all things security
Showing 1 - 25 of 30 RSS Feed

Files Date: 2014-07-09

Red Hat Security Advisory 2014-0867-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0867-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-0178, CVE-2014-0244, CVE-2014-3493
MD5 | 15c10c66152e03f16c45fe3351c124d5
Red Hat Security Advisory 2014-0866-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0866-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-0244, CVE-2014-3493
MD5 | 19cb5088088852c5aaeaf15484aa6b93
Red Hat Security Advisory 2014-0865-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0865-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly.

tags | advisory, java, remote, web, denial of service, overflow
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099
MD5 | b5f72411efb93ab1d69ce6831f9cc09b
Red Hat Security Advisory 2014-0861-02
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0861-02 - LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-4607
MD5 | 32258aeaeae7b8f1f0b8f9c4cd469d16
Red Hat Security Advisory 2014-0860-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0860-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
MD5 | 93dc94363221ca6704f48ba134b435dd
Infoblox 6.8.4.x Weak MySQL Password
Posted Jul 9, 2014
Authored by Nate Kettlewell

Infoblox versions 6.4.x.x through 6.8.4.x use a default login of root with password root on their MySQL instances.

tags | exploit, root
advisories | CVE-2014-3419
MD5 | 53da9b905d9f8f6a86133d8835db6f84
Infoblox 6.8.4.x OS Command Injection
Posted Jul 9, 2014
Authored by Nate Kettlewell

Infoblox versions 6.4.x.x through 6.8.4.x suffer from a remote OS command injection vulnerability.

tags | exploit, remote
advisories | CVE-2014-3418
MD5 | cc57d74ecbf69d9f1e5f87836de87690
Cisco Security Advisory 20140709-struts2
Posted Jul 9, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability identified by Apache with Common Vulnerabilities and Exposures ID CVE-2010-1870. The vulnerability is due to insufficient sanitization on user-supplied input in the XWorks component of the affected software. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options.

tags | advisory, remote, arbitrary, vulnerability
systems | cisco
advisories | CVE-2010-1870
MD5 | f99f63988930581031d2a4c54c4246de
FreeBSD Security Advisory - Kernel Memory Disclosure
Posted Jul 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The control message API is used to construct ancillary data objects for use in control messages sent and received across sockets and passed via the recvmsg(2) and sendmsg(2) system calls. Buffer between control message header and data may not be completely initialized before being copied to userland. Three SCTP cmsgs, SCTP_SNDRCV, SCTP_EXTRCV and SCTP_RCVINFO, have implicit padding that may not be completely initialized before being copied to userland. In addition, three SCTP notifications, SCTP_PEER_ADDR_CHANGE, SCTP_REMOTE_ERROR and SCTP_AUTHENTICATION_EVENT, have padding in the returning data structure that may not be completely initialized before being copied to userland.

tags | advisory
systems | freebsd
advisories | CVE-2014-3952, CVE-2014-3953
MD5 | 050c68c612331e721d019161388271b2
Android NFC Denial Of Service
Posted Jul 9, 2014
Site nipc.org.cn

Android NFC suffers from a denial of service vulnerability. Android OS version prior to 4.4 are affected.

tags | advisory, denial of service
MD5 | 8db7b97edf50eef25953b8745332e7b1
HP Security Bulletin HPSBMU03065
Posted Jul 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03065 - A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability, code execution
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 6a1e1d9375278335c81e18c973fdb072
Debian Security Advisory 2974-1
Posted Jul 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2974-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4721
MD5 | bb430551d4a054408556fd3bdd4749ed
Red Hat Security Advisory 2014-0859-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0859-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database, requests to load said data would terminate and the requested page would not be displayed until an administrator cleans the database.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2682, CVE-2014-0174
MD5 | 386ed98284a72c73bf35eea63aa270ee
Ubuntu Security Notice USN-2276-1
Posted Jul 9, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2276-1 - Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. Stefan Esser discovered that PHP incorrectly handled unserializing SPL extension objects. An attacker could use this issue to execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721
MD5 | 346bba689298c4e59a882bb59b95d632
Red Hat Security Advisory 2014-0858-01
Posted Jul 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0858-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. It was found that if Cumin were asked to display a link name containing non-ASCII characters, the request would terminate with an error. If data containing non-ASCII characters were added to the database, requests to load said data would terminate and the requested page would not be displayed until an administrator cleans the database.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2682, CVE-2014-0174
MD5 | 6c93cbb363bb945089e870ca03009ce5
Gentoo Linux Security Advisory 201407-02
Posted Jul 9, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-2 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.394 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
MD5 | 96a9eb0d3d7bddbefb56df6e3912f808
Mandriva Linux Security Advisory 2014-132
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-132 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
MD5 | 5ae41c17320fd3f8ec7f39c916d0c771
Mandriva Linux Security Advisory 2014-131
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-131 - A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size. Multiple flaws were found in the way file parsed property information from Composite Document Files files, due to insufficient boundary checks on buffers. Note: these issues were announced as part of the upstream PHP 5.4.30 release, as PHP bundles file's libmagic library. Their announcement also references an issue in CDF file parsing, which was previously fixed in the file package in MGASA-2014-0252, but was not announced at that time.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487
MD5 | 41c9f6f3ac72c4a0592c80d43d27f441
Mandriva Linux Security Advisory 2014-129
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-129 - Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to in decode_ac_filter, and (3) too many bits in decode_channel_residues(). libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted WMA data. The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Microsoft RLE video data. The mpegts_write_pmt function in the MPEG2 transport stream muxer in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. A use-after-free vulnerability in FFmpeg before 1.1.9 involving seek operations on video data could allow remote attackers to cause a denial of service. An integer overflow can occur when processing any variant of a literal run in the av_lzo1x_decode function. The updated packages have been upgraded to the 0.10.14 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2795, CVE-2012-5150, CVE-2014-2098, CVE-2014-2099, CVE-2014-2263, CVE-2014-4609, CVE-2014-4610
MD5 | 69a4199b904688c66efd700dbe4f506d
Mandriva Linux Security Advisory 2014-130
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-130 - The unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types. It was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query. A flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size. Multiple flaws were found in the way file parsed property information from Composite Document Files files, due to insufficient boundary checks on buffers. PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to versions 5.5.14, which fix this issue and several other bugs. The phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.5 version.

tags | advisory, overflow, arbitrary, php
systems | linux, mandriva
advisories | CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721
MD5 | 93cb8d65b1cbaad1895a04ac0abfea93
Mandriva Linux Security Advisory 2014-128
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-128 - Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this flaw.

tags | advisory, remote, bypass
systems | linux, mandriva
advisories | CVE-2014-4168
MD5 | 3e25f5dd60664f3efdb2a222bbe3cbbc
Mandriva Linux Security Advisory 2014-127
Posted Jul 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-127 - GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-4617
MD5 | e4e4019d5545f6080641a02f229f9ea7
OctavoCMS Cross Site Scripting
Posted Jul 9, 2014
Authored by Andrew Antonio

OctavoCMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4331
MD5 | a129310b9d5a2ee48286404c16ea86c5
WordPress BSK PDF Manager 1.3.2 SQL Injection
Posted Jul 9, 2014
Authored by Claudio Viviani

WordPress BSK PDF Manager version 1.3.2 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3e0b2dd83925b35cefac97bc5ccd62c7
Microsoft Security Bulletin Summary For July, 2014
Posted Jul 9, 2014
Site microsoft.com

This bulletin summary lists six released Microsoft security bulletins for July, 2014.

tags | advisory
MD5 | 09e6a7f965a3987fd396e916a67f853e
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close