what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-02-13

Ubuntu Security Notice USN-2098-2
Posted Feb 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2098-2 - USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
MD5 | 44081363639f26dfaa0520a3637a9579
Red Hat Security Advisory 2014-0171-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0171-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
MD5 | 776352f2549a45ad78644c953b9a3d21
Red Hat Security Advisory 2014-0170-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0170-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
MD5 | ee604c9d3cc9c594e66e8dfff232954e
OATH Toolkit 2.4.1
Posted Feb 13, 2014
Site nongnu.org

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

Changes: This release fixes a usersfile bug which caused it to update the wrong line and fixes a security vulnerability (CVE-2013-7322).
tags | tool
systems | unix
advisories | CVE-2013-7322
MD5 | 951bafd1d86e6013903c10be3b6623bb
Easy CD-DA Recorder PLS Buffer Overflow
Posted Feb 13, 2014
Authored by chap0, juan vazquez, Gabor Seljan | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow vulnerability in Easy CD-DA Recorder 2007, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .PLS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

tags | exploit, remote, overflow, arbitrary
systems | windows, xp, 7
advisories | CVE-2010-2343, OSVDB-65256
MD5 | 376de336192b9af6fee2d641a86dcde3
IPT_PKD Iptables Port Knocking Detection 1.11
Posted Feb 13, 2014
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: Updated to work with iptables 1.4.21 and Linux kernels up to 3.10. The procfs entry was turned off in kernels 3.7 and above. For older kernels, it is now /proc/ipt_pkd/stats. knock.py was switched to be a loadable module that can be imported into other Python scripts.
tags | tool, kernel, udp, firewall
systems | linux
MD5 | 0fe993f66dd7f0e70a5c511984e114ca
Drupal Commons 7.x Cross Site Scripting
Posted Feb 13, 2014
Authored by Jakob Perry, Grant Gaudet | Site drupal.org

Drupal Commons third party distribution version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 306f45e3388260af873f5a87177dc6ed
CA 2E Web Option 8.1.2 Privilege Escalation / Denial Of Service
Posted Feb 13, 2014
Authored by Mike Emery | Site portcullis-security.com

CA 2E Web Option version 8.1.2 suffers from an unauthenticated privilege escalation vulnerability that can allow for a denial of service condition.

tags | exploit, web, denial of service
advisories | CVE-2014-1219
MD5 | ed5d16207364a568fcf5f4c669f80c35
NetGear DGN2200 N300 CSRF / Disclosure / Command Execution
Posted Feb 13, 2014
Authored by Andrew Horton (urbanadventurer)

NetGear DGN2200 N300 Wireless ADSL2+ Modem Router with firmware version 1.0.0.36-7.0.37 suffers from command injection, cross site request forgery, insecure configuration, cleartext password storage, information disclosure, and other vulnerabilities.

tags | exploit, vulnerability, info disclosure, csrf
MD5 | dc7d35c6eedc197bbf853f0709f5c4f7
Debian Security Advisory 2850-2
Posted Feb 13, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2850-2 - The security update released in DSA-2850-1 for libyaml introduced a regression in libyaml failing to parse a subset of valid yaml documents.

tags | advisory
systems | linux, debian
MD5 | e49ccdc7d0fb6dccbdc48af420b1d348
Mandriva Linux Security Advisory 2014-027
Posted Feb 13, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-027 - A heap overflow vulnerability has been addressed in imagecrop() in php. The updated php packages have been upgraded to the 5.5.9 version which is not vulnerable to this issue. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.9. The libmbfl packages has been synced with the changes as of php-5.5.9 and the onig packages has been upgraded to the 5.9.5 version.

tags | advisory, overflow, php
systems | linux, mandriva
advisories | CVE-2013-7226
MD5 | 0ef207bdfc00c10e078f89a9ec9af5a6
Red Hat Security Advisory 2014-0164-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0164-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437
MD5 | fd9d0cd44eb511f61f942275a6c717d4
Ubuntu Security Notice USN-2104-1
Posted Feb 13, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2104-1 - Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6441
MD5 | a21b19652dc680302b2ffa6fe73611f8
Red Hat Security Advisory 2014-0163-01
Posted Feb 13, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0163-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller implementation. A privileged guest user could use this flaw to crash the host. A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2013-6367, CVE-2013-6368
MD5 | ae6730bc03062ad3eb08ed61b2da7cde
Mandriva Linux Security Advisory 2014-026
Posted Feb 13, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-026 - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-4449
MD5 | aa1b3aab91cacf517d47b5179485cef6
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close