what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-04-07

OpenSSL Toolkit 1.0.1g
Posted Apr 7, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Workaround for the TLS hang bug. Fix for a side-channel attack. Fix for a missing bounds check in the TLS heartbeat extension.
tags | tool, protocol, library
systems | unix
advisories | CVE-2014-0076, CVE-2014-0160
SHA-256 | 53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
OpenSSL TLS Heartbeat Read Overrun
Posted Apr 7, 2014
Site openssl.org

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 4f8f0dc9e93799002c4bef191b0e8f5e142452409064b95a52255aa7f737badb
Ubuntu Security Notice USN-2165-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2165-1 - Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0076, CVE-2014-0160
SHA-256 | f2b6af710c9e36df9d737d33d189c7c4552996014d2a9d3f94e1a4b698dfa7de
WinRAR Filename Spoofing
Posted Apr 7, 2014
Authored by chr1x, juan vazquez | Site metasploit.com

This Metasploit module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This inconsistency allows to spoof file names when opening ZIP files with WinRAR, which can be abused to execute arbitrary code, as exploited in the wild in March 2014.

tags | exploit, arbitrary, local, spoof
advisories | OSVDB-62610
SHA-256 | 77adfa4fa0e23c97becb1de4580cf456d6594ca7beef63394258815f48627e38
Fritz!Box Webcm Unauthenticated Command Injection
Posted Apr 7, 2014
Authored by Michael Messner, Fabian Braeunlein | Site metasploit.com

Different Fritz!Box devices are vulnerable to an unauthenticated OS command injection. This Metasploit module was tested on a Fritz!Box 7270 from the LAN side. The vendor reported the following devices vulnerable: 7570, 7490, 7390, 7360, 7340, 7330, 7272, 7270, 7170 Annex A A/CH, 7170 Annex B English, 7170 Annex A English, 7140, 7113, 6840 LTE, 6810 LTE, 6360 Cable, 6320 Cable, 5124, 5113, 3390, 3370, 3272, 3270

tags | exploit
SHA-256 | 3c9438ad3242628774c0c9001c0fa55a918947a138a8407300ecd933463e3bf5
NoSuchCon 2014 Call For Papers
Posted Apr 7, 2014
Site nosuchcon.org

The NoSuchCon 2014 Call For Papers has been announced. It will take place November 19th through the 21st, 2014 in Paris, France.

tags | paper, conference
SHA-256 | b69832c225089330f3fbb4d741e2886231ce145072955697f9ff8a5ee3f5e772
Microsoft Windows Help / Support Center DoS / Overflow
Posted Apr 7, 2014
Authored by Eduardo Braun Prado

Microsoft Windows Help and Support Center contains multiple vulnerabilities that can be exploited by attackers to run arbitrary code when a drag and drop operation is performed on a webpage, cause a buffer overrun condition, and Denial of Service (DOS). Proof of concept code included.

tags | exploit, denial of service, overflow, arbitrary, vulnerability, proof of concept
systems | windows
SHA-256 | cc111b1430c4133bf0687641eb7cc07665dae44f35945c0b99ba586fc437fef5
Microsoft Windows Help HLP File Loading Hijack
Posted Apr 7, 2014
Authored by Eduardo Braun Prado

Microsoft Windows Help (Winhlp32) contains an HLP file loading hijack vulnerability because programs that invokes help from HLP files passes relative paths, causing it to load HLP files from the directory in which it was started, if they exist. Proof of concept code included.

tags | exploit, proof of concept
systems | windows
SHA-256 | 555250bab20bf8be89a3b9e62da9fd89d8bfae7044864dbc0df99dbc189d1d0e
HP Security Bulletin HPSBGN02986
Posted Apr 7, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02986 - A potential security vulnerability has been identified with HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-2600
SHA-256 | bc5084b0478ae4f88250fcf94c8305e05e0e1b2d87da2fb27e6884c9671bca79
Debian Security Advisory 2891-3
Posted Apr 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2891-3 - The Mediawiki update issued as DSA 2891-1 caused regressions. This update fixes those problems.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2031, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610, CVE-2014-2665
SHA-256 | f4c93e740a251c7b3e60a20bbabc1c65f7a49c750380dbd5a2a67ee2e253ae01
Gentoo Linux Security Advisory 201404-01
Posted Apr 7, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-1 - A vulnerability in CUPS may allow for arbitrary file access. Versions less than 1.6.2-r5 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2012-5519
SHA-256 | 39a8944fe3211ba9f3dd3a733ebfff6ff3d9c90c663ccc86cbba90efde06c940
Gentoo Linux Security Advisory 201404-05
Posted Apr 7, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-5 - Multiple vulnerabilities have been found in OpenAFS, worst of which can allow attackers to execute arbitrary code. Versions less than 1.6.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-1250, CVE-2009-1251, CVE-2011-0430, CVE-2011-0431, CVE-2013-1794, CVE-2013-1795, CVE-2013-4134, CVE-2013-4135
SHA-256 | bdd4ed6538ff78bf057d8dfb17d273d308bbeb4af917a10d1c972e171f1ca870
Gentoo Linux Security Advisory 201404-04
Posted Apr 7, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-4 - A vulnerability in Crack might allow remote attackers to execute arbitrary code. Versions less than 0.3.2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2013-1800
SHA-256 | 787bea35901f30a270ecc027971222399b9ca460eb3dc5673b85b2518f5fce06
Gentoo Linux Security Advisory 201404-03
Posted Apr 7, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-3 - A use-after-free error in OptiPNG could result in execution of arbitrary code or Denial of Service. Versions less than 0.7.3 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4432
SHA-256 | 889ec44646a291d50cef5fcd069e6d9c2dbb09b6d0d8e3a1bec6aa5c2a96d9c6
Ubuntu Security Notice USN-2164-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2164-1 - Matthew Vernon discovered that OpenSSH did not correctly check SSHFP DNS records if a server presented an unacceptable host certificate. A malicious server could use this issue to disable SSHFP checking.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-2653
SHA-256 | 7b0f4e976b236236294b1d5252c077f746751ea14dd4ae1c72fe2805931b990f
Gentoo Linux Security Advisory 201404-02
Posted Apr 7, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-2 - A buffer overflow in libproxy might allow remote attackers to execute arbitrary code. Versions less than 0.4.10 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2012-4504
SHA-256 | 13c9b943b1ffcfba6bbba3bd40ae7cfa2ece2d10b6a05055367f668057cbd60d
Ubuntu Security Notice USN-2163-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2163-1 - It was discovered that PHP's embedded libmagic library incorrectly handled PE executables. An attacker could use this issue to cause PHP to crash, resulting in a denial of service.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2014-2270
SHA-256 | 0d091488d02a2ca4f7952cb6422ce82ecaf309d9b79a81b19e91969a3b2faf20
Ubuntu Security Notice USN-2162-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2162-1 - It was discovered that file incorrectly handled PE executable files. An attacker could use this issue to cause file to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-2270
SHA-256 | b4dd95e2b702ef1f1d6c8585d60662427e21c67c1030d55acf046c239cb3f865
Debian Security Advisory 2895-1
Posted Apr 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2895-1 - A denial-of-service vulnerability has been reported in Prosody, a XMPP server. If compression is enabled, an attacker might send highly-com- pressed XML elements (attack known as "zip bomb") over XMPP streams and consume all the resources of the server.

tags | advisory
systems | linux, debian
SHA-256 | a67c98bdadab4fc478a257deefe2123d0476ddf5992461747b709aa8a8eca333
Debian Security Advisory 2894-1
Posted Apr 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2894-1 - Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-2532, CVE-2014-2653
SHA-256 | 5dba7d2302bdc35d448e8e95c5a203d4d00214d3bc18d6bf10df23d92a218c95
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close