Red Hat Security Advisory 2014-0103-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process.
7b1d521f318669771a8ca7881bbfac85e4135dc68581fe3f44db9e5bd6c4a001
Red Hat Security Advisory 2014-0100-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system.
727398f9fbb6e96f7d037aef65ed857962d0af32a4a9cdc6be996dd37bd672bc
An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.
2212ed674699348aa6036bb33d09aa0705d27be6a5efb384721f1dfc9cc92015
ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.
7f3d4cf2f0f2823e532afe04ee4652f5b01e45dec6270e68523714952b7cd42b
pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.
a196c8dbe2940fca23547db68328ab1e0aa1e282b862808dd145f9ca266b2404
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
736f5855423e30ed11314aa09197e35edb8136fbd67b69915eec0d5ef2de7ff8
This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
6e99abeb1415d8df56dfb483b3ab125f1112848d4094f7b300a31eecd774a5f1
Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.
72c58abdedbdd388c629229b4209b2ae54e94e204621503ea71431c315e26d46
RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations. It will be held June 5th through the 6th, 2014 in Richmond, VA, USA.
c33a688039b2e63d6cb584a362a3873d57371c81b774ed1ab4ec8f9c8e5a892c
Red Hat Security Advisory 2014-0097-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA and JNDI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
d6c46da6e6196bf434c1abc74c11d4a1fdfeda4311748d9127d820417c0b81c2
Ubuntu Security Notice 2090-1 - Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to cause Munin to stop data collection, resulting in a denial of service. Various other issues were also addressed.
9c8d01b8e70bc4f3a5f414f2dc8713567e394adfd827979b3f1c4c0a8536d8ad
Gentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.
e3a4e4748cd68f2fd685d0f69f6b2dbf2c95867f71a5d365a61fe7544703c801
Gentoo Linux Security Advisory 201401-31 - A vulnerability in CEDET could result in privilege escalation. Versions less than 1.0.1 are affected.
ab7bb490c3fd700b83a908871b299962a18eb2f3324acb6c787cf00e592551c1
Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
72f2aefba431a697c1d570fbb434eb79207fb4a72606cbe6c7ddb60e387613d9
Gentoo Linux Security Advisory 201401-29 - A vulnerability in VIPS could result in privilege escalation. Versions less than 7.22.4 are affected.
6ae1c1f797ed3c2ac51aeb3a7a4bbc2d254ad90d1b256a90453a50b475d60e04
Gentoo Linux Security Advisory 201401-28 - A vulnerability in Tomboy could result in privilege escalation. Versions less than 1.4.2-r1 are affected.
991f81aad90b1b1798ad86fbb99c1916347ce6bb5ce036b9bb980a954c5fe06f
Gentoo Linux Security Advisory 201401-27 - A vulnerability in GNU TeXmacs could result in privilege escalation. Versions less than 1.0.7.2-r1 are affected.
6d89af396129af175227e35240a3942d2f100a8583d6519f38ed903f9df98886
Oracle Outside In MDB file parsing stack buffer overflow proof of concept exploit. Affects versions 8.4.1.52 and below and versions below 8.4.0.108.
ce81c908b62ba0f0a213a1fc79baa758e7474a490afefa1a19d9ff684341f70b
The Nuit Du Hack Call For Papers for 2014 has been announced. It will be held June 28th, 2014 at the Disneyland Paris Conference Centre.
cb832eb91836988604fecbe9f74330e4638458dc17b55f2da6bc18c5677c1dbd
codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
a3b26bb4d9488bf0569d69db3de57f5109ce64c7900b568fc6da78c4c3fe920f
WordPress Infocus Theme suffers from a cross site scripting vulnerability.
72175cc3a0ba10815ddba1acc6812efb9bf950f993641bc2dc35d2e2ee6ad9bd
A critical validation and filter bypass vulnerability was discovered in Mozilla Thunderbird version 17.0.6.
3d74d1a5a34c81851a8e11107c2b8d408b79754dd376c511ec93b10f3ea74f44
Ability Mail Server 2013 password reset cross site request forgery proof of concept code that leverages a stored cross site scripting vulnerability.
9692e27e51f88fa2918af83e4e21c7ab7e2454a36da851bbf99a37aed1388af8
ssl.bing.com suffered from a cross site scripting vulnerability.
37d160ce1d252a3d686efc9a22c7753044cf3ac7a500c95dae704ffd2fc6b168
Emerson Network Power Avocent MergePoint Unity 2016 KVM switches suffer from a directory traversal vulnerability.
bf83659172bfec5586c9c65d169464b405bdded7fb6777db7c5966df615eb42d