Facebook Graph Search allows you to leverage private phone numbers to mine real users that map to that number.
d474bc1c2e55cc01ed9d34ec459688c66513646f9c4660362bde861195ca8928Ubuntu Security Notice 2424-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Cody Crews discovered a way to trigger chrome-level XBL bindings from web content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.
bd64f6deeda37a74febafdf00c9dfcb38d1e411fb9b1ca87dc69dce474b713c5WordPress CM Download Manager plugin versions 2.0.6 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
70e27f9cec6ff9a962db96c3898b3ab97efd67d4af24cff458c83462c4e2e1ccDuring a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secret_token values. With these values, attackers can create valid session cookies containing marshalled objects of their choosing. This can be leveraged to execute arbitrary code when the Ruby on Rails application unmarshals the cookie. Versions prior to 9.0.60100 are affected.
afaa34caa4d6d89b6d93e473052895cb376f07a94438794f11e039bc4696f497Ubuntu Security Notice 2430-1 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.
deb1172a40a0518bceab35a578d15ddd317f30fd5b32d1649db2762b7a99cf09Debian Linux Security Advisory 3084-1 - Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload.
c9e59a3cc2d0846936d49063493f76daac05181cf5c5749ecc2b432c06e11499Red Hat Security Advisory 2014-1938-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
392d0c8a5002c7cb1ffef29db8ec3808348de94a00aa2a42a18d316a5b45e184Red Hat Security Advisory 2014-1937-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server.
cd562ed99ccb1033ca973e9aeee9168103627f04bc78017c29431dca6c39844057 million web pages in wix.com suffer from a cross site scripting vulnerability.
c226317cdc5db53b8ca4528328ab02912e5addd884d61aac4190cd04a62f668aRed Hat Security Advisory 2014-1940-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server.
e6e3e6133227ce7c70e4f43424dc2bce6e4a97446edd8d32113f477a544d0521Red Hat Security Advisory 2014-1939-01 - OpenStack Database is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly and easily utilize the features of a database without the burden of handling complex administrative tasks. Cloud users and database administrators can provision and manage multiple database instances as needed. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.
836354ac903cce9e3a9d8d877ebdb31bcdf1f96bb0e60582e6c3639bffe137c1Hack4 has announced its Call For Papers. It will be held December 29th through the 30th, 2014 in Berlin, Germany.
8bd8d0107cba3e6990b5c796da3abbd9efe8451353a0df658a656537e05f6e17An out of bounds read access in the UTF-8 decoding can be triggered with a malformed file in the tool less.
347f4926038ecad2d6a29f7ea51b42576cbdba32e0a8492bd6c7800ee394189cSQL Buddy version 1.3.3 suffers from a code execution vulnerability.
a7040fa9a7bbf05e878f4e287a5244f16ee0664c859fff5c38264b6a7d7d9f50The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.
ab552203002b5442f6c1bc8c385e038e6bf8f4fa91dcb2c7c81a0411c66078c7The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.
bd90ac6b31dacfbadf046e06c7deecd459efc8df1e4b12be5f77d4d95a82096fA heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite.
11133f34a345562636b3137fbe3bb6e9f2ec2aa4045b1360d1b0885244f3d580
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed