Ubuntu Security Notice 2368-1 - It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.
d23623be892ad4e3082d9de02d10de4f885746f733ac9a7916528d54aa86b3b6Ubuntu Security Notice 2367-1 - For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used that would truncate the cipher list. This would prevent certain ciphers from being selected, and would prevent secure renegotiations. This update removes the cipher list truncation workaround when forcing the use of TLSv1.2.
c7bc1e2bc55522dff021711ec7896b1f0c97c415a19f52063c7354fbcf3c3bc5RBS Change Complet Open Source suffers from a cross site request forgery vulnerability.
d43040fd7032e2ecb3e882ad775ad21c302409504829f119ffc7016979f2dfffGNU Bash version 4.3.11 environment variable dhclient shellshocker exploit.
0a0a25be13735fb37391eb0c2dcea9b3ca159ae100cf4ca70c8f452cd9a34b16HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability.
719b732e5e72911d054b6ed18ca5b6c8966afb541239db03bc1b69bb8709be8dKolibri Webserver version 2.0 buffer overflow exploit with EMET 5.0 and EMET 4.1 partial bypass.
ed20a7e13c0f3d161d5a027baacc2e3b5ba210b5711b12193b08d2d80ae17434CarolinaCon is now accepting speaker/paper/demo submissions for its 11th annual conference. This event will be held March 20th through the 22nd, 2015 in Raleigh, NC, USA.
da014c647f7df6dd455bac1fc78570689cdba3cecad42f10ab38476209cc6514AllMyVisitors version 0.5.0 suffers from multiple remote blind SQL injection vulnerabilities related to authentication bypass during login, cookie handling, and header handling.
352c44152e3fc4d8542ed9a4dae4f7fd788f7572a22248f0a2ced71ce2342ba6PHPCompta/NOALYSS version 6.7.1 5638 suffers from a remote command execution vulnerability.
e5dadc97a8bfeed94c0f053016901c520e21d4b7c1fe8bc95edda9f788efe878WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability.
6d1bb6dd85f2116cd4554ec0396d40bab0f7320fa84b6159add034a733189115This Metasploit module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing the payload on the hard drive of any Windows partition seen. Note: the displayed IP address of a target is the address this DHCP server handed out, not the "normal" IP address the host uses.
eccfe4bccc8cc819b0c0b0ed3f9685768bdbfd924bcd34807ff51c586f845e6aThis Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ecXShock is a python script that exploits the recent bash vulnerability. It includes four reverse shells that can be used during the attack.
1a8bd993f5c64870806410d5fe62dac2cabbf441a4227dac519d0b5a72ebef22This is a chat system composed of a TCP/IP server daemon in C and its corresponding java client. You can chat with other peers in clear text or AES password based encryption on your own computer network. The AES password encryption and decryption functions is based on 128 bit key which is padded using SHA-256 applied to the provided password. Further details with instructions in README file.
e1e3759df7fa1d7a5f9c56b174462e9d9ee500fa34e49a29f464a71d82647c56Red Hat Security Advisory 2014-1351-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.
0a41b2ae2b2a8bba9d00bf851faa35848af9eabb7c40a1c1a02ef02e737b9677Red Hat Security Advisory 2014-1352-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.
3227a2789c9b0ba77b00e40c13fdd0d7741d09b78e22e4b49b90b0b7944aaf8a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed