all things security
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-08-08

Easy FTP Pro 4.2 Command Injection
Posted Aug 8, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Easy FTP Pro version 4.2 suffers from a local command injection vulnerability.

tags | exploit, local
MD5 | 297d8c082fa69b23c1c944c953ea190d
Cisco Security Advisory 20140806-energywise
Posted Aug 8, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted EnergyWise packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote
systems | cisco, osx
MD5 | 8d8d0364daf8e1b47f4e2b8b3f16ad39
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | a5b9594c915060ca771d3ef479ffd948
HP Security Bulletin HPSBUX03087 SSRT101413
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03087 SSRT101413 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2012-6150, CVE-2013-4124, CVE-2013-4408
MD5 | ef873f56dff5344e197b5a2df6d3cff1
HP Security Bulletin HPSBMU03086
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03086 - A potential security vulnerability has been identified with HP Operations Agent running Glance. The vulnerability could be exploited locally resulting in elevation of privilege. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-2630
MD5 | 6ef6c3f0290f7ab6f5accb39897d2923
HP Security Bulletin HPSBHF03084
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03084 - Potential security vulnerabilities have been identified with certain HP PCs with UEFI Firmware. The vulnerabilities could be exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2014-4859, CVE-2014-4860
MD5 | a51052d40294df4e073d77220a3ccecd
Debian Security Advisory 2998-1
Posted Aug 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2998-1 - Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).

tags | advisory, denial of service, overflow, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
MD5 | b52a0a92025f75ff22a236802550c2e4
Mandriva Linux Security Advisory 2014-152
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-152 - Updated glibc packages fix various security issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0475, CVE-2014-4043
MD5 | ba4ab5ac9e1ceab4b108a88939d64a6b
Mandriva Linux Security Advisory 2014-154
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-154 - Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-2524
MD5 | 8ff89587687851ae8c189c4dc6b848e0
Mandriva Linux Security Advisory 2014-153
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-153 - MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash, XSS in mediawiki.page.image.pagination.js, and clickjacking between OutputPage and ParserOutput. This update provides MediaWiki 1.23.2, fixing these and other issues.

tags | advisory
systems | linux, mandriva
MD5 | 8b2ffe54a59c18343e7d2b8bdcf28299
Mandriva Linux Security Advisory 2014-158
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-158 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510
MD5 | 1faeb0eb62d9290d5f90a2dfca0353bd
Mandriva Linux Security Advisory 2014-159
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-159 - Multiple vulnerabilities have been discovered and corrected in wireshark. The updated packages have been upgraded to the 1.10.9 version where these security flaws have been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-5161, CVE-2014-5162, CVE-2014-5163, CVE-2014-5164, CVE-2014-5165
MD5 | 5cdb5312ebb9f8cef7ad1a1240c30f57
Mandriva Linux Security Advisory 2014-151
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-151 - In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
MD5 | e63ab3e5c658167589b9d3302951f94e
Mandriva Linux Security Advisory 2014-157
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-157 - In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page.

tags | advisory, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2014-3429
MD5 | a4068d725a20d7b4cdb7fd35d91c7182
Mandriva Linux Security Advisory 2014-156
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-156 - Multiple cross-site scripting vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2014-4722
MD5 | 251d6fdb7ec43b6697238a00134ea451
Red Hat Security Advisory 2014-1036-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1036-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263
MD5 | 322dbb143e5b880a6a35a47cc3934917
Red Hat Security Advisory 2014-1034-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1034-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors, and tag plug-in configuration files. The injected XML parser could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2014-0119
MD5 | 834d42d435cb00edbd06cab32b1abc69
Red Hat Security Advisory 2014-1033-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1033-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265
MD5 | 75f7fbf058a0a71c03ceabd065688a66
Red Hat Security Advisory 2014-1032-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1032-01 - The redhat-ds-base packages provide Red Hat Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in Red Hat Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-3562
MD5 | 416fa265708f0efe70bcd6350897e711
Ubuntu Security Notice USN-2308-1
Posted Aug 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2308-1 - Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
MD5 | 45ffd75caa34329932191499d7d07dab
Red Hat Security Advisory 2014-1031-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1031-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. This issue was discovered by Ludwig Krispenz of Red Hat.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-3562
MD5 | 5eda90a4de089865b6b8d63a500be95e
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
MD5 | 3d782401d1760680f0d614c6cde1ba1c
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close