what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-10-24

TOR Virtual Network Tunneling Tool 0.2.5.10
Posted Oct 24, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: It adds several new security features, including improved denial-of-service resistance for relays, new compiler hardening options, and a system-call sandbox for hardened installations on Linux (requires seccomp2). The controller protocol has several new features, resolving IPv6 addresses should work better than before, and relays should be a little more CPU-efficient.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | b3dd02a5dcd2ffe14d9a37956f92779d4427edf7905c0bba9b1e3901b9c5a83b
EMC Avamar Sensitive Information Disclosure
Posted Oct 24, 2014
Site emc.com

EMC Avamar server contains a vulnerability that may allow remote Avamar client user to retrieve sensitive account credentials from affected Avamar server using Java API calls. No authentication to Avamar server is required for this potential attack. Exposed information includes MCUser and GSAN account passwords of all grid systems that are being monitored in EMC Avamar Enterprise Manager. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x up to and including 7.0.2-43 are affected.

tags | advisory, java, remote
advisories | CVE-2014-4624
SHA-256 | 24d8d814ea8b6331d98ee101748e0eb8f4305b743a3d2fab02a2af437b2537cb
EMC Avamar Weak Password Storage
Posted Oct 24, 2014
Site emc.com

EMC ADS/AVE Password hardening package uses the DES-based traditional Unix crypt scheme that may be susceptible to brute force and dictionary attacks if the hashes are obtained by an adversary. The hardening package is an optional package and installed separately. Affected includes EMC Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE) running Avamar 6.0.x, 6.1.x, and 7.0.x running with optional Password hardening package earlier than version 2.0.0.4.

tags | advisory
systems | unix
advisories | CVE-2014-4623
SHA-256 | 7050f48ab77ce658a8e7df1088c51dae344960d6024f8242dfab187ac1a9293e
EMC NetWorker Module For MEDITECH (NMMEDI) Information Disclosure
Posted Oct 24, 2014
Site emc.com

A vulnerability exists in the EMC NetWorker Module for MEDITECH when used with EMC RecoverPoint that could potentially allow exposure of sensitive information. EMC NetWorker Module for MEDITECH (NMMEDI) version 3.0 builds 87-90 are affected.

tags | advisory
advisories | CVE-2014-4620
SHA-256 | 5f4139262a1a31b0adcc4f93e8715e05c783ad6848d8f28ed67463fb2709f1c6
Apple Security Advisory 2014-10-22-1
Posted Oct 24, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-22-1 - QuickTime 7.7.6 is now available and addresses memory corruption and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
systems | apple
advisories | CVE-2014-1391, CVE-2014-4350, CVE-2014-4351, CVE-2014-4979
SHA-256 | 96b113d74efb9d4b578a222d5eecf43dc007cc8c5a2d45ae9a1ba20221ceafe3
Mandriva Linux Security Advisory 2014-203
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-203 - OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.

tags | advisory, denial of service, protocol, memory leak
systems | linux, mandriva
advisories | CVE-2014-3566, CVE-2014-3567
SHA-256 | 462c872ebcc385be756aa0fb753b94bba6e8c81eea179a7094bc9780baab1264
Mandriva Linux Security Advisory 2014-204
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-204 - A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-3660
SHA-256 | 803875a2dbb9ccffd654dd8a2dde7e9896cb99ff61f57498fb11b72d2d2e4b95
Mandriva Linux Security Advisory 2014-202
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-202 - A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code. The updated php packages have been upgraded to the 5.5.18 version resolve this security flaw. Additionally, php-apc has been rebuilt against the updated php packages.

tags | advisory, arbitrary, php
systems | linux, mandriva
advisories | CVE-2014-3670
SHA-256 | ad8e8a85ad33b1705481a4a7f816f764d9448250adbf844914a52d7f501c0bc7
Mandriva Linux Security Advisory 2014-209
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-209 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. The updated packages provides a solution for these security issues.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
SHA-256 | 89ada4715362388984529bf817915d8424e6bd940d71e8b056eab22a0cbab21b
Mandriva Linux Security Advisory 2014-208
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-208 - In phpMyAdmin before 4.2.10.1, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8326
SHA-256 | 23e7d6010b099d082d9b1d47def0ba31868335be610260380734d7d8e1f491eb
Mandriva Linux Security Advisory 2014-207
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-207 - A flaw was discovered in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8760
SHA-256 | a317ee00d1c5ead5d69019056469278a1ae8d6971022cc4d4682619b8b130715
Mandriva Linux Security Advisory 2014-206
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-206 - A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2014-7204
SHA-256 | e6b081cb5525d17c9aa1921e7e54dd56beafed6968ce2d0a7ab0e14dd373d1b5
Mandriva Linux Security Advisory 2014-205
Posted Oct 24, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-205 - A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-5461
SHA-256 | 41c0ce842fa436a99105fa93c7f6ee89798757ba9363750bbb92eb41d89a0574
Slackware Security Advisory - glibc Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4237, CVE-2013-4458, CVE-2013-4788, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040
SHA-256 | f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7
Slackware Security Advisory - pidgin Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3697, CVE-2014-3698
SHA-256 | 5cbe6f4c509145ab2cca11c0b6d42108ea1c7b3a6b2eb3f143083978c7b37df2
Debian Security Advisory 3055-1
Posted Oct 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3055-1 - Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698
SHA-256 | 71a6874b3dc2259d8c5a453197bf19480a1798e328e3a60d8282fef8ae738580
MyBB MyBBlog 1.0 Cross Site Scripting
Posted Oct 24, 2014
Authored by DevilScreaM

MyBB MyBBlog plugin version 1.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 1578e5289a6b5a76e304563e9345edf564380d58be23670d28152abc4de59330
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close