what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-04-02

OpenSCAP Libraries 1.2.2
Posted Apr 2, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: OVAL 5.11 support turned on by default. Various other updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | 9d28afe3daa926c2a9ff32dc0be08f163b7f34e4e456f2263ae9b01c88244ebf
VMware Security Advisory 2015-0003
Posted Apr 2, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0003 - VMware product updates address critical information disclosure issue in JRE.

tags | advisory, info disclosure
advisories | CVE-2014-6593
SHA-256 | d2cac7510a812a9e5ad6ab1a17ebdd42a6cf219288ba22d4633ff0e2ce1f85e4
Mandriva Linux Security Advisory 2015-188
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-188 - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. The updated packages provides a solution for these security issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 05dfc86eaebf1ee000b74ab6147e7badb5c9d055f0731dc16979b307c384bac9
Mandriva Linux Security Advisory 2015-187
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-187 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Additionally the gtkglarea2 and gtkglext packages were missing and was required for graphviz to build, these packages are also being provided with this advisory.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-9157
SHA-256 | 94dd81e7f7093f530045667750dd5276b5b1945c8f0a3623466b7d64491119dc
Red Hat Security Advisory 2015-0776-01
Posted Apr 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0776-01 - Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.

tags | advisory, web, registry
systems | linux, redhat
advisories | CVE-2015-1843
SHA-256 | b89975366ee6328c10cdb0972ba6d35579d720825039dd0de3a5990c71892d7a
Ubuntu Security Notice USN-2552-1
Posted Apr 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2552-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.

tags | advisory, csrf
systems | linux, ubuntu
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
SHA-256 | 0972d9db16ebd8233794cbdb7b056a8d143dae4f82bcece8ef3a4178d91425fe
HP Security Bulletin HPSBGN03302 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03302 1 - A potential security vulnerability has been identified with HP IceWall Federation Agent. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2013-0338
SHA-256 | 0c598bb274eeeb91e08f4bc2f5e99d94c5348bad37c8dd43877df30730c3be7c
Mandriva Linux Security Advisory 2015-161-1
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-161 - The Regular Expressions package in International Components for Unicode 52 before SVN revision 292944 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a zero-length quantifier or look-behind expression. The collator implementation in i18n/ucol.cpp in International Components for Unicode 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940
SHA-256 | 49d3630130b46ac02279d010879b18cd3f011430b7437293db81abac638f510b
Mandriva Linux Security Advisory 2015-191
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-191 - Multiple vulnerabilities has been discovered and corrected in owncloud. The updated packages have been upgraded to the 7.0.5 version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
SHA-256 | f8a5e1a519b807d253347846f6363fdb094ab379701f13b264d2eead2d04dfb8
Mandriva Linux Security Advisory 2015-190
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-190 - Multiple vulnerabilities have been discovered and corrected in owncloud. The updated packages have been upgraded to the 5.0.19 version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-9041, CVE-2014-9042, CVE-2014-9043, CVE-2014-9045
SHA-256 | 6fd377dd29bbd30e66c0b3e1c809d20c1adae98eff802df38dd47ec10d0d5bf9
Mandriva Linux Security Advisory 2015-189
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-189 - The tor package has been updated to version 0.2.4.26, which fixes possible crashes that may be remotely trigger-able, which would result in a denial of service, and also fixes a few other bugs.

tags | advisory, denial of service
systems | linux, mandriva
SHA-256 | 52fcf4a98c1b933ea290eafeed607d159859972abb36cc0457aaadee25ad465e
Ceragon FibeAir IP-10 SSH Private Key Exposure
Posted Apr 2, 2015
Authored by H D Moore, Tod Beardsley | Site metasploit.com

This Metasploit module exploits the fact that Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user.

tags | exploit, remote
advisories | CVE-2015-0936
SHA-256 | 3ffda87a127eecead37db406771d24d73a3f8fb62c5608cc9113f96992bf3bc3
Ceragon FibeAir IP-10 SSH Private Key Exposure
Posted Apr 2, 2015
Authored by Tod Beardsley

Ceragon FibeAir IP-10 suffers from an SSH private key exposure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2015-0936
SHA-256 | 768dfecfdbbc1cece9dc248bd3f46e0b6f857da272a00ca6029519bf8127e833
Ubuntu Security Notice USN-2553-2
Posted Apr 2, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2553-2 - USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8130, CVE-2014-9330, CVE-2014-9655
SHA-256 | 0dd5a8710212488bbb9a34fdc96f600275ee2a21f853b93728fe6796576c12d8
HP Security Bulletin HPSBST03298 2
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03298 2 - Potential security vulnerabilities have been identified with HP XP Service Processor Software for Windows. These vulnerabilities could be exploited resulting in a variety of outcomes. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | windows
SHA-256 | f0f3786a55de206b56270c456c7cdcfebdc8d31964d99837b2cb4da7bf277d1c
HP Security Bulletin HPSBGN03307 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03307 1 - A potential security vulnerability has been identified with HP Intelligent Provisioning that could result in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2111
SHA-256 | 5bf0e8a49bde0dce4b3114a3bb06d78f25aa7d84f9c87f320905f0548e1d6360
HP Security Bulletin HPSBMU03304 1
Posted Apr 2, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03304 1 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information. HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware. Revision 1 of this advisory.

tags | advisory, x86, vulnerability
systems | windows
advisories | CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | 23cb06e0b40a2e6e6cbc8eac69a2687e1b1ecb149c980483c62275e613a41bad
Debian Security Advisory 3211-1
Posted Apr 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3211-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery.

tags | advisory, denial of service, arbitrary, csrf
systems | linux, debian
advisories | CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816
SHA-256 | cff8accf61876aa8543a109416292a9637285376e9eb63bff416160be4708f1f
Cisco Security Advisory 20150401-dcnm
Posted Apr 2, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a file information disclosure vulnerability that could allow an unauthenticated, remote attacker to retrieve arbitrary files from the underlying operating system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, arbitrary, info disclosure
systems | cisco
SHA-256 | 83618c13bb9c82b0d8dc57916e8cbbc985903295c2e90032fb538494d5b5935f
Cisco Security Advisory 20150401-cuc
Posted Apr 2, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, denial of service, vulnerability, protocol
systems | cisco
SHA-256 | 6dcb79fdd0631fbc29ca28fecbabd60167c8419c12237fa33e25b626b78482bc
Samba / OpenLDAP Jitterbug Cross Site Scripting
Posted Apr 2, 2015
Authored by Yann CAM

Samba and OpenLDAP Jitterbug instances suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4b67442c2d4607cdb7bef4db6decebca7bad32c636e64c6031a791331f5c7bfe
phpList 3.0.10 Insecure Direct Object Reference
Posted Apr 2, 2015
Authored by Provensec

phpList version 3.0.10 suffers from an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | 7772546874c47e1bdb59fee8bab9483dadffb2743ee5e098654b4bc1dc80ac46
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close