seeing is believing
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-08-14

Apple Security Advisory 2014-08-13-1
Posted Aug 14, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-08-13-1 - Safari 6.1.6 and Safari 7.0.6 are now available and address unexpected termination and arbitrary code execution issues due to memory corruption issues in WebKit.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390
MD5 | be81f0e63af62784bce98778f9df0cd5
Red Hat Security Advisory 2014-1060-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1060-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.

tags | advisory
systems | linux, redhat
MD5 | a9a7c75e61912d72b7928aadee480ee7
Ubuntu Security Notice USN-2315-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2315-1 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3504
MD5 | 2b5097643ce0759f260e5b613e2ec2f8
Ubuntu Security Notice USN-2316-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2316-1 - Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
MD5 | 874a585e6eba7ac99736d244794cc71b
Debian Security Advisory 3005-1
Posted Aug 14, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3005-1 - Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-3564
MD5 | c1cda4ba144a60a2cf12a20985b41d31
Red Hat Security Advisory 2014-1059-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1059-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285, CVE-2014-0107
MD5 | de76957e95d2e9acb95ab7e1caf3ad42
Gentoo Linux Security Advisory 201408-06
Posted Aug 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-6 - Multiple vulnerabilities have been discovered in libpng which can allow a remote attacker to cause a Denial of Service condition. Versions less than 1.6.10 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7353, CVE-2013-7354, CVE-2014-0333
MD5 | d18fa47b5eab30b77dcf8679486c0973
Gentoo Linux Security Advisory 201408-05
Posted Aug 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-5 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.400 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
MD5 | 2e341331f3251ff8c40e275e4a0eb414
Red Hat Security Advisory 2014-1054-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1054-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511
MD5 | 00fabbebcd8920e33adc405616cd9da6
HP Security Bulletin HPSBMU03090
Posted Aug 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03090 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-0114
MD5 | c4057723abd0e04888781cbccb2b4aaf
Optical Society of America's Prism Information Leak
Posted Aug 14, 2014
Authored by Peter Wiedekind

Reviewer information stored in metadata can be leaked for submissions sent to the Optical Society of America's Prism system.

tags | advisory
MD5 | 46426fa59484be486457eda094da108d
VirtualBox 3D Acceleration Virtual Machine Escape
Posted Aug 14, 2014
Authored by Francisco Falcon, juan vazquez, Florian Ledoux | Site metasploit.com

This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.

tags | exploit, remote
systems | windows, 7
advisories | CVE-2014-0983
MD5 | dcc77fac6866efe74508b6b9429587dc
VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
Posted Aug 14, 2014
Authored by Emilio Pinna | Site metasploit.com

VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. Port binding payloads are disregarded due to the restrictive firewall settings. This Metasploit module has been tested successfully on VMTurbo Operations Manager versions 4.5 and 4.6.

tags | exploit, web
advisories | CVE-2014-5073
MD5 | d3d25baff2f5934caa27e8535f230611
HP Security Bulletin HPSBHF03088
Posted Aug 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03088 - A potential security vulnerability has been identified with the HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 236c0057897a0e841c58575327682599
Red Hat Security Advisory 2014-1053-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1053-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-0221, CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
MD5 | 7316bccba53d806f10c0575e3a63b845
Red Hat Security Advisory 2014-1052-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1052-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511
MD5 | 1988780bf102e646a5c41827293ffc58
Gentoo Linux Security Advisory 201408-04
Posted Aug 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-4 - Multiple vulnerabilities have been found in Catfish, allowing local attackers to escalate their privileges. Versions less than 1.0.2 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-2093, CVE-2014-2094, CVE-2014-2095, CVE-2014-2096
MD5 | 3f87e7b7fc36427532e58496e246a0f7
Ubuntu Security Notice USN-2313-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2313-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917
MD5 | 61674abaefe86b74ab5c20fb2e035a33
Ubuntu Security Notice USN-2314-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2314-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917
MD5 | 9251277e6acb16674ec6cd1749cd21ab
Red Hat Security Advisory 2014-1051-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1051-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
MD5 | 3e8d7288e6c4349d3199e3180c1ec3e9
Red Hat Security Advisory 2014-1037-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1037-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2014-0136
MD5 | eaeb831798af3a224db3b1fc2411ffd2
Red Hat Security Advisory 2014-1050-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1050-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection; this data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets. It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-4615
MD5 | 24396239e6fadad5b0fba9c3342372d9
Jamroom 5.2.6 Cross Site Scripting
Posted Aug 14, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Jamroom version 5.2.6 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5098
MD5 | 9ac5aa143504dea1877395253b87cad2
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close