Twenty Year Anniversary
Showing 1 - 25 of 36 RSS Feed

Files Date: 2014-06-05

OpenSSL Security Advisory - MITM / Recursion / DoS
Posted Jun 5, 2014
Site openssl.org

OpenSSL suffers from SSL/TLS MITM, DTLS recursion, DTLS invalid fragment, SSL_MODE_RELEASE_BUFFERS NULL pointer dereference, session injection, and various other vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 5969edfa68307feb60fefe15f6715df3
TOR Virtual Network Tunneling Tool 0.2.4.22
Posted Jun 5, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release backports numerous high-priority fixes from the Tor 0.2.5 alpha release series. These include blocking all authority signing keys that may have been affected by the OpenSSL "heartbleed" bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM, and several others.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 5a7eee0d9df87233255d78b25c6f8270
EMC Documentum Content Server Escalation / Injection
Posted Jun 5, 2014
Site emc.com

EMC Documentum Content Server contains fixes for multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. These include privilege escalation, shell injection, and DQL injection vulnerabilities.

tags | advisory, shell, vulnerability
advisories | CVE-2014-2506, CVE-2014-2507, CVE-2014-2508
MD5 | 8c78e697f66eecbbfe96de787ceabb6e
Lynis Auditing Tool 1.5.4
Posted Jun 5, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds support for parsing Nginx configuration files. It tests the SSL configuration, includes a small fix for SMB daemon on Mac systems, and has an improved report.
tags | tool, scanner
systems | unix
MD5 | 9b3fa8174197b162ca7d0fea0c535067
httpry Specialized HTTP Packet Sniffer 0.1.8
Posted Jun 5, 2014
Authored by Dumpster Keeper | Site dumpsterventures.com

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.

Changes: The latest release adds a number of useful features and tweaks. VLAN tagged packets are now handled, and the PPP link type is supported. There's a new option available for specifying a custom ethernet header offset. Packet parsing is also improved with better handling of partial headers and a non-zero read timeout for live captures.
tags | tool, web, sniffer
systems | unix
MD5 | 212a03b32c3e3668f5890f8779a86ded
FreeBSD Security Advisory - OpenSSL Issues
Posted Jun 5, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL vulnerabilities have been addressed. Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled.

tags | advisory, overflow, vulnerability
systems | freebsd
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 1934f39e91527b2facc8c1cda272c95d
Cloudera Manager 4.8.2 / 5.0.0 Information Disclosure
Posted Jun 5, 2014

Cloudera Manager versions 4.8.2 and below and 5.0.0 suffer from a sensitive configuration value exposure.

tags | advisory, info disclosure
advisories | CVE-2014-0220
MD5 | d0cfc7aa0657821319f179f6c5931bab
HP Security Bulletin HPSBMU03029 2
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03029 2 - A potential security vulnerability has been identified with HP Insight Control server migration running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 8d962b59a1dfbffbe521947f9da544ae
DevExpress ASP.NET File Manager 13.2.8 Directory Traversal
Posted Jun 5, 2014
Site redteam-pentesting.de

DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.

tags | exploit, asp
advisories | CVE-2014-2575
MD5 | e93318bb004858c2424fa43a693ab368
Linux x86 Netcat Shellcode
Posted Jun 5, 2014
Authored by Oleg Boytsev

Linux x86 /bin/nc -le /bin/sh -vp 17771 shellcode that is 58 bytes.

tags | x86, shellcode
systems | linux
MD5 | 5bd28d8a7661dd07b41b7e8a31ebcc7f
EMC Documentum Digital Asset Manager Blind DQL Injection
Posted Jun 5, 2014
Site emc.com

EMC Documentum Digital Asset Manager (DAM) announces a security fix to address blind DQL (Documentum Query Language) injection vulnerability. The DAM thumbnail proxy server allows unauthenticated users to query objects using a vulnerable URL query string parameter. A malicious attacker can potentially conduct Blind DQL injection attacks using the vulnerable parameter to infer or modify the database contents. EMC Documentum Digital Asset Manager versions 6.5 SP3 through SP6 are affected.

tags | advisory
advisories | CVE-2014-2503
MD5 | 81a233f69c4a72742753e89cd43dbae3
HP Security Bulletin HPSBMU03033 3
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03033 3 - A potential security vulnerability has been identified with HP Insight Control software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 811f14301871011e7c03371c22a4bc02
HP Security Bulletin HPSBMU03028 2
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03028 2 - A potential security vulnerability has been identified with HP Matrix Operating Environment and HP CloudSystem Matrix software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | b296346172026d2e9e7dd2f82236ec13
Debian Security Advisory 2949-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2949-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
MD5 | 68b440d5672418363f12f32a38f958db
Debian Security Advisory 2950-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2950-1 - Multiple vulnerabilities have been discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 2bffd06bcb9190ca0ba85fff8dc45c35
Red Hat Security Advisory 2014-0632-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0632-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2014-0224
MD5 | cd5ab16f8c3982293805a71b5c38bebc
Red Hat Security Advisory 2014-0633-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0633-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2014-0224
MD5 | bf532554e775d7d3a3567362cf304250
Red Hat Security Advisory 2014-0630-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2014-0224
MD5 | e5c2f1ba5907dc461f63d219415989de
Red Hat Security Advisory 2014-0631-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0631-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2014-0224
MD5 | 2687a28012d48d796efc256ecb059640
Red Hat Security Advisory 2014-0629-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0629-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library.

tags | advisory, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-0077, CVE-2014-0224
MD5 | 10235a2cda90c159b9158cf467364794
Debian Security Advisory 2945-1
Posted Jun 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2945-1 - Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2014-0476
MD5 | 9cbd66630bccaad5df31f390e129b0be
Red Hat Security Advisory 2014-0628-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0628-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 890c53fa1f2b62399f4bcdcd087751f5
Red Hat Security Advisory 2014-0626-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0626-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0224
MD5 | 1af2e067b090018ce04b61c14b8aacfe
Red Hat Security Advisory 2014-0627-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0627-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0224
MD5 | 49fab88ca37f8c99cc274b8399943c1f
Red Hat Security Advisory 2014-0625-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0625-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 5d8fc5e64c6fa51ea445296de932e4f3
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    3 Files
  • 19
    Aug 19th
    3 Files
  • 20
    Aug 20th
    21 Files
  • 21
    Aug 21st
    7 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close