what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-06-23

Red Hat Security Advisory 2015-1177-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1177-01 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.0 is a minor product release that updates Red Hat JBoss A-MQ 6.1.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
SHA-256 | c9adeea3a960e9023bf77969db57bb2de16626cb8200390698e69ed2fd214a63
Red Hat Security Advisory 2015-1176-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2013-7397, CVE-2013-7398, CVE-2014-0363, CVE-2014-0364, CVE-2014-3577, CVE-2014-4651, CVE-2014-5075, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
SHA-256 | 5b62a88300e3d3a984e66c33f540e2c9e0a241d1cb41eb116da6198f4b034f4c
EMC Documentum Thumbnail Server Directory Traversal
Posted Jun 23, 2015
Site emc.com

EMC Documentum Thumbnail Server contains a directory traversal vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 6.7SP1, 6.7SP2, 7.0, 7.1, and 7.2 are affected.

tags | advisory
advisories | CVE-2015-0550
SHA-256 | 65f6e0d65c42ddbdcb2a59562211a3441c788baafed82f99fdc4a58870a62e44
EMC Documentum D2 Cross Site Scripting
Posted Jun 23, 2015
Site emc.com

EMC Documentum D2 contains a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versious 4.1, 4.2, and 4.5 are affected.

tags | advisory, xss
advisories | CVE-2015-0549
SHA-256 | d63acf8734b5f631519f1ea06e1d70f948774e546a0b8b1f4c8ad7f39896126a
FreeRADIUS Insufficient CRL Application
Posted Jun 23, 2015
Authored by Andrea Barisani, Open Source CERT

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.

tags | advisory
advisories | CVE-2015-4680
SHA-256 | f44ceb4ece64f245dca32d4e44eaa21e29c75abd2daf06b1fa52ef60f318b7bc
HP Security Bulletin HPSBMU03356 1
Posted Jun 23, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03356 1 - A potential security vulnerability has been identified with HP Business Service Automation Essentials (BSAE) running TLS. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-4000
SHA-256 | 0460cfc09f1d91b07bbdaac7eb563a04d8545a18f9bc8815fa251d6e639ca183
Red Hat Security Advisory 2015-1153-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1153-01 - Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance would recognize Sender alignment for Domain Key Identified Mail signatures. Consequently, Mailman list subscribers that belonged to a mail server with a "reject" policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, domains with a "reject" DMARC policy are recognized correctly, and Mailman list administrators are able to configure the way these messages are handled. As a result, after a proper configuration, subscribers now correctly receive Mailman forwarded messages in this scenario.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-2775
SHA-256 | 3d985a75ad520e9d32dc40dc407d5272dec00095877d0f014e8d7835cae3ba1f
Red Hat Security Advisory 2015-1139-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1139-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830
SHA-256 | edf6a2a888e1f12e7dc662266281129cfaba312336e0fc5b027d706bd9acab86
Red Hat Security Advisory 2015-1154-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1154-01 - Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-3204
SHA-256 | efabc6b1f6c23dfaa0f6f4ec4221f9503c2a4cab00e81c247567f72882a190ca
Red Hat Security Advisory 2015-1137-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830
SHA-256 | b0d41a4e75261540327de9609c7f84e2f2c54a7eabc27611a2cfb4708a7cd5fd
Red Hat Security Advisory 2015-1138-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1138-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830
SHA-256 | bc6b92e674b8c59bb4c70d6ba01e90053bbee07767a1b4dc571aa00572108c9e
Debian Security Advisory 3293-1
Posted Jun 23, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3293-1 - Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens.

tags | advisory, remote, web, arbitrary, python
systems | linux, debian
SHA-256 | c91b5da63a86d6e83b97542702b63969ec45eef3dc789546f1daf299a0a515b2
Red Hat Security Advisory 2015-1135-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602
SHA-256 | cd29d265756a82b81294b5b57ef3c66093befd38401aca38c86228d6f38a5a66
Smalisca 0.2
Posted Jun 23, 2015
Authored by Cyneox | Site nullsecurity.net

Smalisca is a static code analysis tool for Smali files.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | c01aa506d6ff25651d6879d25008ed2498b6c01d0127d349319f4332c039cbc7
WordPress Nextend Facebook Connect 1.5.4 Cross Site Scripting
Posted Jun 23, 2015
Authored by Liran Segal

WordPress NextEnd Connect plugin version 1.5.4 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-4413
SHA-256 | 8967112d4e0b087a9c98f874a79f8d302c634061fdc5641c6b3e1c707037d480
WordPress Revslider Arbitrary File Upload / Download / XSS
Posted Jun 23, 2015
Authored by CaFc Versace

WordPress Revslider plugin suffers from cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | 36a172246b28821efbbddd74fa15559539df7db7fe943afe36e9ba491cdc5324
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close