exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-06-12

Cisco Security Advisory 20140611-ipv6
Posted Jun 12, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the parsing of malformed Internet Protocol version 6 (IPv6) packets in Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a Network Processor (NP) chip and a line card processing traffic. Only Trident-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to insufficient logic in parsing malformed IPv6 packets. An attacker could exploit this vulnerability by sending a stream of malformed IPv6 packets to the affected device. An exploit could allow the attacker to cause a lockup and eventual reload of an NP chip and a line card, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
SHA-256 | f3af44143cbfe46be74fb8564b68596662a6f6031261bb1fc7a1aa61e6913896
Debian Security Advisory 2955-1
Posted Jun 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2955-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-1533, CVE-2014-1538, CVE-2014-1541, CVE-2014-1545
SHA-256 | 4390171e7d18c46eaf21ecfc40916ad245e4a11ef04fa9ddba981f0666f05411
Debian Security Advisory 2956-1
Posted Jun 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2956-1 - Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.

tags | advisory, denial of service, overflow, arbitrary, csrf
systems | linux, debian
advisories | CVE-2013-7106, CVE-2013-7107, CVE-2013-7108, CVE-2014-1878, CVE-2014-2386
SHA-256 | d0f8df2fd956542b4826e59cbfdb1a5a6db0d8e28e9911aee72085b6d64e1677
Mandriva Linux Security Advisory 2014-122
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-122 - The chkrootkit script contains a flaw that allows a local attacker to create an executable in /tmp that will be run by the user running chkrootkit, allowing the attacker to escalate privileges.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-0476
SHA-256 | 3e7d73d263162ed54908af5486e530dcf8a03564ed24684a8b26a9b7f5160756
Mandriva Linux Security Advisory 2014-123
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-123 - Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-7295, CVE-2014-0160
SHA-256 | 568cbcf858a502e1e84440e1e7c66b0a534813a012aee5e85e193d4acc58aa29
HP Security Bulletin HPSBMU03045
Posted Jun 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03045 - A potential security vulnerability has been identified with HP Service Virtualization, running the AutoPass license server. The vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.

tags | advisory, code execution
advisories | CVE-2013-6221
SHA-256 | 287138834a5c80ad51a22917a544e825f372744cd37865511bb1d39aa6c49458
IBM AIX 6.1.8+ Privilege Escalation
Posted Jun 12, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 6.1.8 and later suffer from a local privilege escalation vulnerability in libodm due to an arbitrary file write.

tags | exploit, arbitrary, local
systems | aix
advisories | CVE-2014-3977
SHA-256 | 97e4f4df7a7a9611b4f08f9d707eb25d8be03e3dd8f09107da7a1f9b730f813c
EDSC 2014 Call For Papers
Posted Jun 12, 2014
Site edsconf.com

EDSC is an annual security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded systems testing is a rapidly expanding area of the security industry and staying current is important for engineers, researchers, and testers alike. EDSC brings the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research. This year's conference will be held at EM Fine Art in Seattle, providing a unique conference experience in the heart of South Lake Union. The conference is limited to 120 attendees and takes place November 20th through the 21st, 2014.

tags | paper, conference
SHA-256 | 0618a9d5bc2f9b8d407c0c9118f7ee0985e40df24bceeeb80bac70b74642fc5a
Mandriva Linux Security Advisory 2014-121
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-121 - It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3775
SHA-256 | d61d5a172230971f87e5bbe72cc5ec40030beb1f398634671dab558407b53517
Mandriva Linux Security Advisory 2014-119
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-119 - XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this could potentially lead to an XSS crossing a privilege boundary.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3966
SHA-256 | a1992ff84b104e35deccf903a719347089e5ad68eb7da559aca1b6174e9da33c
Mandriva Linux Security Advisory 2014-117
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-117 - capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without capabilities, which is potentially dangerous.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-3215
SHA-256 | dd90a837ca9afc51e9750e86e3f853a4e6d38d4a7f12ca8f3f64d35e2418f312
Mandriva Linux Security Advisory 2014-116
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-116 - A flaw was found in the way file's Composite Document Files format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file. A flaw was found in the way file parsed property information from Composite Document Files files. A property entry with 0 elements triggers an infinite loop.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0237, CVE-2014-0238
SHA-256 | 557e42e82c67252163930b21555b2e5f92450ae290af79e5857f5424829306bf
Mandriva Linux Security Advisory 2014-115
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-115 - A flaw was found in the way file's Composite Document Files format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially-crafted CDF file. A flaw was found in the way file parsed property information from Composite Document Files files. A property entry with 0 elements triggers an infinite loop. PHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to this issue. It has been updated to the 5.5.13 version, which fixes this issue and several other bugs. Additionally, php-apc has been rebuilt against the updated php packages.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2014-0237, CVE-2014-0238
SHA-256 | feaf6ced4249190aad01f31414c2e51829d0234fd68516651567749d443fe0e1
Mandriva Linux Security Advisory 2014-114
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-114 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled.

tags | advisory, web, denial of service
systems | linux, mandriva
advisories | CVE-2014-0128
SHA-256 | 225c7f2b9fa30d957c67b7a006555a1296a4018846787e04b1214490fcdaf0c7
Mandriva Linux Security Advisory 2014-113
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-113 - Multiple vulnerabilities has been discovered and corrected in python-django. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2014-0472, CVE-2014-0473, CVE-2014-0474, CVE-2014-1418, CVE-2014-3730
SHA-256 | a0587e94d3219db2c4fe7c8b06b39629a3d11277e9a9b81cdc8369f36837bd43
Red Hat Security Advisory 2014-0745-01
Posted Jun 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0745-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-16, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
SHA-256 | 746680a3b93d9cd00f448eb04e7bac25d0af73e4fb0b8510299d5b95e04a5ac0
Red Hat Security Advisory 2014-0748-01
Posted Jun 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0748-01 - Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. All Jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using Jinja2 must be restarted.

tags | advisory, arbitrary, local, python
systems | linux, redhat
advisories | CVE-2014-1402
SHA-256 | 41b87145f59f03dd674367516a968f2e87fc6aac2fb28885597f14cda1723d86
Red Hat Security Advisory 2014-0747-01
Posted Jun 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0747-01 - Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. All python-jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using python-jinja2 must be restarted.

tags | advisory, arbitrary, local, python
systems | linux, redhat
advisories | CVE-2014-1402
SHA-256 | 88953f562e5aade5e188e2e266cafb435bf8892b046ab5fa8f31b1e26eb81a91
Ubuntu Security Notice USN-2244-1
Posted Jun 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2244-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3984
SHA-256 | f7970ed23611dd6334f4976a65223992f2a96c0f02c06d7ae4f4d51a511c6b17
Ubuntu Security Notice USN-2243-1
Posted Jun 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2243-1 - Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1533, CVE-2014-1534, CVE-2014-1536, CVE-2014-1537, CVE-2014-1538, CVE-2014-1540, CVE-2014-1541, CVE-2014-1542
SHA-256 | b79feba3cba1912ed51363c8f6e08424b303751a02636cf89c629cfe06d7a152
Mandriva Linux Security Advisory 2014-120
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-120 - The miniupnpc library before 1.9 may be vulnerable to a denial of service due to a buffer overrun that can be triggered by something on the network.

tags | advisory, denial of service, overflow
systems | linux, mandriva
SHA-256 | 2f3332fe997ad420b64dd9962206fa2a7c799d414286f65f625c10e01622a14f
Mandriva Linux Security Advisory 2014-118
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-118 - Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-3421, CVE-2014-3422, CVE-2014-3423
SHA-256 | 99f3f5d644b162801353be9e8461a2ff9a833ac9c2d615b7df6aad2c4c2ab4c3
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close