all things security
Showing 1 - 25 of 395 RSS Feed

Files Date: 2014-11-01 to 2014-11-30

Ubuntu Security Notice USN-2426-1
Posted Nov 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2426-1 - Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | a38684a77f68c0304df035fb082b87c4
Ubuntu Security Notice USN-2427-1
Posted Nov 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2427-1 - Hanno Bock discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9087
MD5 | aa05292572b774aa3bf73f8e7e3a4ddf
Tiny Server 1.1.9 Arbitrary File Disclosure
Posted Nov 29, 2014
Authored by ZoRLu

Tiny Server version 1.1.9 suffers from a file disclosure vulnerability via directory traversal.

tags | exploit, info disclosure
MD5 | 75dcaeabe7ab879d3f79ae75ed9bca3d
WordPress 4.0 Denial Of Service
Posted Nov 29, 2014
Authored by John Martinelli

WordPress versions 4.0 and below suffer from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-9034
MD5 | 6bf443ef64575baec673f3590c78c66d
Responder 2.1.3
Posted Nov 29, 2014
Authored by laurent gaffie | Site github.com

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Changes: Several enhancements including analyze mode, inclusion of various rogue servers, and more.
tags | tool, web
systems | unix
MD5 | 2217529f94d9bc5e61a8d2a7fe606c77
HP Security Bulletin HPSBGN03209
Posted Nov 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03209 - A potential security vulnerability has been identified with HP Application Lifecycle Management running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | 28194b252becbc7597e4977fdd471f73
Ubuntu Security Notice USN-2425-1
Posted Nov 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2425-1 - It was discovered that DBus incorrectly handled a large number of file descriptor messages. A local attacker could use this issue to cause DBus to stop responding, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-7824
MD5 | f2a95196c63cfe08addb66450febd4bf
Tuleap 7.6-4 PHP Object Injection
Posted Nov 28, 2014
Authored by EgiX

Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.

tags | exploit, php
advisories | CVE-2014-8791
MD5 | 996df917e13e1acb41ce3587aaadfbe7
FileVista Path Leakage / Path Write Modification
Posted Nov 28, 2014
Authored by DS

FileVista versions prior to 6.1 leak internal path data and allow extraction outside of the stated path.

tags | advisory, info disclosure
advisories | CVE-2014-8788, CVE-2014-8789
MD5 | 7d0dfbef3741155722a7ca59d645ed80
Gentoo Linux Security Advisory 201411-11
Posted Nov 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-11 - Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0128, CVE-2014-7141, CVE-2014-7142
MD5 | cbe0833a61541372eb99920080cc3a8f
Debian Security Advisory 3078-1
Posted Nov 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3078-1 - An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-9087
MD5 | 965c78a03ffcbe621696690bdf4a78e4
Mandriva Linux Security Advisory 2014-235
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-235 - Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-5269
MD5 | 270003ab7e450c0c88c3fcce2e116e67
Mandriva Linux Security Advisory 2014-234
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-234 - Updated libksba packages fix a security vulnerability. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service.

tags | advisory, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2014-9087
MD5 | aa9a63204a3f5d87f74be2b91465c555
Mandriva Linux Security Advisory 2014-236
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-236 - An out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file. This could possibly lead to file executable crash.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3710
MD5 | 9418cdef0c381844c0de9590a10e2ab3
Mandriva Linux Security Advisory 2014-233
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-233 - An updated wordpress package fixes cross site scripting, cross site request forgery, and various other vulnerabilities.

tags | advisory, vulnerability, xss, csrf
systems | linux, mandriva
advisories | CVE-2014-9031, CVE-2014-9032, CVE-2014-9033, CVE-2014-9034, CVE-2014-9035, CVE-2014-9036, CVE-2014-9037, CVE-2014-9038, CVE-2014-9039
MD5 | 288503effbbc8b9c6f0c840e149c7914
Mandriva Linux Security Advisory 2014-232
Posted Nov 28, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-232 - The function wordexp\(\) fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of $((... ``)) where ... can be anything valid. The backticks in the arithmetic expression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue.

tags | advisory, shell
systems | linux, mandriva
advisories | CVE-2014-7817
MD5 | 7b3eb93ce346e1df90abd3ec9d6b0df9
Red Hat Security Advisory 2014-1915-01
Posted Nov 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1915-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-26, listed in the References section. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-8439
MD5 | cb31c95d356a3eaf6857c9f62584bc42
Agafi-ROP x86 ROP-Chainer Tool
Posted Nov 28, 2014
Authored by Nicolas A. Economou

Agafi-ROP is a x86 ROP-Chainer tool oriented to build ROP chains for win32 programs, modules, and running processes.

tags | tool, x86
systems | windows
MD5 | 7a59622f47583ec641ed2e596b612702
Microsoft IIS 7.5 Cross Site Scripting
Posted Nov 28, 2014
Authored by A Z

Microsoft IIS version 7.5 suffers from an error message cross site scripting vulnerability.

tags | exploit, xss
MD5 | 152e4ab2c7c811226a05af5d9a02f75b
D-Link DAP-1360 Cross Site Scripting / Cross Site Request Forgery
Posted Nov 28, 2014
Authored by MustLive

The D-Link DAP-1360 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 27bd4054a49156d0664a0f4a7b85cf4b
Mandriva Linux Security Advisory 2014-231
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-231 - Icecast did not properly handle the launching of scripts on connect or disconnect of sources. This could result in sensitive information from these scripts leaking to clients.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-9018
MD5 | d733da1df5a4615a2c1a08b4cdf722be
Red Hat Security Advisory 2014-1914-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1914-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 0eb8d46493dde6ab962a9c6cea3a9e40
Mandriva Linux Security Advisory 2014-230
Posted Nov 27, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-230 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8369
MD5 | 0faf6770e14fbf8b183e2daab3b95edb
Red Hat Security Advisory 2014-1913-01
Posted Nov 27, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1913-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash.

tags | advisory, denial of service, overflow, ruby
systems | linux, redhat
advisories | CVE-2014-4975, CVE-2014-8080, CVE-2014-8090
MD5 | 32dd5b679d826a9757290e0883176953
Ubuntu Security Notice USN-2423-1
Posted Nov 27, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2423-1 - Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2013-6497, CVE-2014-9050
MD5 | a2a47d5b596acc51c92366b5c5f92d4c
Page 1 of 16
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close