all things security
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-06-10

OpenSSL Toolkit 1.0.1h
Posted Jun 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Various security fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 8d6d684a9430d5cc98a62a5d8fbda8cf
Microsoft Security Bulletin Summary For June, 2014
Posted Jun 10, 2014
Site microsoft.com

This bulletin summary lists seven released Microsoft security bulletins for June, 2014.

tags | advisory
MD5 | dc39a96953af691e1dab4aa2c34fe9c5
WordPress JW Player 2.1.2 Cross Site Request Forgery
Posted Jun 10, 2014
Authored by Tom Adams

WordPress JW Player plugin for Flash and HTML5 video version 2.1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 89e1fb2bee8712b0da1ac199269719b6
WordPress Member Approval Cross Site Request Forgery
Posted Jun 10, 2014
Authored by Tom Adams

WordPress Member Approval plugin suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-3850
MD5 | 114c4eb99efe5b2c9792b3454886461c
WordPress Featured Comments 1.2.1 Cross Site Request Forgery
Posted Jun 10, 2014
Authored by Tom Adams

WordPress Featured Comments plugin version 1.2.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | ad146081d42caba8e2051575803a2f77
Responder 2.0.8
Posted Jun 10, 2014
Authored by laurent gaffie | Site github.com

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Changes: Various additions and improvements.
tags | tool, web
systems | unix
MD5 | 92a6bb38ee4ef0f4f6c61c1398c62896
Mandriva Linux Security Advisory 2014-109
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-109 - A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3466
MD5 | 4b238c12e523b7789f467431b9a20ff2
Mandriva Linux Security Advisory 2014-107
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-107 - Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash. It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte. A NULL pointer dereference flaw was found in libtasn1's asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash. The packages for mes5 have been patched to correct these issues and the packages for mbs1 have been upgraded to the 3.6 version where these issues has been fixed.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | a21b623b750706c1195ebe22bd1bd8b8
Mandriva Linux Security Advisory 2014-106
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-106 - The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service via a long non-initial fragment. The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handshake. OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability. The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service by triggering a NULL certificate value. The updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 1703493e21f28d4a9856eb5c67ae44ef
Debian Security Advisory 2954-1
Posted Jun 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2954-1 - It was discovered that the Dovecot email server is vulnerable to a denial of service attack against imap/pop3-login processes due to incorrect handling of the closure of inactive SSL/TLS connections.

tags | advisory, denial of service, imap
systems | linux, debian
advisories | CVE-2014-3430
MD5 | d6be4ce8a522c3a4434851e5d9df1a86
Mandriva Linux Security Advisory 2014-105
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-105 - The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handshake. OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability. The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service by triggering a NULL certificate value. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 193c6f2c9e3efdb679a30424371ffcf2
Gentoo Linux Security Advisory 201406-08
Posted Jun 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-8 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.359 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
MD5 | f5c98440955a485566eced5c9c289b0b
Ubuntu Security Notice USN-2242-1
Posted Jun 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2242-1 - It was discovered that dpkg incorrectly handled certain patches when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3864, CVE-2014-3865
MD5 | b20404883477dc373ec4d2ba99a92847
Mandriva Linux Security Advisory 2014-110
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-110 - Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP, causing a transfer that was initiated by an application to wrongfully re-use an existing connection to the same server that was authenticated using different credentials. libcurl incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site.

tags | advisory, web, protocol
systems | linux, mandriva
advisories | CVE-2014-0015, CVE-2014-0138, CVE-2014-0139
MD5 | db1f963c40f0fd41b1cddb8ce5d5f1d5
Mandriva Linux Security Advisory 2014-112
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-112 - Multiple vulnerabilities has been discovered and corrected in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. Various other issues were also addressed. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, vulnerability, python
systems | linux, mandriva
advisories | CVE-2014-0472, CVE-2014-0473, CVE-2014-0474, CVE-2014-1418, CVE-2014-3730
MD5 | 7980bd249944d7546bd71fe00787e5dd
Mandriva Linux Security Advisory 2014-111
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-111 - A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS.

tags | advisory, javascript
systems | linux, mandriva
advisories | CVE-2014-2553, CVE-2014-2554
MD5 | 6a5a63940f8655aad63e04cd335c6287
Slackware Security Advisory - php Updates
Posted Jun 10, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-0185, CVE-2014-0237, CVE-2014-0238
MD5 | b092199d239d67bf79727841e8b39630
Mandriva Linux Security Advisory 2014-108
Posted Jun 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-108 - A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3465, CVE-2014-3466
MD5 | e0693f64ccc6b48ffbadf6f64463e979
WordPress SCv1 Local File Disclosure
Posted Jun 10, 2014
Authored by Medrik

WordPress SCv1 theme suffers from a file disclosure vulnerability. Note that this finding houses site-specific data.

tags | exploit, info disclosure
MD5 | a9e81ca4b9f48a490fe5b2c46e3bf447
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close