930a39307adaa0068c69e67328ec203f67fb4ba9ac8f00This bulletin summary lists 8 released Microsoft security bulletins for November, 2013.
2d5e42d213add7e7ac2fa2c2f036b27a1cd22dd1d34b18e03052b4e6d42b7bc9Red Hat Security Advisory 2013-1513-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The rhn-java-sat packages contain the code for the Java version of the Red Hat Network Satellite Web site. It was found that the web interface provided by Red Hat Network Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server.
6ce9f5234df93768d0306076740eb3189bc26545649424450d072d5f7cdb7b94Ubuntu Security Notice 2027-1 - Tomas Jamrisko discovered that SPICE incorrectly handled long passwords in SPICE tickets. An attacker could use this issue to cause the SPICE server to crash, resulting in a denial of service.
c9a1b85789ee48c343136198d9874457809c8249c234fe57da71674af1ccd40bjpeg6b and some of its optimized clones (e.g., libjpeg-turbo) will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
75281af87c2ac01e67120a1b37a4356f62199b948183ba8069556c239c29df05A vulnerability has been discovered in ZoneDirector controllers (ZD) which may allow an attacker to inject malicious code via controller's admin web interface. The attacker needs access to an authenticated admin session with ZD's web interface for carrying out this attack. Affected software includes versions 9.3.x, 9.4.x, 9.5.x, and 9.6.x.
62b972e7d6dbdf0c5f635f6e3a470a83f15461c4159ea625712a0156763d1448VideoSpirit Lite version 1.77 SEH buffer overflow exploit that creates a malicious visprj file.
2f806a028ae096fc6978400a3bb237a786e0fd936ec797193b1477ea38199e0eVideoSpirit Pro version 1.90 SEH buffer overflow exploit that creates a malicious visprj file.
a4beddfaf1f6831e6f2c80bbfc01786426cd51012e8ab075533aca32a1b80b73Fortianalyzer VM / appliance version 5.0.4 suffers from a cross site request forgery vulnerability.
34682053137037ed3f4ef50b114b8970e4f9d3260db32fdcb688f63e62a68a0bALLPlayer version 5.6.2 SEH buffer overflow exploit that creates a malicious .m3u file.
63cb1b6c0aa914118e2ef155698d941f056884e847fc41d16545171a90dd5421JunOS versions up to 11.4 (and possibly 12.1 and 12.3) suffer from a cross site scripting vulnerability.
69df81c751f416b7a8cb49c8a7c3377e212652b38602d1040877384fc67bc501Plogue Sforzando version 1.665 SEH buffer overflow proof of concept exploit.
5030ed687af9d04851f73881c1da274f56fa8d602554018f4dbaa86bbdcd6d32Beleth is a fast multi-threaded SSH password auditing tool. It out performs Ncrack and THC-Hydra in speed.
5174a1c94e6dfd742ba77e3649c4ef3caf16d50b2648337abc9629e9d4698c33This Metasploit module exploits a vulnerability found in WP Theme Kernel. By abusing the upload-handler.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
65f4c2c31ec8c1ea7ff40deb824d16c64f3f052a6e9c1a8ec1c3ec1f1cea8157This Metasploit module exploits a vulnerability found in WP Curvo Theme. By abusing the upload-handler.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
d2ee43b614a91e7fe733a6895cce75fdf5c2fd765821db8e7fc6e30e8a2031f4Provj version 5.1.5.8 buffer overflow proof of concept denial of service exploit that generates a malicious .m3u file.
d626a6a1226f337c74ee5be74c6f00c2b96ca7dd148919a687c76ead4b265c46This paper evaluates AddressSanitizer as a next generation memory corruption prevention framework. It provides demonstrable tests of problems that are fixed, as well as problems that still exist.
8245bb4a3851c5b9dd116e5ce5f16365b106f7cd68233e4a4905c1d4cf4e7e8a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed