what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-08-14

Apple Security Advisory 2014-08-13-1
Posted Aug 14, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-08-13-1 - Safari 6.1.6 and Safari 7.0.6 are now available and address unexpected termination and arbitrary code execution issues due to memory corruption issues in WebKit.

tags | advisory, arbitrary, code execution
systems | apple
advisories | CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390
SHA-256 | 55dff61e8b70bc8de4d6e424c252fd7488217fb97f798795384532b36441c0e3
Red Hat Security Advisory 2014-1060-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1060-01 - Red Hat is transitioning to Red Hat Subscription Management for all Red Hat products by July 31, 2017. All systems registered as clients to Red Hat Network Classic Hosted directly, or indirectly with Red Hat Proxy, must be migrated to Red Hat Subscription Management by July 31, 2017. Customers using Red Hat Satellite to manage their systems are not affected by this transition.

tags | advisory
systems | linux, redhat
SHA-256 | 043d624dffcadf977453210e94b542e91887c839c23b0733a71e4655d3e85838
Ubuntu Security Notice USN-2315-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2315-1 - Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3504
SHA-256 | 4bdcba1f94fef85007b55290e9cc8ceb6ab7a331befa81d3031e5fabd3a1fc31
Ubuntu Security Notice USN-2316-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2316-1 - Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
SHA-256 | 34a878b1d3886abcc6a12d4b5804a8f3bed05cb128b024c7a2c181220ad326ca
Debian Security Advisory 3005-1
Posted Aug 14, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3005-1 - Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-3564
SHA-256 | 87df4b9703f2842f1b062b2d784fd8523fc34d6925ec04297b57befecdaecbca
Red Hat Security Advisory 2014-1059-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1059-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285, CVE-2014-0107
SHA-256 | 1f3ff00cdece96e40be750ccd8c912b91aa472d37b31ba4a80e2f2b1eae258a0
Gentoo Linux Security Advisory 201408-06
Posted Aug 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-6 - Multiple vulnerabilities have been discovered in libpng which can allow a remote attacker to cause a Denial of Service condition. Versions less than 1.6.10 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7353, CVE-2013-7354, CVE-2014-0333
SHA-256 | d30d09fec9bcf10c9b41888af15d3e75411f140253319d7e244b00fb476a98d7
Gentoo Linux Security Advisory 201408-05
Posted Aug 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-5 - Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.400 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
SHA-256 | 06388f3efcc46015d604a0f9849667e1d8e086df6c246c41cbd97a35b1a01fe2
Red Hat Security Advisory 2014-1054-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1054-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511
SHA-256 | 764aee33222756a8c5691f00ba7d65d359debf2fd22c3e64127636ad640c0504
HP Security Bulletin HPSBMU03090
Posted Aug 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03090 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-0114
SHA-256 | 08170bb50ff7c64c4846293aaff4cec011cdc0f0d377009be496d884f440c8cf
Optical Society of America's Prism Information Leak
Posted Aug 14, 2014
Authored by Peter Wiedekind

Reviewer information stored in metadata can be leaked for submissions sent to the Optical Society of America's Prism system.

tags | advisory
SHA-256 | cb86d182e6ced767696ef53f3a189c454daee96a6be0ec6aa702a8536cf84291
VirtualBox 3D Acceleration Virtual Machine Escape
Posted Aug 14, 2014
Authored by Francisco Falcon, juan vazquez, Florian Ledoux | Site metasploit.com

This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.

tags | exploit, remote
systems | windows
advisories | CVE-2014-0983
SHA-256 | 86c260fb68e437881ab16b483c4e49b6bc21fe1b4a46b94f446e6d346cda9dda
VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
Posted Aug 14, 2014
Authored by Emilio Pinna | Site metasploit.com

VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. Port binding payloads are disregarded due to the restrictive firewall settings. This Metasploit module has been tested successfully on VMTurbo Operations Manager versions 4.5 and 4.6.

tags | exploit, web
advisories | CVE-2014-5073
SHA-256 | 0649ca7e973fb4b39c646f1c27813549f1cb5f0d02c263f2d2f7d20f3e123eb4
HP Security Bulletin HPSBHF03088
Posted Aug 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03088 - A potential security vulnerability has been identified with the HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 14d7a31200210d301590ec06253545a6892912123653b48f6f1a1c0c59d866ad
Red Hat Security Advisory 2014-1053-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1053-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-0221, CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
SHA-256 | 948de4a34ae026c5dab154c65c77547ef33ef30112240c62df3060016b472f9b
Red Hat Security Advisory 2014-1052-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1052-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511
SHA-256 | 75bc0be12a1079a05666977a741c31a6e9ce2f144a48b721d2d303d494747755
Gentoo Linux Security Advisory 201408-04
Posted Aug 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-4 - Multiple vulnerabilities have been found in Catfish, allowing local attackers to escalate their privileges. Versions less than 1.0.2 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-2093, CVE-2014-2094, CVE-2014-2095, CVE-2014-2096
SHA-256 | e342e1b9433b59625a7d84f55365cef4716234345691fa3b9f0ac84b4e637ee8
Ubuntu Security Notice USN-2313-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2313-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917
SHA-256 | 375d0e9bc6a3b83ccaf9674f3e9b88d90bfebac31f6b1fabfa4520ec3ed6aa7f
Ubuntu Security Notice USN-2314-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2314-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3917
SHA-256 | b9069da9ff51874f9fc252dc9b3b1c2a8eaceb62a7eb43f755f6e10445fcd760
Red Hat Security Advisory 2014-1051-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1051-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
SHA-256 | 2bc8c64b4d40c30637044b290aab53cb727a675c2e060ce0954c773628b6e15a
Red Hat Security Advisory 2014-1037-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1037-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that the get and log methods of the AgentController wrote log messages without sanitizing user input. A remote attacker could use this flaw to insert arbitrary content into the log files written to by AgentController.

tags | advisory, remote, web, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2014-0136
SHA-256 | 09c5b0e3ed81417c90b2dac8ca16e746d480ab1f3453e680186621ce94661885
Red Hat Security Advisory 2014-1050-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1050-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection; this data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets. It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-4615
SHA-256 | cb9a2c571fca82c415ce3eb267afabaf89e98f4dea867dffa975e61279670ce0
Jamroom 5.2.6 Cross Site Scripting
Posted Aug 14, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Jamroom version 5.2.6 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5098
SHA-256 | b6b6afd76f8ae1be1ddfdd8d95e7132cc33c4ecb87d6c5ea141db16a82f97cbf
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close