Säkerhet

WinSCP 5.5.2.4130 Missing X.509 Validation

Packet storm - ons, 2014-04-16 22:48
WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.
Kategorier: Säkerhet

Ektron CMS 8.7 Cross Site Scripting

Packet storm - ons, 2014-04-16 22:43
Ektron CMS version 8.7 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

HP Security Bulletin HPSBMU02999

Packet storm - ons, 2014-04-16 22:43
HP Security Bulletin HPSBMU02999 - A potential vulnerability exists in HP Autonomy WorkSite Server (on-premises software) running OpenSSL. The vulnerability can be exploited to allow remote disclosure of information. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
Kategorier: Säkerhet

HP Security Bulletin HPSBUX03001 SSRT101382

Packet storm - ons, 2014-04-16 22:42
HP Security Bulletin HPSBUX03001 SSRT101382 - A potential security vulnerability has been identified with the HP-UX Whitelisting (WLI) product. The vulnerability could be exploited locally resulting system integrity compromises. Revision 1 of this advisory.
Kategorier: Säkerhet

Debian Security Advisory 2905-1

Packet storm - ons, 2014-04-16 22:42
Debian Linux Security Advisory 2905-1 - Several vulnerabilities were discovered in the chromium web browser.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-0408-01

Packet storm - ons, 2014-04-16 22:42
Red Hat Security Advisory 2014-0408-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-0406-01

Packet storm - ons, 2014-04-16 22:42
Red Hat Security Advisory 2014-0406-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-0407-01

Packet storm - ons, 2014-04-16 22:41
Red Hat Security Advisory 2014-0407-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.
Kategorier: Säkerhet

Debian Security Advisory 2907-1

Packet storm - ons, 2014-04-16 22:40
Debian Linux Security Advisory 2907-1 - This is an advance notice that regular security support for Debian GNU/Linux 6.0 (code name "squeeze") will be terminated on the 31st of May.
Kategorier: Säkerhet

Mandriva Linux Security Advisory 2014-078

Packet storm - ons, 2014-04-16 22:40
Mandriva Linux Security Advisory 2014-078 - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly. The updated packages has been upgraded to the 11.8.1 version which is not vulnerable to these issues.
Kategorier: Säkerhet

PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service

Packet storm - ons, 2014-04-16 12:55
PCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.
Kategorier: Säkerhet

CMS Studio Cross Site Scripting

Packet storm - ons, 2014-04-16 11:22
CMS Studio suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

Debian: 2897-1: imagemagick: Summary

Linux Security - ons, 2014-04-16 07:57
Kategorier: Säkerhet

Mandriva: 2014:068: openssh

Linux Security - ons, 2014-04-16 07:57
Kategorier: Säkerhet

Mandriva: 2014:067: openssl

Linux Security - ons, 2014-04-16 07:57
Kategorier: Säkerhet

Debian: 2897-1: tomcat7: Summary

Linux Security - ons, 2014-04-16 07:57
Kategorier: Säkerhet

MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free

Packet storm - ons, 2014-04-16 02:12
This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP.
Kategorier: Säkerhet

WebTitan 4.01 Command Execution / Directory Traversal

Packet storm - ons, 2014-04-16 01:59
WebTitan version 4.01 suffers from remote command execution and directory traversal vulnerabilities.
Kategorier: Säkerhet

Unitrends Unauthenticated Root Command Execution

Packet storm - ons, 2014-04-16 01:55
This Metasploit module exploits a remote command execution vulnerability in Unitrends Enterprise Backup version 7.3.0.
Kategorier: Säkerhet