what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2013-09-25

Debian Security Advisory 2764-1
Posted Sep 25, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2764-1 - Daniel P. Berrange discovered that incorrect memory handling in the remoteDispatchDomainMemoryStats() function could lead to denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-4296
SHA-256 | dd359ee6a114c2ea12723e65fab5b15ff7b13a65fc45369003a122ce5e0872ba
Cisco Security Advisory 20130925-rsvp
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device. The vulnerability is due to improper parsing of UDP RSVP packets. An attacker could exploit this vulnerability by sending UDP port 1698 RSVP packets to the vulnerable device. An exploit could cause Cisco IOS Software and Cisco IOS XE Software to incorrectly process incoming packets, resulting in an interface queue wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, udp, protocol
systems | cisco, osx
SHA-256 | 3b78cfc49fd1ee0b1521f34bcd5270992188dc65edc558825433c0c63d976267
Cisco Security Advisory 20130925-ike
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange (IKE) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a device reload. The vulnerability is due to incorrect handling of malformed IKE packets by the affected software. An attacker could exploit this vulnerability by sending crafted IKE packets to a device configured with features that leverage IKE version 1 (IKEv1). Although IKEv1 is automatically enabled on a Cisco IOS Software and Cisco IOS XE Software when IKEv1 or IKE version 2 (IKEv2) is configured, the vulnerability can be triggered only by sending a malformed IKEv1 packet. In specific conditions, normal IKEv1 packets can also cause an affected release of Cisco IOS Software to leak memory. Only IKEv1 is affected by this vulnerability. An exploit could cause Cisco IOS Software not to release allocated memory, causing a memory leak. A sustained attack may result in a device reload. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

tags | advisory, remote, protocol, memory leak
systems | cisco, osx
SHA-256 | 926f6df2eb60f84bd616da0c798b13eedfde7066aed0633134cdd5f5c378ddcf
Gentoo Linux Security Advisory 201309-19
Posted Sep 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-19 - A vulnerability in TPP might allow a remote attacker to execute arbitrary code. Versions less than 1.3.1-r2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2013-2208
SHA-256 | 3a9f9ad7060b3de29312c0d41a721213a4c5d59e7cbda803afdbcc82f7a2c31b
Red Hat Security Advisory 2013-1285-01
Posted Sep 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1285-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. This issue only affected systems using PKI tokens with the memcache or KVS token back ends.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-4294
SHA-256 | 28df121d2a467014fbdbd4c61516f0f6cb586350418bb55edb71c88884ec877e
Mandriva Linux Security Advisory 2013-241
Posted Sep 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-241 - The Crypt::DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. The updated packages have been patched to correct this issue.

tags | advisory, remote, perl, spoof
systems | linux, mandriva
advisories | CVE-2011-3599
SHA-256 | 8bf65c0836d8b1066a9f09c8a587483fb026967a49173ae948aff56262dedc39
Gentoo Linux Security Advisory 201309-18
Posted Sep 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-18 - Multiple vulnerabilities have been found in libvirt, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.0.5.1-r3 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0170, CVE-2013-1962
SHA-256 | 9257d13b61a35d266211c700641ed9bda77545c33aa5ed5116ee2974035d6fed
Nodejs js-yaml load() Code Execution
Posted Sep 25, 2013
Authored by joev | Site metasploit.com

For node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package versions below 2.0.5, specifying a self-executing function allows us to execute arbitrary javascript code. This Metasploit module demonstrates that behavior.

tags | exploit, arbitrary, javascript
advisories | CVE-2013-4660
SHA-256 | cc5320d102ad2ea9d6b424995476c2aab54c6ea13234fab7e8cf266af00a87a5
Cisco Security Advisory 20130925-dhcp
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 3d9eb0899aae2d9787ea19cb3bb54f490cd6578d496a6ab8a7ae73ee913e03fd
Gentoo Linux Security Advisory 201309-17
Posted Sep 25, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-17 - Multiple vulnerabilities have been discovered in Monkey HTTP Daemon, the worst of which could result in arbitrary code execution. Versions less than 1.2.2 are affected.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2013-2163, CVE-2013-3724, CVE-2013-3843
SHA-256 | 0bf65ad73e535f0517decce91fe8c3808bae00aec63238d2632884ef1b671076
Cisco Security Advisory 20130925-wedge
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service (DoS) scenario. The vulnerability is due to incorrect implementation of the T1/E1 driver queue. An attacker could exploit this vulnerability by sending bursty traffic through the affected interface driver. Repeated exploitation could cause a DoS condition. Workarounds to mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 989c2c1ca08d2b73e323083463ba6ab26781b1d701b95e1f1b2ba6ad1b17e705
Mandriva Linux Security Advisory 2013-240
Posted Sep 25, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-240 - Multiple security vulnerabilities exist due to improper sanitation of user input in GLPI versions prior to 0.83.9, 0.83.91, and 0.84.2. This update provides GLPI version 0.83.91, with a patch from GLPI 0.84.2, to fix these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-2225, CVE-2013-2226, CVE-2013-5696
SHA-256 | 4d3c00a2edfe641cebcea5516c934560c44649ada453ccf113b27403bf71b449
Cisco Security Advisory 20130925-ntp
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the Network Time Protocol (NTP) feature in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of multicast NTP packets that are sent to an affected device encapsulated in a Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message from a configured MSDP peer. An attacker could exploit this vulnerability by sending multicast NTP packets to an affected device. Repeated exploitation could result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. A workaround is available to mitigate this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 26e0e238dca4511525895ffa0eddafc629172317cf7ef7d4ae4a46cc6908fdb4
Cisco Security Advisory 20130925-cce
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Zone-Based Firewall (ZBFW) component of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload. The vulnerability is due to improper processing of specific HTTP packets when the device is configured for either Cisco IOS Content Filtering or HTTP application layer gateway (ALG) inspection. An attacker could exploit this vulnerability by sending specific HTTP packets through an affected device. An exploit could allow the attacker to cause an affected device to hang or reload. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web
systems | cisco, ios
SHA-256 | 5fa03221d9816d3015832510c218ef91c3bf8eb4603c1f86cbb6a87f89853fe9
HP Security Bulletin HPSBMU02872 SSRT101185 2
Posted Sep 25, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02872 SSRT101185 2 - Potential security vulnerabilities have been identified with HP Service Manager Web Tier running on Windows. Service Manager Web Tier is vulnerable to remote disclosure of information and cross site scripting (XSS). Revision 2 of this advisory.

tags | advisory, remote, web, vulnerability, xss
systems | windows
advisories | CVE-2012-5222, CVE-2013-2321
SHA-256 | 3baca2d143d75375c164427e2ae231c537079c304306fb1ee5c483f220f8a2a4
Cisco Security Advisory 20130925-nat
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, ios
SHA-256 | 94953ab0dff6a2e901274ec8b4f46779d4645720bf2390bbffed0e8224d63fb2
X2CRM 3.4.1 Cross Site Scripting / Local File Inclusion
Posted Sep 25, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

X2CRM version 3.4.1 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2013-5692, CVE-2013-5693
SHA-256 | 6a4cc66b913f10cf3f46ac6679902a3741e65db273a494ff6f23cbe4728b3b17
Cisco Security Advisory 20130925-ipv6vfr
Posted Sep 25, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, ios
SHA-256 | 8f713408f5485ebe4bd2af72fa2c6d1a787b587c82d2bf30400c3e25715d78b1
Zabbix 2.0.5 Password Leak
Posted Sep 25, 2013
Authored by Pablo Gonzalez, Chema Alonso, German Sanchez

Zabbix version 2.0.5 suffers from an issue where it allows for the disclosure of a user's password.

tags | advisory
advisories | CVE-2013-5572
SHA-256 | cf632cf260f0dd10243a64e66e97a8eb0ca481c0cc6b35ff2633b0cd564cacf9
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
SHA-256 | f2193eea137458685913c7447d099d29999247310ec1af67fb445ea5bf5576dc
Suricata IDPE 1.4.6
Posted Sep 25, 2013
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: An SSL parsing issue was fixed (CVE-2013-5919). IPv6-in-IPv6 decoding was fixed. Bugs in the pattern matcher and content inspection were fixed. Logging of tagged packets was fixed.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2013-5919
SHA-256 | 5cf5d76dd63d06b993912301edc8afa06f886d0b68740239cc7df49b00800f8e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close