what you don't know can hurt you
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-04-03

Ubuntu Security Notice USN-2161-1
Posted Apr 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2161-1 - Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-6393, CVE-2014-2525
MD5 | 09442a8a9385a2d62d158801e2ef9c8b
HP Security Bulletin HPSBHF02981
Posted Apr 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02981 - A potential security vulnerability has been identified in HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4). The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-4786
MD5 | a4fa52f6f7a3322e0e7ee5122a6ab872
Lynis Auditing Tool 1.4.9
Posted Apr 3, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds supporting links to the control documentation. This way, findings can be shortened in future releases for better output display. A new test has been added to detection of the Linux I/O scheduler. Test AUTH09208 has been extended to find non-unique accounts on more platforms. A minor display error for PAM modules was adjusted to properly display the status.
tags | tool, scanner
systems | unix
MD5 | 30675b2d139d44d0a72174a0aa9390ac
CA Erwin Web Portal 9.5 Directory Traversal
Posted Apr 3, 2014
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal version 9.5. The vulnerabilities occur due to insufficient path verification. A remote unauthenticated attacker can use directory traversal attacks to gain sensitive information, cause a denial of service condition, gain additional access, or potentially execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
advisories | CVE-2014-2210
MD5 | d6b8a3c1960050898c12c57a99cd6c82
Red Hat Security Advisory 2014-0374-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0374-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.2.1 serves as a replacement for Red Hat JBoss Data Grid 6.2.0. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-7285
MD5 | a29377010208bc9b22c479ed22606b8b
Private Photo+Video 1.1 Pro Cross Site Scripting
Posted Apr 3, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Private Photo+Video version 1.1 Pro for iOS suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
MD5 | c784c535a5df9b7cb22c27a94e86c620
MA Lighting Technology grandMA onPC 6.808 Denial Of Service
Posted Apr 3, 2014
Authored by LiquidWorm | Site zeroscience.mk

MA Lighting Technology grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.

tags | exploit, remote, denial of service, tcp
MD5 | 1108c6840c4eb5413bc3be1fbc85a80f
FortiADC 3.2 Cross Site Scripting
Posted Apr 3, 2014
Authored by William Costa

FortiADC version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2f4d26387af309963b0adef8d43ccdf5
Red Hat Security Advisory 2014-0373-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0373-01 - JBoss Web Server is an enterprise ready web server designed for medium and large applications, and is based on Tomcat. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications. Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications.

tags | advisory, java, web, cgi, php, file upload
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0050
MD5 | a9efdc53a6f8acc17a2647204d97dd66
Red Hat Security Advisory 2014-0372-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0372-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.1 serves as a replacement for Red Hat JBoss BRMS 6.0.0, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-5245, CVE-2012-0818, CVE-2013-1624, CVE-2013-6468, CVE-2013-7285, CVE-2014-0002, CVE-2014-0003
MD5 | dbc024bd394239725dc86e53e19156cc
Ubuntu Security Notice USN-2160-1
Posted Apr 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2160-1 - Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-2525
MD5 | 63f62cd936b622ba5ebda4adab175c30
Red Hat Security Advisory 2014-0371-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0371-01 - Red Hat JBoss BPM Suite is a business rules management system for the management, storage, creation, modification, and deployment of JBoss rules. This release of Red Hat JBoss BPM Suite 6.0.1 serves as a replacement for Red Hat JBoss BPM Suite 6.0.0, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-5245, CVE-2012-0818, CVE-2013-1624, CVE-2013-6468, CVE-2013-7285, CVE-2014-0002, CVE-2014-0003
MD5 | 151fe7081c7a209ab8185d64114e704a
Red Hat Security Advisory 2014-0370-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0370-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
MD5 | 8baff6b83c31ff9f45a040f90063aac3
Red Hat Security Advisory 2014-0369-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0369-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
MD5 | cb1770ba51d30f6053a078c3e6553066
ibstat $PATH Privilege Escalation
Posted Apr 3, 2014
Authored by Kristian Hermansen, Kostas Lintovois, Sagi Shahar | Site metasploit.com

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary "ibstat".

tags | exploit
advisories | CVE-2013-4011, OSVDB-95420
MD5 | 1dfc4547a5d9971ca937b83526c7a040
Sysdig Exploration Tool
Posted Apr 3, 2014
Authored by Loris Degioanni | Site sysdig.org

Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace. It then "packetizes" this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing. Sysdig is also packed with a set of scripts that make it easier to extract useful information and do troubleshooting.

tags | tool, kernel
systems | linux
MD5 | e9d58399f2dc0d974a0a72a7ab4ef0e2
Microsoft Outlook 2007 - 2013 Denial Of Service
Posted Apr 3, 2014
Authored by Lubomir Stroetmann

Microsoft Outlook versions 2007 through 2013 suffer from a denial of service vulnerability.

tags | advisory, denial of service
MD5 | a657366d7c597e3fbeedd82f8e5e0f55
Red Hat Security Advisory 2014-0368-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0368-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6391, CVE-2014-2237
MD5 | 4caf07163182a46f6b9d4ace354502c4
Red Hat Security Advisory 2014-0367-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0367-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-0006
MD5 | e2cd320790dc734002825a98bd557986
Red Hat Security Advisory 2014-0366-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0366-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A flaw was found in the way the libvirt driver handled short-lived disk back-up files on Compute nodes. An authenticated attacker could use this flaw to create a large number of such files, exhausting all available space on Compute node disks, and potentially causing a denial of service. Note that only Compute setups using the libvirt driver were affected.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2013-4497, CVE-2013-7048, CVE-2013-7130
MD5 | 7d8c3e628f3ba6de985eeb38467154cd
Red Hat Security Advisory 2014-0365-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0365-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was found in the way OpenStack Dashboard sanitized the Instance Name string. By embedding HTML tags in an Instance Name, a remote attacker could use this flaw to execute a script within a victim's browser, resulting in a cross-site scripting attack. Note that only setups using OpenStack Dashboard were affected.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2013-6858
MD5 | 8eecb8d31733e29200d7aeb6e1489a20
Red Hat Security Advisory 2014-0364-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0364-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-6393, CVE-2014-2525
MD5 | a19f85bf4086b9e8aeee3563bcd0a0cb
Oracle Identity Manager 11g R2 SP1 Unvalidated Redirect
Posted Apr 3, 2014
Authored by Giuseppe D'Amore

Oracle Identity Manager version 11g R2 SP1 (11.1.2.1.0) suffers from an unvalidated redirect vulnerability.

tags | exploit
MD5 | 8667ff7bf9c9589fef38c369c60bc05e
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close