all things security
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-02

HP Security Bulletin HPSBMU03032
Posted May 2, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03032 - A potential security vulnerability has been identified with HP Virtual Connect Firmware Smart Components installer software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | c3bbbb9acbc69059c1607b445fa212e2
Gentoo Linux Security Advisory 201405-01
Posted May 2, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-1 - A stack-based buffer overflow vulnerability has been found in udisks, allowing a local attacker to possibly execute arbitrary code or cause Denial of Service. Versions less than 2.1.3 are affected.

tags | advisory, denial of service, overflow, arbitrary, local
systems | linux, gentoo
advisories | CVE-2014-0004
MD5 | fa9f273f86d9244f99295ce178973dd8
HP Security Bulletin HPSBMU03033
Posted May 2, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03033 - A potential security vulnerability has been identified with HP Insight Control software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 404596f46616e075a765ef39ebae5607
HP Security Bulletin HPSBMU03030
Posted May 2, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03030 - A potential security vulnerability has been identified with HP Service Pack for ProLiant (SPP) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | ba085a02b40b4048c66c102bb4cef67e
AlienVault OSSIM SQL Injection / Code Execution
Posted May 2, 2014
Authored by Sasha Zivojinovic | Site metasploit.com

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code execution can be gained by creating a high priority policy with an action containing our payload.

tags | exploit, remote, code execution, sql injection
MD5 | 14ea5b1a2c6caf71c5afc1f51bf64286
Apache Struts ClassLoader Manipulation Remote Code Execution
Posted May 2, 2014
Authored by Mark Thomas, Przemyslaw Celej | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.16.2. This issue is caused because the ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation, which allows remote attackers to execute arbitrary Java code via crafted parameters.

tags | exploit, java, remote, arbitrary
advisories | CVE-2014-0094, CVE-2014-0112
MD5 | 319dec4b888717b00b12adae3a924a59
Microsoft Security Bulletin Summary For May, 2014
Posted May 2, 2014
Site microsoft.com

This bulletin summary lists the one released Microsoft security bulletin for May, 2014.

tags | advisory
MD5 | fc5c8e2558bee9d2a38a113792d9374d
Ubuntu Security Notice USN-2191-1
Posted May 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2191-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0462, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
MD5 | 304ff1413d4f828e7e0a339670c59211
Red Hat Security Advisory 2014-0463-01
Posted May 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0463-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the one-year life cycle of Production Support for version 3 will end on July 31, 2014. On August 1, 2014, Red Hat Enterprise Linux OpenStack Platform version 3 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date.

tags | advisory
systems | linux, redhat
MD5 | 83254a9bbad10bdd7a482a235e0e8039
Red Hat Security Advisory 2014-0461-01
Posted May 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0461-01 - The openshift-origin-broker-util package provides utility scripts for the OpenShift Broker service, which manages all user logins, DNS name resolution, application states, and general orchestration of the applications. It was discovered that the mcollective client.cfg configuration file was world-readable by default. A malicious, local user on a host with the OpenShift Broker installed could read sensitive information regarding the mcollective installation, including mcollective authentication credentials. A malicious user able to obtain said credentials would potentially have full control over all OpenShift nodes managed via mcollective.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0164
MD5 | 6a0f772bdc6b1e838945212948311e10
Red Hat Security Advisory 2014-0460-01
Posted May 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0460-01 - The openshift-origin-broker-util package provides utility scripts for the OpenShift Broker service, which manages all user logins, DNS name resolution, application states, and general orchestration of the applications. It was discovered that the mcollective client.cfg configuration file was world-readable by default. A malicious, local user on a host with the OpenShift Broker installed could read sensitive information regarding the mcollective installation, including mcollective authentication credentials. A malicious user able to obtain said credentials would potentially have full control over all OpenShift nodes managed via mcollective.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0164
MD5 | 9fc9d713b9d8adf545ce9e6611d82dfa
Red Hat Security Advisory 2014-0462-01
Posted May 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0462-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method for remotely accessing Seam components from a web page, using AJAX. It was found that JBoss Seam response envelopes included unsanitized parameter and ID names provided in the request. This allowed a request to inject arbitrary XML into the response. A remote attacker could use this flaw to perform reflected cross-site scripting attacks, provided the JBoss Seam remoting application did not use any cross-site request forgery protection.

tags | advisory, java, remote, web, arbitrary, xss, csrf
systems | linux, redhat
advisories | CVE-2014-0149
MD5 | 1f1fc5798135018579d0f2c9a22f5df5
Ubuntu Security Notice USN-2190-1
Posted May 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2190-1 - Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6369
MD5 | 6e86a3790f5f28fa3143ebe28822f220
Ubuntu Security Notice USN-2183-2
Posted May 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2183-2 - USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0471
MD5 | 9c93c6a47981b9151d6a352d7cf9c174
Digital Whisper Electronic Magazine #50
Posted May 2, 2014
Authored by cp77fk4r, digitalwhisper

Digital Whisper Electronic Magazine issue 50. Written in Hebrew.

tags | magazine
MD5 | e2fb7eedfb6cca44c025c38b22b0242c
Netgear DGN2200 Cross Site Scripting
Posted May 2, 2014
Authored by Dolev Farhi

Netgear DGN2200 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | f514161b2d632bd919c1ca412b293831
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close