seeing is believing
Showing 101 - 125 of 610 RSS Feed

Files Date: 2013-02-01 to 2013-02-28

Red Hat Security Advisory 2013-0550-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0550-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones. If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-5689
MD5 | 9d68ae21d8d7ea2f5fd499332ee473b2
Red Hat Security Advisory 2013-0547-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0547-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. CloudForms System Engine can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. It was found that the "/usr/share/katello/script/katello-generate-passphrase" utility, which is run during the installation and configuration process, set world-readable permissions on the "/etc/katello/secure/passphrase" file. A local attacker could use this flaw to obtain the passphrase for Katello, giving them access to information they would otherwise not have access to.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-5561, CVE-2012-6116
MD5 | 63dbfdb6788b6301b9ae3f7df6a11d41
Red Hat Security Advisory 2013-0545-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0545-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. CloudForms Cloud Engine is a management application for cloud resources. It was found that the Aeolus Configuration Server stored passwords in plain text in the world-readable "/var/log/aeolus-configserver/configserver.log" file. A local attacker could use this flaw to obtain the administrative passwords for other services.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-5509, CVE-2012-6117, CVE-2012-6118
MD5 | 4b7e8ecae1d7057253191b44ab482d0a
Red Hat Security Advisory 2013-0551-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0551-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes two security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-07, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-0640, CVE-2013-0641
MD5 | f5b5c55ff36897be56acd332bcfd209c
PHPMyGallery 1.51.010 XSS / Local File Disclosure
Posted Feb 21, 2013
Authored by TheMirkin

PHPMyGallery versions 1.51.010 and below suffer from cross site scripting and local file disclosure vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 12372a402db68f48a18115f9e9b75faf
Web Cookbook File Disclosure / SQL Injection
Posted Feb 21, 2013
Authored by cr4wl3r

Web Cookbook suffers from file disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection, info disclosure
MD5 | 78473a870f3e50794ba3cdf08681ebfb
OpenEMR 4.1.1 Cross Site Scripting
Posted Feb 21, 2013
Authored by LiquidWorm | Site zeroscience.mk

OpenEMR version 4.1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0fbde4d31377b7430b3c3cf63f25b72a
Red Hat Security Advisory 2013-0505-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0505-02 - Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to cause Squid to consume an excessive amount of memory. Due to a bug in the ConnStateData::noteMoreBodySpaceAvailable() function, child processes of Squid terminated upon encountering a failed assertion. An upstream patch has been provided and Squid child processes no longer terminate.

tags | advisory, remote, web, denial of service, cgi
systems | linux, redhat
advisories | CVE-2012-5643
MD5 | 48535f60384eab3607301f72f54f9ba5
Red Hat Security Advisory 2013-0503-03
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0503-03 - The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performing an LDAP modify relative distinguished name operation. After modrdn was used to move part of a tree, the ACLs defined on the moved were not properly enforced until the server was restarted. This could allow LDAP users to access information that should be restricted by the defined ACLs.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-4450
MD5 | abd4f5ea186072e637c9ef693e7b6bb8
Red Hat Security Advisory 2013-0500-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0500-02 - The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project, which provides drivers for Hewlett-Packard printers and multi-function peripherals. Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP. The CVE-2013-0200 issues were discovered by Tim Waugh of Red Hat.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-2722, CVE-2013-0200
MD5 | 032b9d7511225d04024c8e2189383dcf
Red Hat Security Advisory 2013-0277-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0277-02 - The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. In order to fully address this issue, libvirt package users are advised to install updated libvirt packages. Refer to RHSA-2013:0276 for additional information.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2012-3411
MD5 | 4ad1291624a72841fe67961b8c06fefb
Red Hat Security Advisory 2013-0499-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0499-02 - The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-0862
MD5 | a11ad5fe36a354665d22585c332a6235
Red Hat Security Advisory 2013-0496-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0496-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2012-4508, CVE-2012-4542, CVE-2013-0190, CVE-2013-0309, CVE-2013-0310, CVE-2013-0311
MD5 | cc5d130c2338e49ff57490f9355f5513
Ubuntu Security Notice USN-1733-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1733-1 - Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, xss, ruby
systems | linux, ubuntu
advisories | CVE-2012-5371, CVE-2013-0256, CVE-2013-0269, CVE-2012-5371, CVE-2013-0256, CVE-2013-0269
MD5 | d657ca3918e164817d454e14185dc953
Ubuntu Security Notice USN-1732-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-1 - Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Stephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
MD5 | 7a25a1881af51ab9d77953627ed4fc08
Red Hat Security Advisory 2013-0276-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0276-02 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq's command line options when setting up DNS masquerading for virtual machines, resulting in dnsmasq incorrectly processing network packets from network interfaces that were intended to be prohibited. This update includes the changes necessary to call dnsmasq with a new command line option, which was introduced to dnsmasq via RHSA-2013:0277.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3411
MD5 | c474468edbe814e08e13d222998d7dd8
Red Hat Security Advisory 2013-0521-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0521-02 - Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' "~/.pam_environment" files. If an application's PAM configuration contained "user_readenv=1", a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained "user_readenv=1", a local attacker could use this flaw to cause the application to enter an infinite loop.

tags | advisory, denial of service, overflow, local
systems | linux, redhat
advisories | CVE-2011-3148, CVE-2011-3149
MD5 | 0489b314f45ffa9df352c994e73f87c1
Red Hat Security Advisory 2013-0528-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0528-02 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs. The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica.

tags | advisory, web
systems | linux, redhat, unix
advisories | CVE-2012-4546
MD5 | 29be8d2bfda898008525df54ca4821cc
Red Hat Security Advisory 2013-0523-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0523-02 - Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon, by inserting a specially-crafted smart card.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2010-4530
MD5 | 684d87c97f37a36702dc22c85b9ca2e9
Red Hat Security Advisory 2013-0525-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0525-02 - PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, by inserting a specially-crafted smart card.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat, windows
advisories | CVE-2010-4531
MD5 | 480966dcfb2a393d09fcf57774513339
Red Hat Security Advisory 2013-0526-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0526-02 - Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck".

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2012-3386
MD5 | ba678bfd88bf17676ebbf067764c15ad
Red Hat Security Advisory 2013-0514-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0514-02 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2011-1398, CVE-2012-0831, CVE-2012-2688
MD5 | 70139b0d7da02cc9f3a03467941e9a21
Red Hat Security Advisory 2013-0522-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0522-02 - The GNU Debugger allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the "show auto-load safe-path" and "set auto-load safe-path" GDB commands.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2011-4355
MD5 | 5ae213a5098c5a2d186fad946ffe2d53
Red Hat Security Advisory 2013-0520-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0520-02 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts.

tags | advisory, remote, imap
systems | linux, redhat, unix
advisories | CVE-2011-2166, CVE-2011-2167, CVE-2011-4318
MD5 | ef231740b8ca6b9b93e90d72bc08a8d9
Red Hat Security Advisory 2013-0511-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0511-02 - Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management in Red Hat Enterprise Linux. Multiple cross-site scripting flaws were discovered in Certificate System. An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2012-4543
MD5 | a93f8e3b0a11c6bb083a47e7b0ddd7b0
Page 5 of 25
Back34567Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close