what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-08-21

Ubuntu Security Notice USN-2325-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2325-1 - Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3517
SHA-256 | 8788b38b5a81104c8f533ce3a4143ab93be8c6996fcfa6dc36bab40aff69999d
Ubuntu Security Notice USN-2324-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2324-1 - Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. Jamie Lennox discovered that OpenStack Keystone did not properly validate the project id. A remote authenticated attacker may be able to use this to access other projects. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3476, CVE-2014-3520, CVE-2014-5251, CVE-2014-5252, CVE-2014-5253
SHA-256 | 1632498be04b1359c92fbf3613e7ffaae0db2f9cddd39c0d312bdc35e22eb168
Ubuntu Security Notice USN-2323-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594
SHA-256 | af5d9eaa139a9915db9bda1859494977f366c015c3d6601bc6ac733e84f186a0
Ubuntu Security Notice USN-2322-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2322-1 - Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not properly honor the image_size_cap configuration option. A remote authenticated attacker could exploit this to cause a denial of service via disk consumption.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-5356
SHA-256 | 75702fafcd9acb64d5cdae128214cc86612c7fc20bd6e7bae42ebbd1a9b2ea90
Ubuntu Security Notice USN-2321-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2321-1 - Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3555, CVE-2014-4615
SHA-256 | 5b7b6a9f75cfd520067e6ce6a174281f6d497b3744e0c37c37a61dd014f8632f
Ubuntu Security Notice USN-2311-2
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2311-2 - USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-4615
SHA-256 | ad7b0e30b51d9f8a5abbb08b6f790464b6327d5cce37067210a3bd846815e2be
oclHashcat For AMD 1.30
Posted Aug 21, 2014
Authored by dropdead | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Various driver support added. Multiple algorithm support added.
tags | tool, cracker
SHA-256 | 9482d2e2c51d01147af19350d4b0861c11855b2dd918151a4bb721e877b49566
oclHashcat For NVidia 1.30
Posted Aug 21, 2014
Authored by dropdead | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Various driver support added. Multiple algorithm support added.
tags | tool, cracker
SHA-256 | 01ecb4373ce5556dc9e13c02318a734eb042902f76dceebdc04894cc979a9dee
ToorCon 16 Call For Papers
Posted Aug 21, 2014
Site sandiego.toorcon.net

ToorCon 16 has announced its call for papers. This conference will take place October 24th through the 26th, 2014 in San Diego, CA, USA.

tags | paper, conference
SHA-256 | 8dc7d28390f95ad5c0039a8b58b1ef87ea3aa20a063688c4137ec5604f280dd9
ArcGIS For Server 10.1.1 XSS / Open Redirect
Posted Aug 21, 2014
Authored by CAaNES

ArcGIS for Server version 10.1.1 suffers from cross site scripting and open redirect vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-5121, CVE-2014-5122
SHA-256 | df3cafafee2a56ce02291cb9609f9243863e0b48f7556cc7572db5590e99a6d5
Red Hat Security Advisory 2014-1086-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1086-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0221, CVE-2014-0226, CVE-2014-0231
SHA-256 | 1869ac672baeb6d6231ed4264632e0262537ca84832e3d8b68ec845527428f94
Debian Security Advisory 2940-1
Posted Aug 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2940-1 - It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2014-0114
SHA-256 | a2c5ba27eba620d705bc979e39632bb700c5a4d3e90ae0a26a1a3d26bf11271a
Debian Security Advisory 3008-1
Posted Aug 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
SHA-256 | aba292eea0cbb7cbbfdba617dbea50f35ade910183dcb8ecb26ee494d52b6f34
Red Hat Security Advisory 2014-1087-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1087-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0226, CVE-2014-0231
SHA-256 | 7b43399c8297d76dd46dd0933745d26b4de10eebe9f700a43e687901819a236b
Red Hat Security Advisory 2014-1088-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1088-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0226, CVE-2014-0231
SHA-256 | 4da1d3ba75d748e08e95de45e5cf1defc759a9a506037cddf827b73f39496145
Green Lights Forever: Analyzing The Security Of Traffic Infrastructure
Posted Aug 21, 2014
Authored by J. Alex Halderman, Branden Ghena, William Beyer, Jonathan Pevarnek, Allen Hillaker

The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. The authors investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. They leverage these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment in coordination with authorities. Their attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage. They make recommendations on how to improve existing systems and discuss the lessons learned for embedded systems security in general.

tags | paper
SHA-256 | 7eb72c4fe42431b49f23e36bae8a9024cdacfdd85d7d3cab51bf021cdf47aca7
MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection
Posted Aug 21, 2014
Authored by DemoLisH

MyBB version 1.8 Beta 3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | dabab641dae9255bac128fc3d2e933d5be5af5ba51c232b96f0fc9c5c33828a7
Dashing Times SQL Injection
Posted Aug 21, 2014
Authored by 3spi0n

Content management systems designed by Dashing Times appear susceptible to remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 8e1e463761d4827cd6a59576788f068dfed5b06371c54dc07fa1ec37a0bf4210
Red Hat Security Advisory 2014-1084-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1084-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-0167, CVE-2014-3517
SHA-256 | 3c25ea0f31a94abd37555dce2866ca455ade1242e9c70c53365d1fb7c26bce19
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close