what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-04-03

Ubuntu Security Notice USN-2161-1
Posted Apr 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2161-1 - Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled certain large YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause libyaml-libyaml-perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-6393, CVE-2014-2525
SHA-256 | 40ba76175d55d2cd3a01708a25f19c6fad7553363aaf45f025c92809f7375e03
HP Security Bulletin HPSBHF02981
Posted Apr 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02981 - A potential security vulnerability has been identified in HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4). The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-4786
SHA-256 | 5ea0494629de01edae0a6065171716d3b43bdb84b9247ee48f2b98599d24cad6
Lynis Auditing Tool 1.4.9
Posted Apr 3, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds supporting links to the control documentation. This way, findings can be shortened in future releases for better output display. A new test has been added to detection of the Linux I/O scheduler. Test AUTH09208 has been extended to find non-unique accounts on more platforms. A minor display error for PAM modules was adjusted to properly display the status.
tags | tool, scanner
systems | unix
SHA-256 | bb059b58acc01bcb7eab1444c843d035121f4df8e7ef1df3e0656692412e1287
CA Erwin Web Portal 9.5 Directory Traversal
Posted Apr 3, 2014
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal version 9.5. The vulnerabilities occur due to insufficient path verification. A remote unauthenticated attacker can use directory traversal attacks to gain sensitive information, cause a denial of service condition, gain additional access, or potentially execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
advisories | CVE-2014-2210
SHA-256 | 1fa77a7f3fc523298c5d236fa24d1b5a144393aef591858b7d37f886f4712e9c
Red Hat Security Advisory 2014-0374-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0374-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.2.1 serves as a replacement for Red Hat JBoss Data Grid 6.2.0. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-7285
SHA-256 | 4fcf60b8261c41c040f82fb1df7b3976a270c863be2321569e155eae8c02a69e
Private Photo+Video 1.1 Pro Cross Site Scripting
Posted Apr 3, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Private Photo+Video version 1.1 Pro for iOS suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
SHA-256 | 598bdc7413cd5595a64c028dabcb486616f1987e973aaa097b25e4d3c51e5c1b
MA Lighting Technology grandMA onPC 6.808 Denial Of Service
Posted Apr 3, 2014
Authored by LiquidWorm | Site zeroscience.mk

MA Lighting Technology grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.

tags | exploit, remote, denial of service, tcp
SHA-256 | 1d85de1ce8040c6d45a103d51029790fa8c1838d9264532526cc629595516360
FortiADC 3.2 Cross Site Scripting
Posted Apr 3, 2014
Authored by William Costa

FortiADC version 3.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 30f1d853ff50f0ccf128b6b78ca4b1fafbe53ac7827269ea0926ae1f3c959168
Red Hat Security Advisory 2014-0373-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0373-01 - JBoss Web Server is an enterprise ready web server designed for medium and large applications, and is based on Tomcat. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications. Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications.

tags | advisory, java, web, cgi, php, file upload
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0050
SHA-256 | 2c709527d60e25bda2422d453c660f6900578eae1644bbfb89c6ec9545133888
Red Hat Security Advisory 2014-0372-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0372-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.1 serves as a replacement for Red Hat JBoss BRMS 6.0.0, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-5245, CVE-2012-0818, CVE-2013-1624, CVE-2013-6468, CVE-2013-7285, CVE-2014-0002, CVE-2014-0003
SHA-256 | 577002c736b2df2c0050d3e19a92808a039cee26aa4b4c483da50f9877b40914
Ubuntu Security Notice USN-2160-1
Posted Apr 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2160-1 - Ivan Fratric discovered that LibYAML incorrectly handled certain malformed YAML documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-2525
SHA-256 | 3509d711f01e385958d4ad94df9fc129682d708e1738cb2c9a240bb5354d1c45
Red Hat Security Advisory 2014-0371-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0371-01 - Red Hat JBoss BPM Suite is a business rules management system for the management, storage, creation, modification, and deployment of JBoss rules. This release of Red Hat JBoss BPM Suite 6.0.1 serves as a replacement for Red Hat JBoss BPM Suite 6.0.0, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-5245, CVE-2012-0818, CVE-2013-1624, CVE-2013-6468, CVE-2013-7285, CVE-2014-0002, CVE-2014-0003
SHA-256 | 99885327df8a85809381376bd6e2bb53cdb5341de4df4c673c82671d34d1a452
Red Hat Security Advisory 2014-0370-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0370-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
SHA-256 | 23c24f50fdf21ed836e93f9e4ec870aa900cb7955737b9c8d2d63e617c9d99ef
Red Hat Security Advisory 2014-0369-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0369-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-6438, CVE-2014-0098
SHA-256 | 48cf3598512a313242cb90a3736d7889382e931ae4d7eb28d6afcccddcb006f7
ibstat $PATH Privilege Escalation
Posted Apr 3, 2014
Authored by Kristian Hermansen, Kostas Lintovois, Sagi Shahar | Site metasploit.com

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary "ibstat".

tags | exploit
advisories | CVE-2013-4011, OSVDB-95420
SHA-256 | 51da38d4ecfc882e0f9edee386884cfd71707197a3535e673abb6fa3c9ec49db
Sysdig Exploration Tool
Posted Apr 3, 2014
Authored by Loris Degioanni | Site sysdig.org

Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace. It then "packetizes" this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing. Sysdig is also packed with a set of scripts that make it easier to extract useful information and do troubleshooting.

tags | tool, kernel
systems | linux
SHA-256 | 5a4efb7887fccb3234190f76ab4e2322de7ea159f7ddf7d44de14a91b6f207a3
Microsoft Outlook 2007 - 2013 Denial Of Service
Posted Apr 3, 2014
Authored by Lubomir Stroetmann

Microsoft Outlook versions 2007 through 2013 suffer from a denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 6eca607c56b006c4f7b78e49106b52630cdb96b46ad746d45698cc710486021e
Red Hat Security Advisory 2014-0368-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0368-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-6391, CVE-2014-2237
SHA-256 | 664967c649f1a950ab8e7192f7523f64c4e422717a57fbd90fe666ab47fb3976
Red Hat Security Advisory 2014-0367-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0367-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-0006
SHA-256 | 78f1b540c0c847a43548ff429db2dc3a092e9d896f17cfe1e4093716cabd0252
Red Hat Security Advisory 2014-0366-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0366-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. A flaw was found in the way the libvirt driver handled short-lived disk back-up files on Compute nodes. An authenticated attacker could use this flaw to create a large number of such files, exhausting all available space on Compute node disks, and potentially causing a denial of service. Note that only Compute setups using the libvirt driver were affected.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2013-4497, CVE-2013-7048, CVE-2013-7130
SHA-256 | 47ba1801dc83624fbf50ee613dc304783f073a7e15da7d1c8b3e00d2c2e29650
Red Hat Security Advisory 2014-0365-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0365-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was found in the way OpenStack Dashboard sanitized the Instance Name string. By embedding HTML tags in an Instance Name, a remote attacker could use this flaw to execute a script within a victim's browser, resulting in a cross-site scripting attack. Note that only setups using OpenStack Dashboard were affected.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2013-6858
SHA-256 | 29fc0fcdcb2c8addcf4972400ab3addbaec6c74335e19a5d866d45f3125815b8
Red Hat Security Advisory 2014-0364-01
Posted Apr 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0364-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YAML input to an application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An integer overflow flaw was found in the way the libyaml library handled excessively long YAML tags. An attacker able to load specially crafted YAML input to application using libyaml could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-6393, CVE-2014-2525
SHA-256 | ce729a29b9bebd731354b0823cc4922bd495122b3272c5b2dc706dd96eb50c12
Oracle Identity Manager 11g R2 SP1 Unvalidated Redirect
Posted Apr 3, 2014
Authored by Giuseppe D'Amore

Oracle Identity Manager version 11g R2 SP1 (11.1.2.1.0) suffers from an unvalidated redirect vulnerability.

tags | exploit
SHA-256 | 448648d9c9455c65f7634ce01453a90dccfc315fbdcd51f5d3b99558048a7446
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close