what you don't know can hurt you
Showing 1 - 25 of 35 RSS Feed

Files Date: 2015-05-13

WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection
Posted May 13, 2015
Authored by Wolfgang Ettlinger | Site sec-consult.com

WSO2 Identity Server version 5.0.0 suffers from XML external entity injection, cross site request forgery, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf, xxe
MD5 | cab780534e71ce8a0a440f53b27066ea
Red Hat Security Advisory 2015-1006-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1006-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808
MD5 | 2a1ea6c820679b147d4fe1c84a84e126
Red Hat Security Advisory 2015-1007-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1007-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458, CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808
MD5 | 409da9ababc10f7ab60cf43b7d5d2cfe
Red Hat Security Advisory 2015-1004-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1004-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | e8a1913786e316eba542c1724db94119
Red Hat Security Advisory 2015-1000-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1000-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | 04f0a4a6e70827ccf116fa2de01ffdd2
Red Hat Security Advisory 2015-0999-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0999-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | ba0f92b8dc739d0bb29e5b88ef28fc9f
Red Hat Security Advisory 2015-1005-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1005-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
MD5 | de0995f9a98698d0272a6a8620467c6b
Red Hat Security Advisory 2015-1001-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1001-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | f45228cc96630361f2cb71dce4d9b035
Red Hat Security Advisory 2015-1003-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1003-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | 7567b36cc78cf0bf4cc37ef1e07c0f93
Red Hat Security Advisory 2015-1002-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1002-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | aa43ef1e3e36ed5290554a10a049d841
Red Hat Security Advisory 2015-0998-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0998-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3456
MD5 | ef16902fa191d6bd07fa69a868cfb286
Slackware Security Advisory - mozilla-firefox Updates
Posted May 13, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | d38cb8cd86be197c58740f8dbbaf2026
Ubuntu Security Notice USN-2608-1
Posted May 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1779, CVE-2015-2756, CVE-2015-3456
MD5 | c210ebea1630f018b99d313f2ba37c6b
Wireshark Analyzer 1.12.5
Posted May 13, 2015
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes and updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | 9ee199dde4f36a3d71f7b81dd6764e93
SAP LZC/LZH Compression Denial Of Service
Posted May 13, 2015
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - SAP products make use of a proprietary implementation of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. These compression algorithms are used across several SAP products and programs. Vulnerabilities were found in the decompression routines that could be triggered in different scenarios, and could lead to execution of arbitrary code and denial of service conditions.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2015-2278, CVE-2015-2282
MD5 | ffabd0e87a44868591f2822fc712f644
Concrete5 5.7.3.1 Cross Site Scripting
Posted May 13, 2015
Authored by Onur YILMAZ, Omar Kurt | Site netsparker.com

Concrete5 version 5.7.3.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2250
MD5 | 031a2b156f26410afcce6fdf87f8f0d9
Web India Solutions CMS 2015 SQL Injection
Posted May 13, 2015
Authored by kjfido | Site vulnerability-lab.com

Web India Solutions CMS 2015 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 77309320882ff05cada8bd6a60fc6755
Cisco Security Advisory 20150513-tc
Posted May 13, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence TC and TE software contains bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
MD5 | fadf9562270b212dd994348129ddf972
Debian Security Advisory 3259-1
Posted May 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-9718, CVE-2015-1779, CVE-2015-2756, CVE-2015-3456
MD5 | 269397f9bafc8b793716390647e328b4
Cisco Security Advisory 20150513-tp
Posted May 13, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. Administrative privileges are required in order to access the affected parameter. A successful exploit could allow an attacker to execute system commands with the privileges of the root user.

tags | advisory, remote, web, arbitrary, root
systems | cisco
MD5 | 1e6b7bf3dd66ee8f30c38d5bd789121c
WordPress Booking Calendar Contact Form 1.0.2 XSS / SQL Injection
Posted May 13, 2015
Authored by Joaquin Ramirez Martinez

WordPress Booking Calendar Contact Form plugin version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | f602e3e29e0434b553acff27c0d74ea5
Gentoo Linux Security Advisory 201505-01
Posted May 13, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201505-1 - Multiple vulnerabilities have been found in Ettercap, the worst of which allows remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-6395, CVE-2014-6396, CVE-2014-9376, CVE-2014-9377, CVE-2014-9378, CVE-2014-9379, CVE-2014-9380, CVE-2014-9381
MD5 | 26354a91bf2ff1eee48b5b57df48aa08
Pure Faction 3.0c Buffer Overflow
Posted May 13, 2015
Authored by soulsgetnothing

Pure Faction versions 3.0c and below suffer from a buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 934922e4285d79742f5073b13ffa8be4
Red Hat Security Advisory 2015-0983-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0983-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-0227
MD5 | 7fabe7991f45ba822e6b97357a2037d1
Red Hat Security Advisory 2015-0981-01
Posted May 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0981-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. The kernel-rt packages have been upgraded to version 3.10.0-229.4.1, which provides a number of bug fixes and enhancements over the previous version, including:

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2015-3331
MD5 | 61aa399463d062c7cb475a902735a151
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close