Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
09b24f75d2aed6e357578f44cf60eb8a08fc54e819aa84e768648ea4559cb539HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
b614877919ffd8acdaa97393db4294d3cac0f62dcd1d3c07cbb31e1f020b0139HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
d2900fe18279864e2d174ab252466414338a67aafa6110a5ff22a7ed7b064f41HP Security Bulletin HPSBMU03061 - A potential security vulnerability has been identified with HP Release Control. The vulnerability could be exploited remotely to allow disclosure of privileged information and elevation of privilege. Revision 1 of this advisory.
c70eb870381013491398bee0005e8a0260fd303241d869b858908d47530e5385Debian Linux Security Advisory 2969-1 - Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.
a83f23287604c42c60b88d579639ae305d020bfe95bbe0985afe821df9d5acaaZeroCMS version 1.0 suffers from a cross site scripting vulnerability.
feb6f6569634fb81cbb6803d7135c6a39dc36b0b93cab1a91415bc1bedadc704The International Conference on Information Systems Security and Privacy (ICISSP) 2015 has announced its call for papers. It will take place in Loire Valley, France February 9th through the 11th, 2015.
8322efe361013b279e0f833cfde2680b2947455298e6bd5cf805ffc9527c91b8HP Security Bulletin HPSBMU03058 - A potential security vulnerability has been identified with HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This vulnerability could be exploited remotely to allow the disclosure of information. Revision 1 of this advisory.
5a8ab459e9c0801f07c313e0141eb38d3964109dce9b296244e7e197b23ecbc0Ubuntu Security Notice 2263-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
c1756759393556e7f3f5ea6151c39cb7d4f78aee5b448f98be9b3580b90bbe19Ubuntu Security Notice 2262-1 - A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions.
e114f0a79df2dc184f86e4e1f8e322df6730085883dcbe31affbebb324233371Ubuntu Security Notice 2261-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
05bf0bde4d4865f155ffc5c349bcbc021cacad831e176b70b78ef8aa1290dd14Ubuntu Security Notice 2259-1 - Salva discovered an information leak in the Linux kernel's media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
4fb5093864365c1809ce0fbfe91f7fb846b76d82177e2f2d13873e3cdaf599b2Ubuntu Security Notice 2260-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges. Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges. Various other issues were also addressed.
a4a39b070b3c2638637a0a3a42c4348f420eadd2c2d14b44a27b4ddd0bcfd35cGentoo Linux Security Advisory 201406-28 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.8.7 are affected.
a7dfc0ad8bcd2a1522857cab1a97683ee996889cfb13167b2801ba61ff9de83fGentoo Linux Security Advisory 201406-31 - Multiple vulnerabilities have been found in Konqueror, the worst of which may allow execution of arbitrary code. Versions less than 4.9.3-r1 are affected.
1636f80f16d96860865cc10c6c36fa432ab92847a621b4576d877dd92920fa80Debian Linux Security Advisory 2968-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.
98f994e455ffe9e827e3cdac132ac260a69f23cd0b844b512787858cbce46187Gentoo Linux Security Advisory 201406-30 - A vulnerability has been found in sudo allowing a local attacker to gain elevated privileges. Versions less than 1.8.5 are affected.
cab36e1715276e014e86008e83baf9b2196d6035b61ecca23891bc04e1afc11dUbuntu Security Notice 2264-1 - Salva discovered an information leak in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. A bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. A remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. Various other issues were also addressed.
920a2a06a3de9eacbb25f2d917e0dffafeaf7b29e48f7e24cae1845f7c2c673eLinkedIn suffered from a cross site request forgery vulnerability.
8e1a2fb106e3b781251ccf3ce81d2d5a89ef8abfb000cab08a05481218d5a170This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.
dd2fd87c80023443848e47bf145fc594ce2617436c0759a85eb64c8248dbcdb7This Metasploit module abuses a process creation policy in the Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The problem exists in the .NET Deployment Service (dfsvc.exe), which can be run as Medium Integrity Level. Further interaction with the component allows to escape the Enhanced Protected Mode and execute arbitrary code with Medium Integrity.
566f2c34ce894a344de48e60acdf38825db4478f6732a3bdd3039b0e32d1cda3This Metasploit module exploits a vulnerability in Internet Explorer Sandbox which allows to escape the Enhanced Protected Mode and execute code with Medium Integrity. The vulnerability exists in the IESetProtectedModeRegKeyOnly function from the ieframe.dll component, which can be abused to force medium integrity IE to user influenced keys. By using registry symlinks it's possible force IE to add a policy entry in the registry and finally bypass Enhanced Protected Mode.
c9f9dc448204fe8efbcb3d05352d9e8dff208d0ff120536098d4e6f8b8305895Gentoo Linux Security Advisory 201406-29 - A vulnerability in spice-gtk could allow local attackers to gain escalated privileges. Versions less than 0.14 are affected.
b9413874188c23654847ff370a14d42def91b36b4d09058318892334cd2315faGentoo Linux Security Advisory 201406-27 - A race condition in polkit could allow a local attacker to gain escalated privileges. Versions less than 3.14.1 are affected.
e25d75df9ade95871973ee8eb13ecdc5976b44c82d22212c6566220987e42d0eThe CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.
01a64b6c75c2c538d377c20d172e63cd36ed7553c62d8c8bc2aab7496757c955
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed