what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 31 RSS Feed

Files Date: 2014-05-06 to 2014-05-07

IBM AIX Kernel Memory Leak / Denial Of Service
Posted May 6, 2014
Authored by Tim Brown | Site portcullis-security.com

IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.

tags | advisory, denial of service, kernel, vulnerability, memory leak
systems | aix
advisories | CVE-2014-0930
SHA-256 | 326046758c80dfd7a90603cb6033621d1db225d4cc2532b1585420f2b0419948
Citrix Netscaler SSL Certificate Validation
Posted May 6, 2014
Authored by Graham Sutherland | Site portcullis-security.com

The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 assigns an empty trust manager to its SSL context, causing it to accept any certificate regardless of validity.

tags | advisory, java, remote
advisories | CVE-2014-2882
SHA-256 | e5644b3c84ef1767a4c3219f5059c4bdfb37dcedae655c50b6b91a1d4af6d79a
Citrix Netscaler Diffie-Hellman Key Exchange Issue
Posted May 6, 2014
Authored by Graham Sutherland | Site portcullis-security.com

The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 contains a poor implementation of the Diffie-Hellman key exchange algorithm. The random number generator used to produce secret values is the java.util.Random class, which is not of cryptographic quality. Publicly known predictors exist for the underlying RNG, and the seed is either 32-bit or 48-bit depending on the host system.

tags | advisory, java, remote
advisories | CVE-2014-2881
SHA-256 | 612fdba9feea5c0713bc91be355ef4db41095f1483e3d0a2d21522880fdb4da5
Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure
Posted May 6, 2014
Authored by Micha Borrmann | Site syss.de

Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.

tags | exploit
systems | windows
advisories | CVE-2014-2845
SHA-256 | 541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27
HP Security Bulletin HPSBMU03037
Posted May 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03037 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | aec8b95add2f092b528971141113365b225da682d19aac54594e220dbc06f630
Night Lion Security PHP Stress
Posted May 6, 2014
Authored by Vinny Troia | Site nightlionsecurity.com

Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.

tags | exploit, tool, web, denial of service, cgi, php, proof of concept
systems | linux
SHA-256 | 66e4705c388028be2e16a9b4d12a2811c4c3a961557abb18afaabbf367a8d1ad
Ubuntu Security Notice USN-2204-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2204-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | dd7a26245866c9a5c07f22316740d7f9acf798a4a732970e7b6e116adc20e740
Ubuntu Security Notice USN-2203-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2203-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | c8d25e87b929d65edcc4cd7a6d6997665aa69f135e56f3af4a28e7a152ae78ae
Ubuntu Security Notice USN-2202-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2202-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 391772af2fe8a72ffc41773aafe534e075b531dc203a91903e122f9adaa42138
Ubuntu Security Notice USN-2201-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2201-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | fb6cb392ae5025b853c23e0430dec9d8ad8a370f8d544cc861684db1e453338d
Ubuntu Security Notice USN-2200-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2200-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 58b21505b3ee4b4f9e782fef31f952a0b9c0df237cc181522f5eed95a55ae5a5
Ubuntu Security Notice USN-2199-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2199-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 895e12b282957d8d9a403060050150dc4fdd148f9a42d3595bb1170fd560463e
Ubuntu Security Notice USN-2196-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2196-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 86d38fbc6418df4de6cab53031a6df5774f0fa1a28eb2685d604c9a0545d454a
Ubuntu Security Notice USN-2207-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2207-1 - Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0006
SHA-256 | 048ba1c7b39cf652bb2065000cd752dba467066f0f3b3d5301251481601b14b5
Red Hat Security Advisory 2014-0473-01
Posted May 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0473-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.1 release serves as a replacement for JBoss Operations Network 3.2.0, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2014-0050
SHA-256 | 4f401d1844f1516c45c35fb297633215009b76b4c56f316e4ac41897e16d6d9b
Ubuntu Security Notice USN-2198-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2198-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | 4cd66a33cf7bd7b75d1dfcc1384e054c40e7d85f25e960c208bf19e7e72d6e6d
Ubuntu Security Notice USN-2206-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2206-1 - Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2014-0157
SHA-256 | 5c3b290e4761888a3009adbe26af55923b41684a41ebfe3808e4adc5174691b3
Ubuntu Security Notice USN-2205-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2205-1 - Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244
SHA-256 | 0a36165cd5461687b32e574203a454a3c7144c64466afed8433775e0d7a46ec0
Ubuntu Security Notice USN-2197-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2197-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-0196
SHA-256 | bed89c789a924164c49f25a9ba1c04c675e19f473575882e6c37259a569abf3b
CMS PUNTOPY SQL Injection
Posted May 6, 2014
Authored by Felipe Andrian Peixoto

CMS PUNTOPY suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | eaa6b822df51a218305e7b93ebd17c7dba80bc9043aaf9e64d3041648d6adea9
SOAPpy 0.12.5 XXE / Denial Of Service
Posted May 6, 2014
Authored by pnig0s

SOAPpy version 0.12.5 suffers from XXE and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xxe
SHA-256 | fcbd1ab000fb47d02b209bbaf51f935e156706c4d194b9781d2f5dc2fdbd552a
Ruxcon 2014 Call For Papers
Posted May 6, 2014
Site ruxcon.org.au

Ruxcon 2014 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre, Melbourne, Australia.

tags | paper, conference
SHA-256 | 9926fc8ff7b928e9ca8836613b897aed5bdebc0a2ed3dd14bbd749357e065645
HP Security Bulletin HPSBGN03010 4
Posted May 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03010 4 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. Revision 4 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | acf1c601833a846a4939625ab8ce20b162f3678927f1bc481d459741c4a2a195
Ubuntu Security Notice USN-2193-1
Posted May 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2193-1 - Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0162
SHA-256 | ff9740f205e6ae1e20a5d556a38042223b927531b3ab3ebba7441ac9ff0dd2c7
Debian Security Advisory 2924-1
Posted May 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2924-1 - Multiple security issues have been found in Icedove, Debian's version errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.

tags | advisory, denial of service, overflow, arbitrary, xss
systems | linux, debian
advisories | CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
SHA-256 | 0a36e8832664a7fa25c7ef5f78f104e18d401f48f76439906c0a1067563c3ea6
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close