what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-12-03 to 2014-12-04

RSA Adaptive Authentication (On-Premise) Authentication Bypass
Posted Dec 3, 2014
Site emc.com

RSA Adaptive Authentication (On-Premise) versions 6.0.2.1 to 7.1 P3 (inclusive) are potentially vulnerable to an authentication bypass vulnerability, if a device binding request is sent in an AAOP challenge SOAP call.

tags | advisory, bypass
advisories | CVE-2014-4631
SHA-256 | 5b046b6dbb4533bb0536f52b6a2dc43f06850b45d7049bc942ecd1b088a8c051
EMC Documentum Content Server Insecure Direct Object Reference
Posted Dec 3, 2014
Site emc.com

EMC Documentum Content Server may be vulnerable to an insecure direct object reference vulnerability where remote authenticated attackers with limited privileges may potentially obtain unauthorized read access or may be enabled to delete arbitrary files stored on the Content Server machine or network shares accessible from the Content Server machine. Affected versions include all EMC Documentum Content Server versions of 7.1, 7.0, 6.7 SP2, and all versions prior to 6.7 SP2.

tags | advisory, remote, arbitrary
advisories | CVE-2014-4629
SHA-256 | 16926c9bd06c93cbc8802c8b1aefb798a0ec10818ad1b65e388af2de79106df0
ADSL2+ 2.05.C29GV XSS / URL Redirect / Command Injection
Posted Dec 3, 2014
Authored by Ewerson Guimaraes | Site dclabs.com.br

ADSL2+ version 2.05.C29GV suffers from cross site scripting, open redirect, and command injection vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9142, CVE-2014-9143, CVE-2014-9144
SHA-256 | 147873a319df9b0953c07c5217e237c9a65d013db7322d35d15310c9d21e463e
Red Hat Security Advisory 2014-1919-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1919-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
SHA-256 | a4768a1ed845770137dfda480d18e5ff8ef4d9979506ee4ea4a8006dca8278db
Red Hat Security Advisory 2014-1947-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1947-01 - The rhevm-log-collector utility allows users to easily collect log files from all systems in their Red Hat Enterprise Virtualization environment. It was found that rhevm-log-collector called sosreport with the PostgreSQL database password passed as a command line parameter. A local attacker could read this password by monitoring a process listing. The password would also be written to a log file, which could potentially be read by a local attacker. This issue was discovered by David Jorm of Red Hat Product Security.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-3561
SHA-256 | de9fddfbb62b2fa36743ad1557c45fb89c09485f0b921ac43afd16a90ff30054
Red Hat Security Advisory 2014-1924-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1924-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
SHA-256 | 83e959c70c565dccbc7e1ea95e005cc6482fec9b63d8bf67ef80c4d0bf4b9a88
Red Hat Security Advisory 2014-1948-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1948-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

tags | advisory, protocol
systems | linux, redhat
SHA-256 | 3b71f5d6b169bc039bc007559a59b3e625be13b4e9f38be716c407b80a95e740
Red Hat Security Advisory 2014-1941-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1941-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. This issue was discovered by Laszlo Ersek of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3615
SHA-256 | 4166a063e862f52056ad9e930f6dff60af42d309f41742398b54086f642abc07
Ubuntu Security Notice USN-2428-1
Posted Dec 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2428-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
SHA-256 | 8505b81ac20cdc1ef60b089c97a91e3adac72def4c07e9d2c1aa4dbc2d3d9299
Red Hat Security Advisory 2014-1943-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1943-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash. An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-7283, CVE-2014-7825, CVE-2014-7826
SHA-256 | cc3e05257532fc79a02085cdd50c6e4645efeb4e848a6378e35a998e47c4af51
Ubuntu Security Notice USN-2431-1
Posted Dec 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2431-1 - It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-8583
SHA-256 | 5bb4cde48cd484123416bef08c355511f51ff15ed833702a51b37c736b6a5dce
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Dec 3, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | ffcc2d1179782c1daef5d9aca6d5d379798b341a9e605abc3ec6b62dbaf63920
Debian Security Advisory 3085-1
Posted Dec 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3085-1 - Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure.

tags | advisory, web, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2014-9031, CVE-2014-9033, CVE-2014-9034, CVE-2014-9035, CVE-2014-9036, CVE-2014-9037, CVE-2014-9038, CVE-2014-9039
SHA-256 | a1de1eab869a092126a50a694152d1fc84be0f81497bf7f05391744f9c88bc2c
Red Hat Security Advisory 2014-1942-01
Posted Dec 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1942-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-7821
SHA-256 | eff8bdcdfdbc57c9b8dc7bb5d9f16f6b75e0744d9e7f707863a0127446560697
Positive Hack Days V Call For Papers
Posted Dec 3, 2014
Site phdays.com

Call For Papers for Positive Hack Days V which will take place May 26th through the 27th, 2015 in Moscow, Russia.

tags | paper, conference
SHA-256 | 78af96d36a4c3cac4d9ea281f6e2ff1c5ed62e811616bdc83b8cc63afb7d0d6b
Yii Framwork CmsInput Improper XSS Filter
Posted Dec 3, 2014
Authored by Jos Wetzels

Yii framework's CmsInput extension versions 1.2 and prior suffer from an improper cross site scripting sanitation implementation.

tags | exploit, xss
SHA-256 | ca8da68b1474bc4281b1f32954bc5774467cd5f06b1ea17ad128a0eaed3567b7
Altitude uAgent - Altitude uCI 7.5 XSS
Posted Dec 3, 2014
Authored by Owais Mehtab

Altitude uAgent - Altitude uCI version 7.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9212
SHA-256 | 56485ff6ab476cd20d7405c5429f14391c5f57fbaf9bc14536a89d6aa0ab388b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close