exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-03-09

Ubuntu Security Notice USN-2505-2
Posted Mar 9, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2505-2 - USN-2505-1 fixed vulnerabilities in Firefox. This update removed the deprecated "-remote" command-line switch that some older software still depends on. This update fixes the problem. Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.

tags | advisory, remote, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0834
SHA-256 | 24490ac6e18ae25e02c66d020d2b7428b794509223339ae92458db4bd284fc78
Red Hat Security Advisory 2015-0662-01
Posted Mar 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0662-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
SHA-256 | 5f84972629ae28abcc608467e49695feaf6aaa26c0d6c49b2fd593163370f3db
Red Hat Security Advisory 2015-0660-01
Posted Mar 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0660-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
SHA-256 | ce8b4230442294474edab2cf8ba6500a5f5f05caba1d03101e128b3b00a812ad
Red Hat Security Advisory 2015-0661-01
Posted Mar 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0661-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. The Qpid packages provide a message broker daemon that receives, stores and routes messages using the open AMQP messaging protocol along with run-time libraries for AMQP client applications developed using Qpid C++. Clients exchange messages with an AMQP message broker using the AMQP protocol. It was discovered that the Qpid daemon did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0203, CVE-2015-0223, CVE-2015-0224
SHA-256 | e1033a8a290201972f0d28d5caf8c23c4d9ab80f92964540c8a6c9d061697444
Mandriva Linux Security Advisory 2015-056
Posted Mar 9, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-056 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-6435, CVE-2014-8118
SHA-256 | 7e87068c24ee66145d63ce115342713c291da259fa85a94842f8e9f9641c874b
HP Security Bulletin HPSBGN03277 1
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03277 1 - Potential security vulnerabilities have been identified with the NTP service that is present on HP Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of Service (DoS), and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
SHA-256 | 6f8df7e9e5aa2dc95c49d69acba27bcb4e6053d7c678ab167cb1204eb8443695
HP Security Bulletin HPSBUX03235 SSRT101750 3
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03235 SSRT101750 3 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2011-1910, CVE-2014-8500
SHA-256 | 48ab3ea388c95dfd47a9112080b4f0070bbdd1ea48a4360f9fec2342840fcc7a
HP Security Bulletin HPSBPI03107 2
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 2 of this advisory.

tags | advisory, remote
advisories | CVE-2014-0224
SHA-256 | c1ad504494d3cdd80a5c5cdc4156f38730c673b2d60c7e2e87ea3ef6f4099a3a
HP Security Bulletin HPSBHF03279 1
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03279 1 - Potential security vulnerabilities have been identified with certain HP Point of Sale PCs Running Windows with OLE Point of Sale (OPOS) Drivers. These vulnerabilities could be remotely exploited resulting in execution of code. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2014-7888, CVE-2014-7889, CVE-2014-7890, CVE-2014-7891, CVE-2014-7892, CVE-2014-7893, CVE-2014-7894, CVE-2014-7895, CVE-2014-7897, CVE-2014-7898
SHA-256 | 0337137cf9b6fd38324c4d5c3461f7935b87ac5be078641c497709d7611a1313
Slackware Security Advisory - samba Updates
Posted Mar 9, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0240
SHA-256 | 395f5f75150584b529e443ac6c4239929607552fcf310a6961ec6a0cb5f4515e
Debian Security Advisory 3180-1
Posted Mar 9, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3180-1 - Alexander Cherepanov discovered that bsdcpio, an implementation of the 'cpio' program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.

tags | advisory
systems | linux, debian
SHA-256 | e3f8345a39ac1135c5240b1070c21fe33a5ed2d8b67c05e4bd6b7322ef6e15f0
Gentoo Linux Security Advisory 201503-05
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-5 - Multiple vulnerabilities have been found in FreeType, possibly resulting in Denial of Service. Versions less than 2.5.5 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9659, CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663, CVE-2014-9664, CVE-2014-9665, CVE-2014-9666, CVE-2014-9667, CVE-2014-9668, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675
SHA-256 | 18c20fc5dea96db94329999ec37cf2a66601bd49860954c458cb8846091c88e5
Gentoo Linux Security Advisory 201503-04
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.

tags | advisory, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-0242, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2014-4043, CVE-2015-0235
SHA-256 | 3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613
Gentoo Linux Security Advisory 201503-03
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-3 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.21 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3710, CVE-2014-8142, CVE-2014-9425, CVE-2014-9427, CVE-2015-0231, CVE-2015-0232
SHA-256 | f4b1f5999f8e64b5ebece53ea940ad066475808daa6304fe2c13343ae3f4b837
Gentoo Linux Security Advisory 201503-02
Posted Mar 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-2 - A vulnerability has been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.16 are affected.

tags | advisory, denial of service, local
systems | linux, gentoo
advisories | CVE-2015-0245
SHA-256 | a6a8d7ba46ea206d024636d750e906df8bd257cbc82592d349cdaa671b9762a8
Rowhammer Linux Kernel Privilege Escalation
Posted Mar 9, 2015
Authored by Mark Seaborn

This is a proof-of-concept exploit that is able to gain kernel privileges on machines that are susceptible to the DRAM "rowhammer" problem. It runs as an unprivileged userland process on x86-64 Linux. It works by inducing bit flips in page table entries (PTEs).

tags | exploit, x86, kernel
systems | linux
SHA-256 | b98de0b89f4234492083f03996c7cb5d72fb3cfcc699889b93c0cd1a61b15025
ocPortal 9.0.16 Cross Site Scripting
Posted Mar 9, 2015
Authored by Dennis Veninga

ocPortal version 9.0.16 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 2b2de1e09e79b26413838c5bc21bf2c31f196dacf85734cbc5465693bd010e00
OverCoffee Instant 2.0 SQL Injection
Posted Mar 9, 2015
Authored by X-Cisadane

OverCoffee Instant version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6a29f0ab377354d295f0f561c5e802d0cc87e7e9444d82a7b6c12ecd6d5dc0c8
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close