Twenty Year Anniversary
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-01-16

Mandriva Linux Security Advisory 2014-006
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-006 - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-4520
MD5 | 196f9ac5a1fe1e8ef8635691a7cee4ed
Mandriva Linux Security Advisory 2014-005
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-005 - The TLS driver in ejabberd before 2.1.12 supports weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. The updated packages have been upgraded to the 2.1.13 version which is not vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-6169
MD5 | 614e9f62186f7195af7cf5edb2830ab7
Joomla Sexy Polling 1.0.8 SQL Injection
Posted Jan 16, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Joomla Sexy Polling extension version 1.0.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-7219
MD5 | 4901f6bf1b42a6f9d147cd5193b426f6
Ubuntu Security Notice USN-2083-1
Posted Jan 16, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2083-1 - It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1236, CVE-2014-0978, CVE-2014-1235, CVE-2014-1236
MD5 | 07da04fcbf5fb749f835315a30f1f5de
Mandriva Linux Security Advisory 2014-004
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi
systems | linux, mandriva
advisories | CVE-2013-7108, CVE-2013-7205
MD5 | 36ee9c14e0e6826f2f6d357a431cb2a9
Mandriva Linux Security Advisory 2014-003
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-003 - Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via $() shell metacharacters, which are processed by bash. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, shell, bash
systems | linux, mandriva
advisories | CVE-2013-1362
MD5 | c2e75a67f0485cae7aa0159ebec26d01
Mandriva Linux Security Advisory 2014-002
Posted Jan 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-002 - The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.4-P2 version which is unaffected by this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-0591
MD5 | d654a11c62b993ed685e9fcfc78dee54
Clam AntiVirus Toolkit 0.98.1
Posted Jan 16, 2014
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This release adds improved support for the Mac OS X platform, support for new file types, and quality improvements, including: Extraction, decompression, and scanning of files within the Extensible Archive (XAR)/Apple Disk Image (DMG) format. Decompression and scanning of files in the "Xz" compression format. Improvements and fixes to extraction and scanning of ole formats. An option to force all scanned data to disk. Various improvements to ClamAV configuration, support of third party libraries, and unit tests.
tags | tool, virus
systems | unix
MD5 | b1ec7b19dea8385954515ef1d63576d8
cryptmount Filesystem Manager 4.5
Posted Jan 16, 2014
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Loop-device setup was improved using the kernel's /dev/loop-control interface. Support for the TRIM/allow_discards option was added to support use on solid-state disks. Treatment of the run-time state was improved, moving files from /etc into /run.
tags | tool, kernel, encryption
systems | linux, unix
MD5 | 18efa3d3bfc1e1dbc2c266d9de34c983
SSLsplit 0.4.8
Posted Jan 16, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: This release adds experimental support for pf on Mac OS X, and adds support for pf divert-to on FreeBSD and OpenBSD. SSLsplit now removes headers advertising support for SPDY/QUIC from HTTP responses. Additionally, a number of segmentation faults, a memory leak, and a file descriptor leak have been fixed, greatly improving overall stability.
tags | tool, encryption
MD5 | 69599e796973e7c9a55f16b83b9626e7
Red Hat Security Advisory 2014-0030-01
Posted Jan 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0030-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416
MD5 | 2c0324e85b3a774b98a1cacf8a5c5dd5
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jan 16, 2014
Authored by ISC | Site security.freebsd.org

FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2014-0591
MD5 | b370f9795ad4a3cfcbc030be34cd42f8
Ajenti 1.2.13 Cross Site Scripting
Posted Jan 16, 2014
Authored by Project Zero Labs

Ajenti version 1.2.13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a56777008d66c21bde88ed991396d712
Drupal Anonymous Posting 7.x Cross Site Scripting
Posted Jan 16, 2014
Authored by drikc | Site drupal.org

Drupal Anonymous Posting third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | cf871a1b4ca6eb3b15327f2019eeec1b
Drupal 6.x / 7.x Impersonation / Access Bypass / Hardening
Posted Jan 16, 2014
Authored by David Rothstein, Damien Tournoud, Christian Mainka, Matt Vance, Vladislav Mladenov | Site drupal.org

Drupal core versions 6.x and 7.x suffer from impersonation, access bypass, and security hardening vulnerabilities.

tags | advisory, vulnerability
MD5 | 03a3de5308fdaffa7f351ff78bd4bda2
DomPHP 0.83 SQL Injection
Posted Jan 16, 2014
Authored by Houssamix

DomPHP versions 0.83 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8df95832bf0c638d9bb82bbff1c230bd
Y! Toolbar Cross Site Scripting
Posted Jan 16, 2014
Authored by David Hoyt

A local stored cross site scripting vulnerability affects Y! Toolbar for FireFox on MAC version 3.1.0.20130813024103 and Windows version 2.5.9.2013418100420.

tags | advisory, local, xss
systems | windows
advisories | CVE-2013-6853
MD5 | 0862e2aa10ac29fb2e0985cfec8b463e
Spring JavaScriptUtils.javaScriptEscape() Escape Failure
Posted Jan 16, 2014
Authored by Pivotal Security Team

The JavaScriptUtils.javaScriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in a cross site scripting vulnerability. Spring MVC versions 3.0.0 through 3.2.1 are affected.

tags | advisory, xss
advisories | CVE-2013-6430
MD5 | 7f8e24b87327b778c2e67cacf4da863f
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close