Red Hat Security Advisory 2013-1115-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.
2c4c9735dccdd293d6c3761af0e515e2e9e678a170f95e35d0d880ad6d09c2c9Red Hat Security Advisory 2013-1116-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that Red Hat Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.
448d2016b9f11404ae10246e1b670274cd1e5b82f293d08a61c049b9a5f1eb30Red Hat Security Advisory 2013-1114-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.
2004136b8895379be9ea87bd35769ff77ec069f6404a3d36a2ee61892442afc1HP Security Bulletin HPSBGN02904 - Potential security vulnerabilities have been identified with HP SiteScope running SOAP. The vulnerabilities could be remotely exploited to allow execution of code. Revision 1 of this advisory.
2478f00abd186500bf4ec557873ea4be1a0c4be699444916f74a1abfffb67c68The 2014 World Conference on Information Systems and Technologies Call For Papers has been announced. It will take place April 15th through the 18th, 2014, at Madeira Island, Portugal.
8672cf2f58fd6ee083082f4e9bb24a382db3dd6b067561b496758040201d29bbdns_spquery.c is written in C and sends a DNS recursive name query to a name server of your choice with a spoofed source IP address selected at runtime. This tool was written in order to demonstrate a DNS reflection / amplification attack for testing purposes.
ee5f524a0cc4f2a2315ce105359420522610fbfdd31f128381a65dfc971bbacaThis is a brief paper discussing how tunneling works and how to leverage SSH and UDP tunneling. Written in Portuguese.
9bb1ba2673528899067c00d14ff731ebc9b1d8a37ed25d10b4dd90047f78a0e1This brief whitepaper is about web crawlers, in particular DIRB web crawler, and an analysis on how gathering information with crawlers can be dangerous for sites. Written in Portuguese.
acfb9ae6fed3520d27cc11aaf35edcc58e4b5c854ea9853d0a8f787f0d1b428cBigace CMS version 2.7.8 suffers from a cross site request forgery vulnerability.
334578e319255af19b9ffd7d30e813d5f2ccfc342588bfb110915cb965de5cd3Ubuntu Security Notice 1914-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
e281f113bfff532e219e71a683648538274d40404aebc19c9c92c26f5c2b8fadUbuntu Security Notice 1912-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.
7626eebe096c4f4e95a3b1cb1ff7acbc486115e31cb055a4cfc1d77520c9a968Ubuntu Security Notice 1913-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.
c3d61e0fb4aa4f5494b3cdd1af09f21f215af1156fd6bf715ccecb2845b2618aUbuntu Security Notice 1918-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
c8f97df912321da182b75fcb3b114c33f25a5d98651841d3a4806a995ce33e6fUbuntu Security Notice 1917-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
44a241709486ac437e3d20c72250783b23943ac290361dfb2bdb8db6bb085b3eUbuntu Security Notice 1919-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
0533e65e4aac2acad7800b9fde2a21a7f12007d4006f2fa9c6894c704e67ef93Ubuntu Security Notice 1915-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
4317fc6f210922b96aa5e09e8a48270f0ed5ca1f6c7e34a57b8415cda61d298aUbuntu Security Notice 1916-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
3ea1105eb40750e46ee7ad60c72217780c0ef311892fe7159278370fb2345251This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
f986755f0d0b80f4f24f3b0cebb979f77db7ba99a7a250f60cf38a00b1bfde1cThis Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
6d5046291504d28d39d79d096fba6a69e382c338c97f38b517a66277e740b9ddThis Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shell_exec() php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70.
51fca1c0fcae3623e2c9c69f04d8e43a10745b7c2cfa4634796a3d1d61a9cf15The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.
ec4132f8b9ac70f158c3461e225396c2635aeb7d0ad1f9877329265b9fd215b8FluxBB version 1.5.3 suffers from cross site scripting, cross site request forgery, and URL redirection vulnerabilities.
3d2a429f0d7f7702aac350cfb0a31594ad3302501c55568dfa29c8812f3a4a6eDebian Linux Security Advisory 2731-1 - Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.
f0a1666c4812d4dc7cb9b02be9a71e7f903c37c2ee68d1a36864059533ee2595Ubuntu Security Notice 1911-1 - It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.
c54d93e57fe6f1c6159d8072be1042ae818e7c132c0787c9995ef18ce37ff500A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Versions affected include EMC NetWorker 8.0.0.x, 8.0.1.x, and 7.6.x.x.
9dec0bf3a8508498074bb32c9d7dcad0227b5a46110ee20ca656d7dbb5260323
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed