exploit the possibilities
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-04-02

OpenSCAP Libraries 1.2.2
Posted Apr 2, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: OVAL 5.11 support turned on by default. Various other updates and improvements.
tags | protocol, library
systems | unix
MD5 | e0409939c44dc52eac401b10e725cde4
VMware Security Advisory 2015-0003
Posted Apr 2, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0003 - VMware product updates address critical information disclosure issue in JRE.

tags | advisory, info disclosure
advisories | CVE-2014-6593
MD5 | 72397aa3dd39c27454d69bdbb94ce552
Mandriva Linux Security Advisory 2015-188
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-188 - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. The updated packages provides a solution for these security issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | 94562320174767c783319e51be1885de
Mandriva Linux Security Advisory 2015-187
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-187 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-9157
MD5 | 6da8c6ff5cf16c6aad18739317da6f0d
Red Hat Security Advisory 2015-0776-01
Posted Apr 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0776-01 - Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.

tags | advisory, web, registry
systems | linux, redhat
advisories | CVE-2015-1843
MD5 | c97068e0780e751e26220b83729dede3
Ubuntu Security Notice USN-2552-1
Posted Apr 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2552-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.

tags | advisory, csrf
systems | linux, ubuntu
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
MD5 | 77ab218a6b74e5891507d3c7b5769335
HP Security Bulletin HPSBGN03302 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03302 1 - A potential security vulnerability has been identified with HP IceWall Federation Agent. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-0338
MD5 | f3c18e60f3a5c0581ba588a4f4a9f76c
Mandriva Linux Security Advisory 2015-161-1
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-161 - The Regular Expressions package in International Components for Unicode 52 before SVN revision 292944 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a zero-length quantifier or look-behind expression. The collator implementation in i18n/ucol.cpp in International Components for Unicode 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940
MD5 | 513173ab45bfaeb3fed1854b6ca36b3f
Mandriva Linux Security Advisory 2015-191
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-191 - Multiple vulnerabilities has been discovered and corrected in owncloud. The updated packages have been upgraded to the 7.0.5 version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
MD5 | 7c76c398e77bd16792b40609f6cb044d
Mandriva Linux Security Advisory 2015-190
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-190 - Multiple vulnerabilities have been discovered and corrected in owncloud. The updated packages have been upgraded to the 5.0.19 version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-9041, CVE-2014-9042, CVE-2014-9043, CVE-2014-9045
MD5 | a097a9a0bb0d9d38e0544f8fefc2c9f5
Mandriva Linux Security Advisory 2015-189
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-189 - The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs.

tags | advisory, denial of service
systems | linux, mandriva
MD5 | d80d0a43989892af837a19436c23cba0
Ceragon FibeAir IP-10 SSH Private Key Exposure
Posted Apr 2, 2015
Authored by H D Moore, Tod Beardsley | Site metasploit.com

This Metasploit module exploits the fact that Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user.

tags | exploit, remote
advisories | CVE-2015-0936
MD5 | dbb01da873f25f0307a2f3e8830b4bef
Ceragon FibeAir IP-10 SSH Private Key Exposure
Posted Apr 2, 2015
Authored by Tod Beardsley

Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2015-0936
MD5 | c2487bfe9c9cf7d10a34883ec1307f91
Ubuntu Security Notice USN-2553-2
Posted Apr 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2553-2 - USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8130, CVE-2014-9330, CVE-2014-9655
MD5 | 7bf00d074c1486f947f7b6fdc24a26de
HP Security Bulletin HPSBST03298 2
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03298 2 - Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | windows
MD5 | a2899900b2c1525f86e831dbbdc00754
HP Security Bulletin HPSBGN03307 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03307 1 - A potential security vulnerability has been identified with HP Intelligent Provisioning that could result in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2111
MD5 | fbab3612cfe04f7f6a275ffef6899a4a
HP Security Bulletin HPSBMU03304 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03304 1 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.

tags | advisory, x86, vulnerability
systems | windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | 6bbfa7e1d78cf98c68aafdc13271503c
Debian Security Advisory 3211-1
Posted Apr 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3211-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.

tags | advisory, denial of service, arbitrary, csrf
systems | linux, debian
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
MD5 | 0e68e4354b2288871c755e7484bb9b99
Cisco Security Advisory 20150401-dcnm
Posted Apr 2, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary, info disclosure
systems | cisco
MD5 | 253e27eacf437566dd13070578d4e932
Cisco Security Advisory 20150401-cuc
Posted Apr 2, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, denial of service, vulnerability, protocol
systems | cisco
MD5 | 1b8762f34578b77fbba494610f5efe66
Samba / OpenLDAP Jitterbug Cross Site Scripting
Posted Apr 2, 2015
Authored by Yann CAM

Samba and OpenLDAP Jitterbug instances suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b08806d1974cf8557b3872e15038f34a
phpList 3.0.10 Insecure Direct Object Reference
Posted Apr 2, 2015
Authored by Provensec

phpList version 3.0.10 suffers from an insecure direct object reference vulnerability.

tags | exploit
MD5 | f7a74ad142a3c672a2b18d4b2da55568
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close