Core Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.
21ec84e64e681dcbf21f5213bd3356433798b0d9e50c61ad3431bb54276c747dFacetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. The URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the user browsing the site. This was fixed in iOS 7.1.
bebab63f72c50288bcebc313e5246e1fd3c7b31efbc03002eade638bcbfe9eaeThis bulletin summary lists five released Microsoft security bulletins for March, 2014.
b063e1c4ba9eeff5ac6e5eb539661c25c3f1a73083bc869d190e85eec0e74ec5Apple TV had an issue where it was logging a user's Apple ID and password via debug output in logs.
0a1c6fac11fcc476161bb57b10b35d423406bce4a7f23ea17ef1d502385ce6f1HP Security Bulletin HPSBUX02976 SSRT101236 - A potential security vulnerability has been identified with HP-UX running NFS rpc.lockd. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
778081596e26ad97d27b315e4005402b71f124ffee65d5fda8035cf965163ed5HP Security Bulletin HPSBMU02948 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information. Revision 1 of this advisory.
6afd6558c70104a9e0d9d7d513fd3d286f804508b7ea13c5d542eda51f7e2a3cHP Security Bulletin HPSBMU02947 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in disclosure of information or cross-site request forgery (CSRF). Revision 1 of this advisory.
1eb292c652cf6c4e5ca36c521c35194dfe5e91e45ab38e38173e43f8b2999650Slackware Security Advisory - New udisks and udisks2 packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
06d665d1474edcbae86420d67bd52d22f4d130c855f4494f80057f726438ac5aRed Hat Security Advisory 2014-0284-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.
8cfc7fc325fe40888918ba9e8f2de222f45256f4ab9832b9a6acc34dd00ab357Red Hat Security Advisory 2014-0215-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
126c0f0b7adb1631347c3dc73179ccc193ee1d9d10210467dd040b5b8fe37780This is a whitepaper called the Art of Stealth Scanning. It is written in Persian.
bc4a0ec403dff01e2ba4a5b455bfb43b48b9c57a6ae42ade92c9474ff2c27968This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.
cd3073a5bc682f3580166015609a9200934b628f5a03ccece0e8cc2a07545eb8This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKBCopyD.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3.
390d6553999edd7d8bde91c93b21a22d072083f24cfd61503649be67eeab7edeTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
f316e8db76e02ef1a14131cf5c1b7660c673cdeeae06cde47fcd381edd5c1b1cApple Security Advisory 2014-03-10-2 - Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.
49c40a29a380c50803951ca030c4505c5a3bee971409553f3f4a97d6fc09fea0Apple Security Advisory 2014-03-10-1 - iOS 7.1 is now available and addresses multiple security vulnerabilities.
6c19d4e53e5fb1272b5bc0bf7fa4cc0fda92443e3c83f9bab736bb9f31bcb45dLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
a81288bba1ce2a5f79504fe655d2e1dcf3a02b72b55acd2b273b9c1a71f32da1codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
7cf28c306205dac321f792b40c1ace736ae4f0b55acbb56f588a3e2d8d7d57c2Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's handling of SUBSCRIBE requests. If a SUBSCRIBE request is received for the presence Event, and that request has no Accept headers, Asterisk will attempt to access an invalid pointer to the header location. Note that this issue was fixed during a re-architecture of the res_pjsip_pubsub module in Asterisk 12.1.0. As such, this issue has already been resolved in a released version of Asterisk. This notification is being released for users of Asterisk 12.0.0.
6e56eb72b35ebd81d6277efa644e9243116635a3b307f8a61ee9f768038f90ecAsterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the "qualify_frequency" configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.
3fc37984a9d5b7488a013c0d4d7869919c15b588b2dfa950081c2998a81fc658Asterisk Project Security Advisory - An attacker can use all available file descriptors using SIP INVITE requests, which can result in a denial of service.
786ba76251ce62da4df7d6eb92f164fe200a08d34d8310287e6d97b9f289d40cAsterisk Project Security Advisory - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.
7930613352d2f6681e74a1dd7d8766aee3838790ca9d640367d15b7cb5e507c4Huawei Technologies eSpace Meeting Service version 1.0.0.23 suffers from a local privilege escalation vulnerability.
e4d11f7a656487b39ca9c42b1326265ed1b31d52868853768b3fabb5554742bbWordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.
ee946745fef274d92410d3a5ad6ce3b5a599ed334d2b42371eea610f180683d6HP Security Bulletin HPSBGN02970 - Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. Revision 1 of this advisory.
e25777250b7eb57ebcfad065c189fe97acfb1a87cb7e94b581d8e42eebdd57b0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed