what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-11-04

Ubuntu Security Notice USN-2397-1
Posted Nov 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2397-1 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2014-4975, CVE-2014-8080
MD5 | 8ac610ac17e23a5965e32f8ec98a58fc
Red Hat Security Advisory 2014-1801-01
Posted Nov 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1801-01 - Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys. A local attacker could potentially use this flaw to execute arbitrary code on the system.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-3675, CVE-2014-3676, CVE-2014-3677
MD5 | 7a598fd93d479cbed89513187e0fca87
CNIL CookieViz Cross Site Scripting / SQL Injection
Posted Nov 4, 2014
Authored by iliketurtles

CNIL CookieViz suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-8351, CVE-2014-8352
MD5 | 77a883845c3d05b518eb552265727c32
WordPress Clean And Simple Contact Form 4.4.0 XSS
Posted Nov 4, 2014
Authored by Ajin Abraham

WordPress Clean and Simple contact Form plugin version 4.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8abcb9ce6975cf56bd8b8f4ff02c2a10
Slackware Security Advisory - seamonkey Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 6cf078b3e1d19c2ee54142e0384c2560
Slackware Security Advisory - php Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | a603da7b7cfdbaa3217207c62bbe3fa0
Slackware Security Advisory - mozilla-firefox Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | b5097d55a3275c7ec37c2310d6d36c08
Slackware Security Advisory - mariadb Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-6464, CVE-2014-6469, CVE-2014-6491, CVE-2014-6494, CVE-2014-6496, CVE-2014-6500, CVE-2014-6507, CVE-2014-6555, CVE-2014-6559
MD5 | d3337bc6de79206d93623aa31226b141
HP Security Bulletin HPSBUX03162 SSRT101767 2
Posted Nov 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
MD5 | 36f67b4acf4fc85c15ae6777f4b2027c
FastHealth.com CMS Open Redirect
Posted Nov 4, 2014
Authored by Renzi

FastHealth.com suffers from an open redirection vulnerability.

tags | exploit
MD5 | 28584dcb1bb96d95984bf4649086b269
vBulletin 4.2.1 Open Redirect
Posted Nov 4, 2014
Authored by Renzi

vBulletin version 4.2.1 suffers from an open redirection vulnerability.

tags | exploit
MD5 | e6d032e39454031d7c90fd6cd92c0d4b
Ahrareandeysheh CMS Cross Site Scripting
Posted Nov 4, 2014
Authored by IeDb

Ahrareandeysheh CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 550760f90d08e17de2d3492365971e99
SSLsplit 0.4.9
Posted Nov 4, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: No longer chroot() to /var/empty by default if run by root, in order to prevent breaking -S and sni proxyspecs (issue #21). Fixed segmentation fault when using -t without a CA. Various other updates.
tags | tool, encryption
MD5 | 90d3ea10c6c68d625164875d129a75f9
I2P 0.9.16
Posted Nov 4, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 76db384affd65b07f6aea38ac2aedb46
Samhain File Integrity Checker 3.1.3
Posted Nov 4, 2014
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Removed initgroups() from the popen call in unix entropy gatherer. Added error message for update mode if local baseline cannot be found.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | cc286eab828409f4480b70fe6dde390f
EllisLab ExpressionEngine Core SQL Injection
Posted Nov 4, 2014
Authored by Jerzy Kramarz, Alejo Murillo Moyas | Site portcullis-security.com

EllisLab ExpressionEngine Core versions prior to 2.9.0 suffer from multiple authenticated remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-5387
MD5 | 749340dacca102d15684ace776fc8205
ImageMagick Out-Of-Bounds Read / Heap Overflow
Posted Nov 4, 2014
Authored by Hanno Boeck | Site hboeck.de

ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.

tags | advisory, overflow
advisories | CVE-2014-8354, CVE-2014-8355, CVE-2014-8561, CVE-2014-8562
MD5 | e1ff855f01c65563219957c5d0ebf816
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close