exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-11-11

Red Hat Security Advisory 2014-1843-01
Posted Nov 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1843-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646
MD5 | 838236722cfc39d19177d9255e2f59a6
Red Hat Security Advisory 2014-1826-01
Posted Nov 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1826-01 - LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
MD5 | 5d8f8b6b4ace15d471accc5f869ec2e3
Red Hat Security Advisory 2014-1827-01
Posted Nov 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1827-01 - The kdenetwork packages contain networking applications for the K Desktop Environment. Krfb Desktop Sharing, which is a part of the kdenetwork package, is a server application that allows session sharing between users. Krfb uses the LibVNCServer library. A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
MD5 | 50c95e67a11a72127f4ec3c63384a7e9
Microsoft Security Bulletin Summary For November, 2014
Posted Nov 11, 2014
Site microsoft.com

This bulletin summary lists fourteen released Microsoft security bulletins for November, 2014.

tags | advisory
MD5 | b9d03dfea0018b21451fdc415506582b
Ubuntu Security Notice USN-2408-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2408-1 - Elena Ezhova discovered that OpenStack Neutron did not properly perform access control checks for attributes. A remote authenticated attacker could exploit this to bypass intended access controls and reset admin-only attributes to default values.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-6414
MD5 | be3c86b352a46d0cfdd707368d11b50a
Ubuntu Security Notice USN-2407-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2407-1 - Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. Amrith Kumar discovered that OpenStack Nova did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Nova log files could obtain access to sensitive information. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-3608, CVE-2014-7230
MD5 | 3cb6d5e5f992d491dd119f031530fc35
Ubuntu Security Notice USN-2406-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2406-1 - Brant Knudson discovered that OpenStack Keystone did not properly perform input sanitization when performing endpoint catalog substitution. A remote attacker with privileged access for creating endpoints could exploit this to obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3621
MD5 | 05bfd474b670b55b110e9005debc5116
Ubuntu Security Notice USN-2405-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2405-1 - Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Cinder log files could obtain access to sensitive information. Various other issues were also addressed.

tags | advisory, remote, local
systems | linux, ubuntu
advisories | CVE-2014-3641, CVE-2014-7230
MD5 | f73532c6280f03051305ca2ebe8a7951
Ubuntu Security Notice USN-2404-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2404-1 - Pavel Hrdina discovered that libvirt incorrectly handled locking when processing the virConnectListAllDomains command. An attacker could use this issue to cause libvirtd to hang, resulting in a denial of service. Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain information from the domain xml file. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3657, CVE-2014-7823
MD5 | c6d13a184fddc06e37fd0fd8fe35e08e
Ubuntu Security Notice USN-2403-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2403-1 - Sean Burford discovered that GnuTLS incorrectly handled printing certain elliptic curve parameters. A malicious remote server or client could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8564
MD5 | 5354474d216b2973583ec7c9312cab2a
MercadoLibre SSL Certification Validation Flaw
Posted Nov 11, 2014
Authored by Will Dormann, Joaquin Manuel Rinaudo

The MercadoLibre application for Android is missing SSL certificate validation.

tags | advisory
advisories | CVE-2014-5658
MD5 | b1ff0cbb4a2152e795c194308e00c2a3
MIT Open Redirect
Posted Nov 11, 2014
Authored by Renzi

webmail.mit.edu suffers from an open redirection vulnerability.

tags | exploit
MD5 | 0300c4d8371d070d57ff5bdbddf38c94
PHP-Fusion 7.02.07 SQL Injection
Posted Nov 11, 2014
Authored by Mauricio Correa

PHP-Fusion version 7.02.07 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
advisories | CVE-2014-8596
MD5 | 085b05f62b35e2b50396e37cc0563733
Progress OpenEdge 11.2 Directory Traversal
Posted Nov 11, 2014
Authored by Mauricio Correa

Progress OpenEdge version 11.2 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2014-8555
MD5 | a09c8ab22e4e21e6a5a780631678aaf4
Internet Explorer 8 MS14-035 Use-After-Free
Posted Nov 11, 2014
Authored by Ayman Sagy

Microsoft Internet Explorer 8 MS14-035 use-after-free exploit.

tags | exploit
advisories | CVE-2014-2782
MD5 | 45b108c50707844dc251959ece615623
Ubuntu Security Notice USN-2402-1
Posted Nov 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2402-1 - David Edmundson discovered that the KDE Clock KCM policykit helper did not properly guard against untrusted input. Under certain circumstances, a process running under the user's session could exploit this to run programs as the administrator.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-8651
MD5 | 0d51d9c7389b29c01843986f05fd4dc3
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    11 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close