what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-10-24

TOR Virtual Network Tunneling Tool 0.2.5.10
Posted Oct 24, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: It adds several new security features, including improved denial-of-service resistance for relays, new compiler hardening options, and a system-call sandbox for hardened installations on Linux (requires seccomp2). The controller protocol has several new features, resolving IPv6 addresses should work better than before, and relays should be a little more CPU-efficient.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 4bde375229a7a7f77c0596ae05556527
EMC Avamar Sensitive Information Disclosure
Posted Oct 24, 2014
Site emc.com

EMC Avamar server contains a vulnerability that may allow remote Avamar client user to retrieve sensitive account credentials from affected Avamar server using Java API calls. No authentication to Avamar server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in EMC Avamar Enterprise Manager. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43 are affected.

tags | advisory, java, remote
advisories | CVE-2014-4624
MD5 | d19f3931b51a61465ff6d512941a17fe
EMC Avamar Weak Password Storage
Posted Oct 24, 2014
Site emc.com

EMC ADS/AVE Password hardening package uses the DES-based traditional Unix crypt scheme that may be susceptible to brute force and dictionary attacks if the hashes are obtained by an adversary. The hardening package is an optional package and installed separately. Affected includes EMC Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE) running Avamar 6.0.x, 6.1.x, and 7.0.x running with optional Password hardening package earlier than version 2.0.0.4.

tags | advisory
systems | unix
advisories | CVE-2014-4623
MD5 | 92847e53d2a9382756390e7975a5e69d
EMC NetWorker Module For MEDITECH (NMMEDI) Information Disclosure
Posted Oct 24, 2014
Site emc.com

A vulnerability exists in the EMC NetWorker Module for MEDITECH when used with EMC RecoverPoint that could potentially allow exposure of sensitive information. EMC NetWorker Module for MEDITECH (NMMEDI) version 3.0 builds 87-90 are affected.

tags | advisory
advisories | CVE-2014-4620
MD5 | aa65b78bb0d1be903c24cc4f45b39123
Apple Security Advisory 2014-10-22-1
Posted Oct 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-22-1 - QuickTime 7.7.6 is now available and addresses memory corruption and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | apple
advisories | CVE-2014-1391, CVE-2014-4350, CVE-2014-4351, CVE-2014-4979
MD5 | 9d8b4324f01fe43aa6f9aa9e32e5bcab
Mandriva Linux Security Advisory 2014-203
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-203 - OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.

tags | advisory, denial of service, protocol, memory leak
systems | linux, mandriva
advisories | CVE-2014-3566, CVE-2014-3567
MD5 | a3038bc503ef324b64277cf935934e98
Mandriva Linux Security Advisory 2014-204
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-204 - A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-3660
MD5 | 5538f1a37e165e9480997982fb99775b
Mandriva Linux Security Advisory 2014-202
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-202 - A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code. The updated php packages have been upgraded to the 5.5.18 version resolve this security flaw. Additionally, php-apc has been rebuilt against the updated php packages.

tags | advisory, arbitrary, php
systems | linux, mandriva
advisories | CVE-2014-3670
MD5 | 050cf19bec3793f3947fe208502c55c0
Mandriva Linux Security Advisory 2014-209
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-209 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. The updated packages provides a solution for these security issues.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | 6a5ddc0df233f6b5fab9a902430dd669
Mandriva Linux Security Advisory 2014-208
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-208 - In phpMyAdmin before 4.2.10.1, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8326
MD5 | 2a816b833e73247387dbe650087bcf86
Mandriva Linux Security Advisory 2014-207
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-207 - A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8760
MD5 | 5694f32b8031f64322d279cefc0312e9
Mandriva Linux Security Advisory 2014-206
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-206 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
MD5 | 2f6a84215d9ff0054e968de79614060b
Mandriva Linux Security Advisory 2014-205
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-205 - A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-5461
MD5 | dd24bc2fecc122b3bcc6094dc9ba496d
Slackware Security Advisory - glibc Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4237, CVE-2013-4458, CVE-2013-4788, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040
MD5 | cb4f932fa481526a80b99676e459f3f5
Slackware Security Advisory - pidgin Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3697, CVE-2014-3698
MD5 | 07e327f2603dadc670b6aed8f9db6483
Debian Security Advisory 3055-1
Posted Oct 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3055-1 - Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698
MD5 | f31d4cf8abcaa9bcb4bacd6597d99daa
MyBB MyBBlog 1.0 Cross Site Scripting
Posted Oct 24, 2014
Authored by DevilScreaM

MyBB MyBBlog plugin version 1.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | d3b49afe02813513cb982fabfda4823f
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close