fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
350866d7e9b2a739edb1f5bda89100ca631d5ea5f23995da2c005bed14cba47eHP Security Bulletin HPSBUX02960 SSRT101419 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
2c4ac2dc0321928bc8d778690705abd7f032c6ad7074ee164ba06d6940806ffbSecure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
fa4d6e00da06983d6bfdad553caa9202c607b673e0d6dfdfd02dc6dc5553a125Debian Linux Security Advisory 2843-1 - Two buffer overflow vulnerabilities were reported in Graphviz, a rich collection of graph drawing tools. following issues.
4ee21194e5b636cd1295e38dd07817187c639053d4eb21031ae55859f4719c85Mandriva Linux Security Advisory 2014-001 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service via a VAPIC synchronization operation involving a page-end address. The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service via crafted modifications of the TMICT value. Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a XFS_IOC_ATTRLIST_BY_HANDLE or XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. Various other issues have also been addressed.
6b69bde0893ff767d6c4a031c3974e5299f98484da5c93e76dddaff606637041Ubuntu Security Notice 2081-1 - Jared Mauch discovered that Bind incorrectly handled certain queries for NSEC3-signed zones. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service.
c4e232be252b963a1d742931f3b1dd7a6331612029a1bf841d4a6d6e330a1f4dUbuntu Security Notice 2080-1 - Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this issue to cause Memcached to crash, resulting in a denial of service. It was discovered that Memcached incorrectly handled SASL authentication. A remote attacker could use this issue to bypass SASL authentication completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10. Various other issues were also addressed.
10e572ff8359631dd0ec75ed8707fbadc90cec0717a2e3312c268f06bb58708aNetgear WNR1000v3 routers suffer from a flaw in the password recovery flow that allows for disclosure of the plaintext router credentials. The flaw was reported to Netgear in April of 2013 and the vendor has yet to issue a patch. Included is a proof of concept exploit.
10ceab3cf4e7cbcfbcc0663fea13a84947509762cb859ef415f65fff661f9866Auto Classifieds Script version 2.0 suffers from a cross site request forgery vulnerability.
f4f0fffe69805f55c03dd4a31592eafbfc1421a48ec87d99f775c50b1aad2ad3Job Listing Script suffers from cross site request forgery and cross site scripting vulnerabilities.
b2338f2a886d952aed1cde8bf6be26f46771fabd7fff42691f37fb3b50f7c6b6Debian Linux Security Advisory 2842-1 - Alvaro Munoz discovered a XML External Entity (XXE) injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites.
661559d82e59595aa56b0d039a8e4a818c0fa3e433d0bbf0fcfe15354a747c27WordPress DT Chocolate plugin suffers from a cross site scripting vulnerability in jplayer.swf.
ca76d61472f76097e13b9dc8f3d2445a0b57ee437e584cf7eeaa019947b86eb7Appointment Scheduler version 2.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
c862a29944969863f0975fcc7d158a1e88bc1056d42e23427041ef26085170b4Car Rental Script suffers from cross site request forgery and cross site scripting vulnerabilities.
f875528451adbf590ff5d42e8db5528e9767054b64d9a39838371b6e8e9ebfc1Event Booking Calendar version 2.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.
6e48051ca41d4a5840ce63add66a1bddb3bb21040e2895174b0a34fa26916171
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed