Ubuntu Security Notice 2774-1 - It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
8ea53d205c79201924988a7f0a1efc9e2ecba5b04ec3382e007809abc0663bb6Red Hat Security Advisory 2015-1917-01 - libwmf is a library for reading and converting Windows Metafile Format vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application.
48cd2823b855af4c15f14041979168249109e2217d65aabff01278a973c07015Ubuntu Security Notice 2777-1 - It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. Benjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. Various other issues were also addressed.
46c8136fdca4490174e05c4c7cc395e95fa80d48569553d289335ec455642933Ubuntu Security Notice 2773-1 - It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. It was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
6d9c20b8168f6fd5c8040cd6a77441b269e8ceac2daffc6bcb06a5f7ab45695eUbuntu Security Notice 2779-1 - It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. Various other issues were also addressed.
e29aa0f4aa8712cadbb1070e7acddc412d06f2f0639bef9d0e87956850360b19Ubuntu Security Notice 2776-1 - It was discovered that the Linux kernel did not check if a new IPv6 MTU set by a user space application was valid. A remote attacker could forge a route advertisement with an invalid MTU that a user space daemon like NetworkManager would honor and apply to the kernel, causing a denial of service. It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges. Various other issues were also addressed.
02bf4856bc32a4f694e3993ab45512bd4ac12d4a96260b42ef52cd562846ff1fRealtyScript version 4.0.2 suffers from multiple time-based remote SQL injection vulnerabilities.
1f3e785774f832fdf7b1357440cab9156e77b9370708776c8323b95ad53d9a77RealtyScript version 4.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
52e7d360f908ff7c5c99d64a09ae2d854f6620a32eea4ef65b1e618bb124d744Debian Linux Security Advisory 3374-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.
0221739681f1a47749baa7ef3da3b7ce33e14be350cfde520f29dd6677263336Debian Linux Security Advisory 3373-1 - Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service.
1bc9f55ce18ea43fc980ec3cf5109f1173d1f737ff38d3de1551ddf14db90a50Western Digital self-encrypting hard drives suffer from having an extractable AES key that can be used to decrypt all data.
3c8d3935d05c7e03d3184c4ee4935cc2aee29dd34eab4ac85bb51f8eccd31819Belkin Router N150 suffers from a path traversal vulnerability.
1e7e9c221d65bf47b17103e6063504f57866728b11efe314d4c68fa4d520d8feVLC version 2.2.1 libvlccore .mp3 stack overflow memory exhaustion exploit.
4c382ebce335d9a7668cb69e58a670fd8e9a5aaa3a62593ac3fb8685d10f39d0Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 4.0.3.
242036a885cccb63f5c9c28d79b7d7806419522622349b78f0a9c6bab6968a41Gentoo Linux Security Advisory 201510-1 - A vulnerability in BIND could lead to a Denial of Service condition. Versions less than 9.10.2_p4 are affected.
3e69b06ce087bc759fa9828ea0b0cf459d7968e9aa04df031352b20c2a562035Red Hat Security Advisory 2015-1913-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
c2c809858c61a7764fa510acc5422f080b18ca60e979f1d8e9cd47666ca3ff13Red Hat Security Advisory 2015-1908-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console.
c44927f86da770a4d9e1517bb9ee548d5e371862766c0daf3935aff11a71d79eCarolinaCon is now accepting speaker/paper/demo submissions for its 12th annual conference. This event will be held March 4th through the 6th, 2016 in Raleigh, NC, USA.
283563a25095eda0df71b00d98f65b10ef3e5302fa616d48434259cb2504b33dKaboozu CMS suffers from a remote shell upload vulnerability.
921cf556d06fbd1fafb21a2ca7e9bd50488762ff34afb615de39cc8e5c781207Qualys discovered various vulnerabilities in LibreSSL. These include a memory leak and a buffer overflow.
b0de9f18c202a6ac93d7fb4c44048d40aa246b6dbb04fa3756ef345d6a3bb3efIn SAP NetWeaver AS JAVA, it is possible to call some of the DAS files without authorization because they do not check if a user is authorized to access some of the JSPs.
17e930af4bcb201a5b3c49123d1dd0c39290d43e9d66e4289fe5cec29479a0e8If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption.
c2857430db2e3817f2560860b2cb61ba6870519540ac7fa7ad196cee951f2afaUbuntu Security Notice 2768-1 - Abdulrahman Alqabandi and Ben Kelly discovered that the fetch() API did not correctly implement the Cross Origin Resource Sharing (CORS) specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other origins.
f434d15b0564f92f8e88efd4d7813038b974c41476f40e6afe4a2f165f6ce642AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
c382693e925745cff62a27d40b2b8fbc9bc2c95fcfd1cdeef366bca77cb118c5THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
cec2db604e3fe59f26ddc42632d858f53660ef5d6e25d6a7e90ed927f6826102
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed