all things security
Showing 1 - 25 of 25 RSS Feed

Files Date: 2014-06-27

Suricata IDPE 2.0.2
Posted Jun 27, 2014
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Various clean up and bug fixes.
tags | tool, intrusion detection
systems | unix
MD5 | 90228925c6a42d41fb2ee86911bc4000
HP Security Bulletin HPSBMU03056
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | c593afb8ed3278760c923d0566ff0faf
HP Security Bulletin HPSBMU03057
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | c19a68128ba8889a700b22211e6d6ec2
HP Security Bulletin HPSBMU03061
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03061 - A potential security vulnerability has been identified with HP Release Control. The vulnerability could be exploited remotely to allow disclosure of privileged information and elevation of privilege. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-2612, CVE-2014-2613
MD5 | 5aa6a2de9f9bae87505a42345dfd7019
Debian Security Advisory 2969-1
Posted Jun 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2969-1 - Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.

tags | advisory, remote, denial of service, perl
systems | linux, debian
advisories | CVE-2014-0477
MD5 | d110df66b6bc321523c36bba21c87229
ZeroCMS 1.0 Cross Site Scripting
Posted Jun 27, 2014
Authored by Filippos Mastrogiannis

ZeroCMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4195
MD5 | 20edd6a4a24ec2e08c0b9d0544d306d7
ICISSP 2015 Call For Papers
Posted Jun 27, 2014
Site icissp.org

The International Conference on Information Systems Security and Privacy (ICISSP) 2015 has announced its call for papers. It will take place in Loire Valley, France February 9th through the 11th, 2015.

tags | paper, conference
MD5 | 37ac53ef79c56bc9a35278b467735400
HP Security Bulletin HPSBMU03058
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03058 - A potential security vulnerability has been identified with HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This vulnerability could be exploited remotely to allow the disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 992e99489f216c3c329c8aea3165d112
Ubuntu Security Notice USN-2263-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2263-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145
MD5 | c5ac813daa3d2a7c0efc73e710d16d61
Ubuntu Security Notice USN-2262-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2262-1 - A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3144, CVE-2014-3145
MD5 | 7522864683e87425e4aa3030dcb1b7b9
Ubuntu Security Notice USN-2261-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2261-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145
MD5 | d00da09e7581a6bc1f4d880992cfaf1e
Ubuntu Security Notice USN-2259-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2259-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145
MD5 | 5d7b2bb997fbe86b1ff5bfa2716252db
Ubuntu Security Notice USN-2260-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0077, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3122, CVE-2014-3153
MD5 | 8193a7a1ebc21413d662ea710632ba74
Gentoo Linux Security Advisory 201406-28
Posted Jun 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-28 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.8.7 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2772, CVE-2012-2775, CVE-2012-2776, CVE-2012-2777, CVE-2012-2779, CVE-2012-2783, CVE-2012-2784, CVE-2012-2786, CVE-2012-2787, CVE-2012-2788, CVE-2012-2789, CVE-2012-2790, CVE-2012-2791, CVE-2012-2793, CVE-2012-2794, CVE-2012-2796, CVE-2012-2797, CVE-2012-2798, CVE-2012-2800, CVE-2012-2801, CVE-2012-2802, CVE-2012-2803, CVE-2012-2804, CVE-2012-5144
MD5 | 816fb500490328ab89cdc6ddcb2ab73c
Gentoo Linux Security Advisory 201406-31
Posted Jun 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-31 - Multiple vulnerabilities have been found in Konqueror, the worst of which may allow execution of arbitrary code. Versions less than 4.9.3-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4512, CVE-2012-4513, CVE-2012-4514, CVE-2012-4515
MD5 | f9b90ae57ef065f7ab58d16ed1203e63
Debian Security Advisory 2968-1
Posted Jun 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2968-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2014-4617
MD5 | 1ae3cf631b525fec94eef7e43c9bc75b
Gentoo Linux Security Advisory 201406-30
Posted Jun 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-30 - A vulnerability has been found in sudo allowing a local attacker to gain elevated privileges. Versions less than 1.8.5 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2014-0106
MD5 | 09faa8f574e1ecd912e3bea8fb9a5de4
Ubuntu Security Notice USN-2264-1
Posted Jun 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2264-1 - Salva discovered an information leak in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-1739, CVE-2014-3144, CVE-2014-3145
MD5 | d127e5a547490afcefc9cba2b7daad60
LinkedIn Cross Site Request Forgery
Posted Jun 27, 2014
Authored by Kishor Sonawane

LinkedIn suffered from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 22f5c4cf80ff5ae2a049522d2411c39e
HP AutoPass License Server File Upload
Posted Jun 27, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-6221
MD5 | 3209b299f33911d071ed8ed5db8462cc
MS14-009 .NET Deployment Service IE Sandbox Escape
Posted Jun 27, 2014
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module abuses a process creation policy in the Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem exists in the .NET Deployment Service (dfsvc.exe), which can be run as Medium Integrity Level. Further interaction with the component allows to escape the Enhanced Protected Mode and execute arbitrary code with Medium Integrity.

tags | exploit, arbitrary
advisories | CVE-2014-0257
MD5 | 6fa97cd4c465e9e94afcce09121b97e6
MS13-097 Registry Symlink IE Sandbox Escape
Posted Jun 27, 2014
Authored by juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module exploits a vulnerability in Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The vulnerability exists in the IESetProtectedModeRegKeyOnly function from the ieframe.dll component, which can be abused to force medium integrity IE to user influenced keys. By using registry symlinks it's possible force IE to add a policy entry in the registry and finally bypass Enhanced Protected Mode.

tags | exploit, registry
advisories | CVE-2013-5045
MD5 | ef7740b999fc84dc0a624768d0f11944
Gentoo Linux Security Advisory 201406-29
Posted Jun 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-29 - A vulnerability in spice-gtk could allow local attackers to gain escalated privileges. Versions less than 0.14 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2012-4425
MD5 | e8560eea647dc7551eade0c7fd8ca336
Gentoo Linux Security Advisory 201406-27
Posted Jun 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-27 - A race condition in polkit could allow a local attacker to gain escalated privileges. Versions less than 3.14.1 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2013-4288, CVE-2013-4311, CVE-2013-4324, CVE-2013-4325, CVE-2013-4327
MD5 | 3353856e3ac4462e25b0e9d9b7521070
Python CGIHTTPServer File Disclosure / Code Execution
Posted Jun 27, 2014
Site redteam-pentesting.de

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.

tags | exploit, arbitrary, cgi, root, python
advisories | CVE-2014-4650
MD5 | 366ebd78e93b049c2077b7f457cd3446
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close