what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-05-15 to 2014-05-16

FreeBSD Security Advisory - OpenSSL Null Pointer Dereference
Posted May 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The TLS protocol supports an alert protocol which can be used to signal the other party with certain failures in the protocol context that may require immediate termination of the connection. An attacker can trigger generation of an SSL alert which could cause a null pointer deference. An attacker may be able to cause a service process that uses OpenSSL to crash, which can be used in a denial-of-service attack.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2014-0198
SHA-256 | 5e7e027355f544c110f3a57ad64dbc048f43ff80774c5c5bf5cd2ee3b519875e
Aleph 500 Cross Site Scripting
Posted May 15, 2014
Authored by Shady Liu

Aleph 500, the integrated library management system, suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-3718
SHA-256 | 38198138de2de1992287e268af781f344dc7306b73808bcc1f65116914757799
Gentoo Linux Security Advisory 201405-07
Posted May 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-7 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.14.3-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1056, CVE-2013-1940, CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, CVE-2013-1993, CVE-2013-1994, CVE-2013-1995, CVE-2013-1996, CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062
SHA-256 | f191a6d803ee52893abaf1ebc5b38cb24ae2b2f23d074bcaefcd37350622dea2
Debian Security Advisory 2927-1
Posted May 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2927-1 - Ilja van Sprundel of IOActive discovered several security issues in the X.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server.

tags | advisory, remote, local
systems | linux, debian
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
SHA-256 | cdba8e46fc8703f628140a96e5b5758b282928e4bd48ee7dcfc5f3a27f9546c8
Red Hat Security Advisory 2014-0510-01
Posted May 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0510-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. All ruby193-rubygem-actionpack users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2014-0130
SHA-256 | 43c8a948142a3bf827dccd735296150f1caa88e3d8cd1b62366b356529dd6ae1
Red Hat Security Advisory 2014-0508-01
Posted May 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0508-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428
SHA-256 | 90ddd4af030964838b2a1b328a5c7b9afc6b06fcb961dfc88d17c98ff3cc7f86
Red Hat Security Advisory 2014-0509-01
Posted May 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0509-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-6629, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0453, CVE-2014-0457, CVE-2014-0460, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2412, CVE-2014-2421, CVE-2014-2427
SHA-256 | 985dc09ea3dc919948c0e034b12323d756ba379e4d13d506967760d5a5afea60
Red Hat Security Advisory 2014-0511-01
Posted May 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0511-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.

tags | advisory, java, remote, web, code execution
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0114
SHA-256 | 1ca60d1e65c986cd9a9a0da28640c61b3da39426145fa0d4d41a7308e48cf2da
Ubuntu Security Notice USN-2214-1
Posted May 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2214-1 - Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0191
SHA-256 | 64ca427162a57b3fc78c8d1d6777e7a05d14345a9139d949bb434394a88f5e63
Mandriva Linux Security Advisory 2014-088
Posted May 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-088 - The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters. A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-3146
SHA-256 | 27b6915e85e2cf8c9db16287c6217e0b73f61d3b1249f6dfb9740f12c8973c01
Mandriva Linux Security Advisory 2014-087
Posted May 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-087 - PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user. The updated php packages have been upgraded to the 5.5.12 version which is not vulnerable to this issue. Additionally, the timezonedb packages has been upgraded to the latest 2014.3 version, the php-suhosin packages has been upgraded to the latest 0.9.35 version which has better support for php-5.5 and the PECL packages which requires so has been rebuilt for php-5.5.12.

tags | advisory, local, php
systems | linux, unix, mandriva
advisories | CVE-2014-0185
SHA-256 | a6e19960073cef3beae4d8e577966a156b2ecc6d43d1cf63b7154d5b8c984e73
Ubuntu Security Notice USN-2213-1
Posted May 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2213-1 - It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections. A remote attacker could use this issue to cause Dovecot to stop responding to new connections, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3430
SHA-256 | e11d65530516edf471c037d15e12b497989180e21221b6dc72a4223832e170ed
Debian Security Advisory 2928-1
Posted May 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2928-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-0196, CVE-2014-1737, CVE-2014-1738
SHA-256 | 94181887db3182cd102cc9832bea482e248427764ebad1d14421ba5fe3931dc4
Ubuntu Security Notice USN-2212-1
Posted May 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2212-1 - Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. An attacker may use this to retrieve private data or poison caches. This update removes workarounds for bugs in Internet Explorer 6 and 7. Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers. An attacker may use this to cause unexpected redirects. An update has been provided for 12.04 LTS, 12.10, 13.10, and 14.04 LTS; this issue remains unfixed for 10.04 LTS as no "is_safe_url()" functionality existed in this version. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2014-1418
SHA-256 | 5b065fb6a72116c48d17fa2575373d8d96f467584b070bb42f5c881d9c76e332
Bilyoner Mobile Applications SSL/TLS Attacks
Posted May 15, 2014
Authored by Harun Esur

Bilyoner mobile applications are prone to various SSL/TLS attacks. Note that this finding houses site-specific data.

tags | advisory
advisories | CVE-2014-3750
SHA-256 | 3e4620f372271f1aafbe2da3a1493c3650555c58774e0908e18ec210054b5b02
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close