This bulletin summary lists one bulletin that has undergone a major revision increment for February, 2015.
8992a2b84787e8c3a6af5e9bb3ded639ae6589f4b29cff6b2f4be516154a16a8This bulletin summary lists nine released Microsoft security bulletins for February, 2015.
5c7a8410702470e17dce26624265cd4761b0f7bdd3cbced18d05cbd4fda22978This Metasploit module exploits a unicode SEH-based stack buffer overflow in Achat version 0.150. By sending a crafted message to the default port 9256 it's possible to overwrites the SEH handler. Even when the exploit is reliable it depends of timing since there are two threads overflowing the stack in the same time. This Metasploit module has been tested on Windows XP SP3 and Windows 7.
875859bfca563dbdc2831b10feb2e378f857c14faab6ceb6ef8decc4e8cf734aDuring a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a browser. Affected versions include 9.1.x versions earlier than 9.1.1229 and 9.2.x versions earlier than 9.2.1.48.
e07f2874cfcbff3e7623bda4946508578bc74d18987c825b4760bf2b1841eb30Mandriva Linux Security Advisory 2015-043 - An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
78c4ebc355ef57a8f65bf66a10f4072a53a151e9a0b9ff461469d27a4cbf76e1Mandriva Linux Security Advisory 2015-042 - ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted upx packer files. This issue was discovered by Kevin Szkudlapski of Quarkslab. Fix a heap out of bounds condition with crafted upack packer files. This issue was discovered by Sebastian Andrzej Siewior. Compensate a crash due to incorrect compiler optimization when handling crafted petite packer files. This issue was discovered by Sebastian Andrzej Siewior.
0f31768a032aa445bf6c6645b079c10c5d92c4d4313198bf0e21aab63085c11cMandriva Linux Security Advisory 2015-041 - Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service.
57c01618d2a6be2bd2138ee390169ed9153232eb1539290e84b9d7a0e8d12ac7Mandriva Linux Security Advisory 2015-040 - Robert Scheck discovered a flaw in Zarafa WebAccess >= 7.0.0 and Zarafa WebApp that could allow a remote unauthenticated attacker to exhaust the disk space of /tmp. This update also adds some patches from Robert Scheck which correct some packaging issues with zarafa-webaccess.
aacd5843699be6279756f6f8c44982c115706fb7f6481e02dd3bc3448b5d4785HP Security Bulletin HPSBMU03246 1 - Potential security vulnerabilities have been identified with HP Insight Control for Linux Central Management Server Pre-boot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
3bc364eb213e9861d4e21588302ac46a9d28eaf2ef45b15cfb72ed924b71144eHP Security Bulletin HPSBMU03245 1 - Potential security vulnerabilities have been identified with HP Insight Control server deployment Linux Preboot Execution Environment that could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
547a09874ba71ce03f8459976cd14cc2cb14970581a4d419a52cee64bf714d9eHP Security Bulletin HPSBGN03255 1 - Several potential security vulnerabilities have been identified with HP OpenCall Media Platform running SSLv3. This is the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
f2b9a90ebb67798177f91b2d0c370b76d7db5f14619c8f3162133182a127caceMandriva Linux Security Advisory 2015-039 - Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the gethostbyname2 function, aka GHOST. The updated packages have been patched to correct this issue.
2988cae9f4b2d9755cd45cfb07efe524d20a846420d827788fb6e9e8e45bb1e7HP Security Bulletin HPSBGN03251 1 - A potential security vulnerability has been identified with HP Storage Essentials running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
10af1ed449f81c7e58c6aeb307faadea54c58656e074d67d774a15052f1b4da1Debian Linux Security Advisory 3158-1 - Michal Zalewski and Hanno Boeck discovered several vulnerabilities in unrtf, a RTF to other formats converter, leading to a denial of service (application crash) or, potentially, the execution of arbitrary code.
e7ffea3953e1dd2cdc9a1a309206ca36dd28a81db5cfb0aa901b611d4af86a5a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed