the original cloud security
Showing 1 - 25 of 31 RSS Feed

Files Date: 2014-05-06

IBM AIX Kernel Memory Leak / Denial Of Service
Posted May 6, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | aix
advisories | CVE-2014-0930
MD5 | 4236298d7ba606989f3262b37ad6c132
Citrix Netscaler SSL Certificate Validation
Posted May 6, 2014
Authored by Graham Sutherland | Site portcullis-security.com

The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 assigns an empty trust manager to its SSL context, causing it to accept any certificate regardless of validity.

tags | advisory, java, remote
advisories | CVE-2014-2882
MD5 | 7ac1d5f8de1edbbfcee85a274d835870
Citrix Netscaler Diffie-Hellman Key Exchange Issue
Posted May 6, 2014
Authored by Graham Sutherland | Site portcullis-security.com

The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 contains a poor implementation of the Diffie-Hellman key exchange algorithm. The random number generator used to produce secret values is the java.util.Random class, which is not of cryptographic quality. Publicly known predictors exist for the underlying RNG, and the seed is either 32-bit or 48-bit depending on the host system.

tags | advisory, java, remote
advisories | CVE-2014-2881
MD5 | c58d9edb0baca3c2246b4d1e220ff5bf
Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure
Posted May 6, 2014
Authored by Micha Borrmann

Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.

tags | exploit
systems | windows
advisories | CVE-2014-2845
MD5 | 7546282d9927b352c32f620e22fe0257
HP Security Bulletin HPSBMU03037
Posted May 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03037 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 400669d457e24c0a09068df3c758a83a
Night Lion Security PHP Stress
Posted May 6, 2014
Authored by Vinny Troia | Site nightlionsecurity.com

Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.

tags | exploit, tool, web, denial of service, cgi, php, proof of concept
systems | linux
MD5 | cf5a1ebb66e0d9f766736399194e02b5
Ubuntu Security Notice USN-2204-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2204-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | abdb6c0bc9e6daefa389f41cb89a380b
Ubuntu Security Notice USN-2203-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2203-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | bf5bc88c3fe37e912665ac452c1d5eb6
Ubuntu Security Notice USN-2202-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2202-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | 6e46930957c4fa6f4872ffa9ca30fb0b
Ubuntu Security Notice USN-2201-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2201-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | b4310e3a515bea75f00cd5a4440a56c6
Ubuntu Security Notice USN-2200-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2200-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | 3f566b862c97ddd582b869cf0aa8e3a0
Ubuntu Security Notice USN-2199-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2199-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | ff64fe6e1a722470e6584e6158b31fae
Ubuntu Security Notice USN-2196-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2196-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | ba542dbcdbecb56ea1b004931e200eb7
Ubuntu Security Notice USN-2207-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2207-1 - Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0006
MD5 | 2cadfe65c87450d3bd51b495c7d26402
Red Hat Security Advisory 2014-0473-01
Posted May 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0473-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.1 release serves as a replacement for JBoss Operations Network 3.2.0, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2014-0050
MD5 | df5ab05368a97735f269433653df4aae
Ubuntu Security Notice USN-2198-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2198-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | 817e79e8a0145af1f4f8f6d4587a3ddd
Ubuntu Security Notice USN-2206-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2206-1 - Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2014-0157
MD5 | a7d9a4d330ea109b690f30b758f4957f
Ubuntu Security Notice USN-2205-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2205-1 - Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244
MD5 | 9ffa26eec8955f355ae461032d2df712
Ubuntu Security Notice USN-2197-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2197-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
MD5 | ddeecadfc7764896e4885bc827b9bf18
CMS PUNTOPY SQL Injection
Posted May 6, 2014
Authored by Felipe Andrian Peixoto

CMS PUNTOPY suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 6910f32c64b5b1d4722a11508e488fb6
SOAPpy 0.12.5 XXE / Denial Of Service
Posted May 6, 2014
Authored by pnig0s

SOAPpy version 0.12.5 suffers from XXE and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
MD5 | 8f30fc2d9b43d9e3f7e28043b6d63138
Ruxcon 2014 Call For Papers
Posted May 6, 2014
Site ruxcon.org.au

Ruxcon 2014 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre, Melbourne, Australia.

tags | paper, conference
MD5 | b00335efd4749a0385268c43facce6a7
HP Security Bulletin HPSBGN03010 4
Posted May 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03010 4 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. Revision 4 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
MD5 | 5f7c9422b9f7c354a11f621596692ab1
Ubuntu Security Notice USN-2193-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2193-1 - Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0162
MD5 | 7f357b8fe9b3f5840c7b8a344af6ee01
Debian Security Advisory 2924-1
Posted May 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2924-1 - Multiple security issues have been found in Icedove, Debian's version errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.

tags | advisory, denial of service, overflow, arbitrary, xss
systems | linux, debian
advisories | CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
MD5 | 866bbaf667ac330d2383e24da6a32a56
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close