what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-04-30 to 2015-04-30

RSA IMG 6.9 / 6.9.1 Insecure Password Reset
Posted Apr 30, 2015
Site emc.com

RSA IMG contains fixes for an insecure password reset vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 6.9 P04 and 6.9.1 P01 are affected. Versions prior to 6.9 are not affected.

tags | advisory
advisories | CVE-2015-0532
SHA-256 | c6666505e39409872aa4004d98d0640abd4df8ec788ac46a4eed4baf26c1a5a9
FrontRange DSM 7.2.1.2020 / 7.2.2.2331 Insecure Storage
Posted Apr 30, 2015
Authored by Matthias Deeg | Site syss.de

The client management solution FrontRange Desktop and Server Management (DSM) stores and uses sensitive user credentials for required user accounts in an insecure manner which enables an attacker or malware with file system access to a managed client, for example with the privileges of a limited Windows domain user account, to recover the cleartext passwords. The recovered passwords can be used for privilege escalation attacks and for gaining unauthorized access to other client and/or server systems within the corporate network as at least one FrontRange DSM user account needs local administrative privileges on managed systems. Versions 7.2.1.2020 and 7.2.2.2331 are affected.

tags | advisory, local
systems | windows
SHA-256 | 6dceda4b06fd7f28ead2853794061c22f60742ebcc1960711543fd9e45abc6aa
TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
Posted Apr 30, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.

tags | exploit, overflow
SHA-256 | 7a37d596089ffb1fa811b151734f591791c8d53219a3fdd9ea5cf26e1b134cc6
Ubuntu Security Notice USN-2589-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2589-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
SHA-256 | 8282d42fb6583caf6d76b6aee077dd9245ed77e5d04d2fc2bb4a081975c28256
Ubuntu Security Notice USN-2590-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2590-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, CVE-2015-2922
SHA-256 | 1b08e536241af42cd68bdd34efa71e59d286ef81926d08113e25aa0e4a6caa10
Ubuntu Security Notice USN-2588-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2588-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
SHA-256 | 9a627000ef86237cd41df7a15f646311d33c5638f0b71888ede7a4353bc5d3b4
Ubuntu Security Notice USN-2583-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2583-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | 28d7b89bb124569f420a9ba709fe48765584dc12a3e3a59abbea9305fcd7dbbc
Ubuntu Security Notice USN-2584-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2584-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | 8afb2a3026cf0f899a4947b7bd2d83d11b7cd5af96e4255b0b9375879b36674a
Ubuntu Security Notice USN-2587-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2587-1 - A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges. It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped). Various other issues were also addressed.

tags | advisory, denial of service, overflow, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2666, CVE-2015-2922
SHA-256 | aca50e1868eb2659833e7f58be08c01df08d2b9366912a4241e743edb63ccd25
Ubuntu Security Notice USN-2586-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2586-1 - It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2922
SHA-256 | 19a304728639f12fad4af354e58d2750b5c6c0b3b7ead07ae4bc438aca0151e8
Ubuntu Security Notice USN-2591-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2591-1 - Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153
SHA-256 | 58aa927ae5cde26c640c5b1fad0d3a84b7a2049bd1bb1094b604b1a5687488f4
Ubuntu Security Notice USN-2585-1
Posted Apr 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2585-1 - It was discovered that the Linux kernel's IPv6 networking stack has a flaw that allows using route advertisement (RA) messages to set the 'hop_limit' to values that are too low. An unprivileged attacker on a local network could exploit this flaw to cause a denial of service (IPv6 messages dropped).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2922
SHA-256 | 136d5b9a293b9464db081e9dd429285bf619d901e2b79cb7e0f61c1161064c2d
Mandriva Linux Security Advisory 2015-218
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-218 - Multiple vulnerabilities have been found and corrected in glibc. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Various other issues were also addressed. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2013-7423, CVE-2015-1781
SHA-256 | ca67e4afc95e67b314459d08aafa35fbb3e1d19b574ae36b9849508247891508
Mandriva Linux Security Advisory 2015-217
Posted Apr 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
SHA-256 | d7abd24a5ede0ffb411a19c7b4916189dd8611c728e2fd9900a0d2d4bb39756e
Debian Security Advisory 3241-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3241-1 - John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal.

tags | advisory
systems | linux, debian
advisories | CVE-2015-3337
SHA-256 | fce5038a8b3f95eef78c548ff16d6571a4ba1f233ef9e0f3f8b8cd11472f084c
HP Security Bulletin HPSBGN03324 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03324 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials Core that could allow the remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2013-2566
SHA-256 | 78fe7eff7e07277444127a8bba8d785bb3ee3e89771f56ff1623a076393de83a
HP Security Bulletin HPSBGN03323 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03323 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials Core with JBOSS that could allow the remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2013-4810
SHA-256 | 7437618034ef0f75e3dcc42be435fa83372cd755f9a2c090d2eaff966799628f
Debian Security Advisory 3239-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3239-1 - Juliane Holzt discovered that Icecast2, a streaming media server, could dereference a NULL pointer when URL authentication is configured and the stream_auth URL is triggered by a client without setting any credentials. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-3026
SHA-256 | 4a3db4dabf12e50966deed1f99fdeeca7e0401d11acb6dd03eea93d80cf91dae
Debian Security Advisory 3240-1
Posted Apr 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3240-1 - It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information.

tags | advisory, web, protocol
systems | linux, debian
advisories | CVE-2015-3153
SHA-256 | 252128cd3e64002729ccdb22bf39b8b4adca54fe0f20743af8097920dfca7772
HP Security Bulletin HPSBMU03241 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03241 1 - A potential security vulnerability has been identified with HP Network Automation running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 3bb6f6cfee73ba02fa91b1f4859b6489e55c9a06284a0c3a40e321a3804e81b3
HP Security Bulletin HPSBUX03320 SSRT101952 1
Posted Apr 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03320 SSRT101952 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), execution of arbitrary code, or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2015-0240
SHA-256 | e973ffb6dafb6ca7009b2cd65cdfaa080bc145cae7286e26749ee0040f2ca8fc
SevDesk 1.1 Persistent Script Insertion
Posted Apr 30, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SevDesk version 1.1 suffers from a persistent script insertion vulnerability in the application dashboard.

tags | exploit
SHA-256 | b44b3d91f0262e0b448dcfc054371b496431ca08b92de3910209721ad41b89f1
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close