all things security
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-04-30

RSA IMG 6.9 / 6.9.1 Insecure Password Reset
Posted Apr 30, 2015
Site emc.com

RSA IMG contains fixes for an insecure password reset vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 6.9 P04 and 6.9.1 P01 are affected. Versions prior to 6.9 are not affected.

tags | advisory
advisories | CVE-2015-0532
MD5 | ed95df3d5be651bac10b96dc181d417c
FrontRange DSM 7.2.1.2020 / 7.2.2.2331 Insecure Storage
Posted Apr 30, 2015
Authored by Matthias Deeg

The client management solution FrontRange Desktop and Server Management (DSM) stores and uses sensitive user credentials for required user accounts in an insecure manner which enables an attacker or malware with file system access to a managed client, for example with the privileges of a limited Windows domain user account, to recover the cleartext passwords. The recovered passwords can be used for privilege escalation attacks and for gaining unauthorized access to other client and/or server systems within the corporate network as at least one FrontRange DSM user account needs local administrative privileges on managed systems. Versions 7.2.1.2020 and 7.2.2.2331 are affected.

tags | advisory, local
systems | windows
MD5 | 3901b13b1e90e59152db24793768da07
TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
Posted Apr 30, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.

tags | exploit, overflow
MD5 | 2521c3152c3d6fc2762392cde1c3fcff
Ubuntu Security Notice USN-2589-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2589-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
MD5 | 6e90de114c3adbf14747291ec82baf89
Ubuntu Security Notice USN-2590-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2590-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
MD5 | e216252bb6bfc2bf3f45e3ddbfbe3791
Ubuntu Security Notice USN-2588-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2588-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
MD5 | 8bc700dffe9412165378b51e52d7d62f
Ubuntu Security Notice USN-2583-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2583-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | 2c8e5416d7103d2e668a54640642408f
Ubuntu Security Notice USN-2584-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2584-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | 4dca05098936a638ce77cbbe512ce370
Ubuntu Security Notice USN-2587-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2587-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
MD5 | f4a6937e6756b2f6ec0c0117eb52018b
Ubuntu Security Notice USN-2586-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2586-1 - It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2922
MD5 | f391d49a082890a0f6e097c5eec73249
Ubuntu Security Notice USN-2591-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2591-1 - Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153
MD5 | 33322d196e737d70636973cf4483862d
Ubuntu Security Notice USN-2585-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2585-1 - It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2922
MD5 | 25eb9ab3251a47912ee1fbe7c7b30dd4
Mandriva Linux Security Advisory 2015-218
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-218 - Multiple vulnerabilities have been found and corrected in glibc. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Various other issues were also addressed. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2013-7423, CVE-2015-1781
MD5 | c95bdedb4deae2a0fd6219325feb08e4
Mandriva Linux Security Advisory 2015-217
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
MD5 | 9785935e0581fc529dbeddbb299b826b
Debian Security Advisory 3241-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3241-1 - John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal.

tags | advisory
systems | linux, debian
advisories | CVE-2015-3337
MD5 | 52560d2194df7879662b0f1e9b5939cd
HP Security Bulletin HPSBGN03324 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03324 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials Core that could allow the remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2013-2566
MD5 | 3cfa605c477f644045f45957d4916518
HP Security Bulletin HPSBGN03323 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03323 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials Core with JBOSS that could allow the remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2013-4810
MD5 | 484c01b7b21c0a22b8ba18b111d343e2
Debian Security Advisory 3239-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3239-1 - Juliane Holzt discovered that Icecast2, a streaming media server, could dereference a NULL pointer when URL authentication is configured and the stream_auth URL is triggered by a client without setting any credentials. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-3026
MD5 | d2f6960c946a83a31e210bf5f5dcb583
Debian Security Advisory 3240-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3240-1 - It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information.

tags | advisory, web, protocol
systems | linux, debian
advisories | CVE-2015-3153
MD5 | 0002ecd49f02861f7760f890878b5b43
HP Security Bulletin HPSBMU03241 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03241 1 - A potential security vulnerability has been identified with HP Network Automation running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | a95268332f116b3603a85a5c86c9dec8
HP Security Bulletin HPSBUX03320 SSRT101952 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03320 SSRT101952 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), execution of arbitrary code, or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2015-0240
MD5 | 4f3b9bff0e1fbc666f03ff486f6156ea
SevDesk 1.1 Persistent Script Insertion
Posted Apr 30, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SevDesk version 1.1 suffers from a persistent script insertion vulnerability in the application dashboard.

tags | exploit
MD5 | 09197f21ea718b8bf47d21e9d1933056
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close