Red Hat Security Advisory 2014-0103-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process.
7b1d521f318669771a8ca7881bbfac85e4135dc68581fe3f44db9e5bd6c4a001Red Hat Security Advisory 2014-0100-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system.
727398f9fbb6e96f7d037aef65ed857962d0af32a4a9cdc6be996dd37bd672bcAn undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.
2212ed674699348aa6036bb33d09aa0705d27be6a5efb384721f1dfc9cc92015ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.
7f3d4cf2f0f2823e532afe04ee4652f5b01e45dec6270e68523714952b7cd42bpfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.
a196c8dbe2940fca23547db68328ab1e0aa1e282b862808dd145f9ca266b2404GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
736f5855423e30ed11314aa09197e35edb8136fbd67b69915eec0d5ef2de7ff8This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
6e99abeb1415d8df56dfb483b3ab125f1112848d4094f7b300a31eecd774a5f1Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.
72c58abdedbdd388c629229b4209b2ae54e94e204621503ea71431c315e26d46RVAsec is a Richmond, VA based security convention that brings top industry speakers to the midatlantic region. For 2014, the conference is a two day and dual-track format, with a mixed focus on technical and management/business presentations. It will be held June 5th through the 6th, 2014 in Richmond, VA, USA.
c33a688039b2e63d6cb584a362a3873d57371c81b774ed1ab4ec8f9c8e5a892cRed Hat Security Advisory 2014-0097-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA and JNDI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
d6c46da6e6196bf434c1abc74c11d4a1fdfeda4311748d9127d820417c0b81c2Ubuntu Security Notice 2090-1 - Christoph Biedl discovered that Munin incorrectly handled certain multigraph data. A remote attacker could use this issue to cause Munin to consume resources, resulting in a denial of service. Christoph Biedl discovered that Munin incorrectly handled certain multigraph service names. A remote attacker could use this issue to cause Munin to stop data collection, resulting in a denial of service. Various other issues were also addressed.
9c8d01b8e70bc4f3a5f414f2dc8713567e394adfd827979b3f1c4c0a8536d8adGentoo Linux Security Advisory 201401-32 - Multiple vulnerabilities were found in Exim, the worst of which leading to remote execution of arbitrary code with root privileges. Versions less than 4.80.1 are affected.
e3a4e4748cd68f2fd685d0f69f6b2dbf2c95867f71a5d365a61fe7544703c801Gentoo Linux Security Advisory 201401-31 - A vulnerability in CEDET could result in privilege escalation. Versions less than 1.0.1 are affected.
ab7bb490c3fd700b83a908871b299962a18eb2f3324acb6c787cf00e592551c1Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
72f2aefba431a697c1d570fbb434eb79207fb4a72606cbe6c7ddb60e387613d9Gentoo Linux Security Advisory 201401-29 - A vulnerability in VIPS could result in privilege escalation. Versions less than 7.22.4 are affected.
6ae1c1f797ed3c2ac51aeb3a7a4bbc2d254ad90d1b256a90453a50b475d60e04Gentoo Linux Security Advisory 201401-28 - A vulnerability in Tomboy could result in privilege escalation. Versions less than 1.4.2-r1 are affected.
991f81aad90b1b1798ad86fbb99c1916347ce6bb5ce036b9bb980a954c5fe06fGentoo Linux Security Advisory 201401-27 - A vulnerability in GNU TeXmacs could result in privilege escalation. Versions less than 1.0.7.2-r1 are affected.
6d89af396129af175227e35240a3942d2f100a8583d6519f38ed903f9df98886Oracle Outside In MDB file parsing stack buffer overflow proof of concept exploit. Affects versions 8.4.1.52 and below and versions below 8.4.0.108.
ce81c908b62ba0f0a213a1fc79baa758e7474a490afefa1a19d9ff684341f70bThe Nuit Du Hack Call For Papers for 2014 has been announced. It will be held June 28th, 2014 at the Disneyland Paris Conference Centre.
cb832eb91836988604fecbe9f74330e4638458dc17b55f2da6bc18c5677c1dbdcodecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
a3b26bb4d9488bf0569d69db3de57f5109ce64c7900b568fc6da78c4c3fe920fWordPress Infocus Theme suffers from a cross site scripting vulnerability.
72175cc3a0ba10815ddba1acc6812efb9bf950f993641bc2dc35d2e2ee6ad9bdA critical validation and filter bypass vulnerability was discovered in Mozilla Thunderbird version 17.0.6.
3d74d1a5a34c81851a8e11107c2b8d408b79754dd376c511ec93b10f3ea74f44Ability Mail Server 2013 password reset cross site request forgery proof of concept code that leverages a stored cross site scripting vulnerability.
9692e27e51f88fa2918af83e4e21c7ab7e2454a36da851bbf99a37aed1388af8ssl.bing.com suffered from a cross site scripting vulnerability.
37d160ce1d252a3d686efc9a22c7753044cf3ac7a500c95dae704ffd2fc6b168Emerson Network Power Avocent MergePoint Unity 2016 KVM switches suffer from a directory traversal vulnerability.
bf83659172bfec5586c9c65d169464b405bdded7fb6777db7c5966df615eb42d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed