exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 396 RSS Feed

Files Date: 2013-12-01 to 2013-12-31

Red Hat Security Advisory 2013-1868-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1868-01 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, overflow, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-6424
SHA-256 | 9c3aa5ef889f82d8df9aff584669d589f79154f6c70004f0344c0c04e0c248df
Ubuntu Security Notice USN-2062-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2062-1 - Chris Chapman discovered cross-site scripting (XSS) vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting (XSS) attacks against users viewing these pages in order to modify the contents or steal confidential data within the same domain.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-6858
SHA-256 | 3587fd5a41bc925c662426c88e64f0f511df7717a9ceb5a659c808d02f6918ff
Red Hat Security Advisory 2013-1866-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1866-01 - This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.

tags | advisory
systems | linux, redhat
SHA-256 | accda667f78ff8099981a0fb59405a2a11831ff79f0da1e0432215a6689d219a
Red Hat Security Advisory 2013-1861-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1861-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory
systems | linux, redhat
SHA-256 | b93ebb2cfc02975514c3187ccec01ca30870a5a28128e15aeec38b0985d7c860
Red Hat Security Advisory 2013-1863-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1863-01 - Candlepin is an open source entitlement management system. It tracks the products which an owner has subscribed too, and allows the owner to consume the subscriptions based on configurable business rules. It was discovered that, by default, Candlepin enabled a very weak authentication scheme if no setting was specified in the configuration file. This issue was discovered by Adrian Likins of Red Hat. Note: The configuration file as supplied by Subscription Asset Manager 1.2 and 1.3 had this unsafe authentication mode disabled; however, users who have upgraded from Subscription Asset Manager 1.1 or earlier and who have not added "candlepin.auth.trusted.enable = false" to the Candlepin configuration will be affected by this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6439
SHA-256 | 82cfd38b99f73b14f049059fef5ce7bf585ea677694c6aa4c0762a3140ab6cb0
Red Hat Security Advisory 2013-1865-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1865-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Lifecycle Support for Red Hat Enterprise Linux 3 will be retired as of January 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 3 ELS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Lifecycle Support channel for Red Hat Enterprise Linux 3.

tags | advisory
systems | linux, redhat
SHA-256 | 8528ad7b7a7ff0980f963bbeb4eec2779b4305466de28e693b34a3a00fae7f28
Red Hat Security Advisory 2013-1862-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1862-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1768, CVE-2013-4221, CVE-2013-4271, CVE-2013-4330, CVE-2013-4372
SHA-256 | cc87f20cac05b2c2a2ca841231613b725778a23e0f081c95d5e236ae38911461
Red Hat Security Advisory 2013-1860-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1860-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4299
SHA-256 | 301f5f962b95816587d1a1fb7f9d8ff0a219a188b36d79a20ef0aea295b1c9d3
Red Hat Security Advisory 2013-1864-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1864-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after June 30, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.3.

tags | advisory
systems | linux, redhat
SHA-256 | e952825d980f1e571ea253661845f87d9c403fbe10076c0da8cbf497c7ba3fe5
Ubuntu Security Notice USN-2061-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2061-1 - Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6391
SHA-256 | 4a72e7e031b8599672568b6b6d3ccbed930204fea6f3cf3ccf813dc6f2eeac03
Ubuntu Security Notice USN-2060-1
Posted Dec 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2060-1 - Michal Zalewski discovered that libjpeg and libjpeg-turbo incorrectly handled certain memory operations. An attacker could use this issue with a specially-crafted JPEG file to possibly expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6629, CVE-2013-6630
SHA-256 | ada724d80f6116cda0c73d2efd4024177e4c219c100094a3b9792cfeff4db895
Debian Security Advisory 2824-1
Posted Dec 22, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2824-1 - Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.

tags | advisory
systems | linux, debian
advisories | CVE-2013-6422
SHA-256 | f55a219a32ddbe9db5c005f18ae0103bf4244fbfe1a1a81408c6f333202d9d95
Mandriva Linux Security Advisory 2013-295
Posted Dec 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-295 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4576
SHA-256 | 3c334674013ce601808d392c2122d76c04aab3c1e8475ddbd9575f0e0687ed02
64-bit calc.exe Stack Overflow Root Cause Analysis
Posted Dec 22, 2013
Authored by Dark-Puzzle

This is a brief write up discussing a root cause analysis of why spawning calc.exe triggered a stack overflow.

tags | paper, overflow, root
SHA-256 | df816f981278218c855742bbf91b22db7088072ca5aade2974f7d629781ce6e6
GNU Privacy Guard 1.4.16
Posted Dec 21, 2013
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: This release fixes the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. Also, by default only the major version number is printed on armored output, a trustdb file is not created when --ttrust-model=always is used, keyid for key packets are printed when --list-packets is used, and the modular exponentiation algorithm has been changed to recover from a small performance loss in version 1.4.1.
tags | tool, encryption
SHA-256 | 7b3b748e6aaa338092a0b26b1730cd9355765b55e3684f58dd70f9a1b00f4a2f
GNU Transport Layer Security Library 3.2.8
Posted Dec 21, 2013
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release fixes bugs, adds optimizations in the x86 and x86-64 CPU families, and adds some new features.
tags | protocol, library
SHA-256 | 144156f4140400df2bd9303dab69f44099113a3b46780737734affe93782d94d
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20121216
Posted Dec 21, 2013
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: Tor was updated to 0.2.4.19, libevent to 2.0.21, busybox to 1.21.1, and the kernel to 3.12.4 plus Gentoo's hardened-patches-3.12.4-1.extras. uClibc was kept at its latest release (0.9.33.2), with some backported patches
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 959cce863a00d59947b3f0920aa7fe52197e1505633a41ecd523d2d51470dc8c
Leed Authentication Bypass, SQL Injection, CSRF
Posted Dec 21, 2013
Authored by Alexandre Herzog

Leed suffers from authentication bypass, cross site request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2013-2627, CVE-2013-2628, CVE-2013-2629
SHA-256 | 5d7cef70be868bc4ba37188215a7df2faffb093a6b4998f815979327d8478874
USP Secure Entry Server URL Redirection
Posted Dec 21, 2013
Authored by Alexandre Herzog | Site csnc.ch

USP Secure Entry Server suffers from a URL redirection vulnerability.

tags | exploit
advisories | CVE-2013-2764
SHA-256 | 995509d4226fbde7623bf7db3c4f9482a0db97f34ae2b2c1d1ded1f9c49e979b
Avast.com Cross Site Scripting
Posted Dec 21, 2013

Avast.com suffers from a cross site scripting vulnerability. This was sent to Packet Storm anonymously and was reported to the vendor. The vendor has not addressed the issue for months so it is being disclosed publicly in order to shed light on the issue.

tags | exploit, xss
SHA-256 | 1c3a06c072fae66bc640f5b7d482bbf52f72ae43fd03ae40a890739e3abdc7e3
Capstone 1.0
Posted Dec 21, 2013
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

tags | tool
systems | linux, unix
SHA-256 | 3fb3512b0476d03dcd1b347b0ff6b966216bf6d0158f79374aec4aa67cd30eca
Easy Karaoke Player 3.3.31 Integer Division By Zero
Posted Dec 21, 2013
Authored by Osanda Malith

Easy Karaoke Player version 3.3.31 integer division by zero exploit that creates a malicious wav file.

tags | exploit
SHA-256 | 6d06432f54e8ec7ac7db4d9cbb05a0800262ff09f5a802304ab7ffd7400318a2
EMC Data Protection Advisor JBOSS Remote Code Execution
Posted Dec 20, 2013
Site emc.com

The EMC DPA Illuminator service (DPA_Illuminator.exe) listening on port 8090 (tcp/http) and 8453 (tcp/https) embeds JBOSS servlets (JMXInvokerServlet and EJBInvokerServlet). These JBOSS servlets are vulnerable to a remote code execution vulnerability that allows for execution with NT AUTHORITY\SYSTEM privileges.

tags | advisory, remote, web, tcp, code execution
advisories | CVE-2012-0874
SHA-256 | 9eb60d2f0166c8c5ad74885e575d95784550f7cfa020c432d1df57b5cc8a29c8
Revive Adserver 3.0.1 SQL Injection
Posted Dec 20, 2013
Authored by Matteo Beccati

Revive Adserver versions 3.0.1 and below suffer from a remote SQL injection vulnerability. The XML-RPC delivery invocation script was failing to escape its input parameters in the same way the other delivery methods do, allowing attackers to inject arbitrary SQL code via the "what" parameter of the delivery XML-RPC methods. Also, the escaping technique used to handle such parameter in the delivery scripts was based on the addslashes PHP function and has now been upgraded to use the dedicated escaping functions for the database in use.

tags | advisory, remote, arbitrary, php, sql injection
advisories | CVE-2013-7149
SHA-256 | aae6d650022d7cd159dfd9c7aa3425dd04b9ca82313106207d0a48c48043025f
HP Operations Orchestration Central 9.06 Cross Site Scripting
Posted Dec 20, 2013
Authored by Bart Leppens

HP Operations Orchestration Central version 9.06 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6191, CVE-2013-6192
SHA-256 | 1cce985e37ff678546bdbfc58d9240c9e77f144952a275bef85b1bd85a23cb13
Page 4 of 16
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close