Säkerhet

PayPal Authentication Bypass

Packet storm - ons, 2015-09-02 17:48
The Vulnerability Laboratory Core Research Team discovered a restriction filter bypass in the official PayPal Inc Mobile API for Apple iOS.
Kategorier: Säkerhet

Jira / HipChat For Jira Java Code Execution

Packet storm - ons, 2015-09-02 17:44
It was discovered that the HipChat For JIRA plugin had a resource that combined user input into a velocity template source and subsequently rendered it. Authenticated attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of the HipChat For JIRA plugin enabled. To exploit this issue attackers need to be able to access the JIRA web interface and log into JIRA. All versions of JIRA from 6.3.5 before 6.4.11 are affected by this vulnerability. All versions of HipChat For JIRA plugin from 1.3.2 before 6.30.0 are affected by this vulnerability.
Kategorier: Säkerhet

Fedora 22 rt-4.2.12-1.fc22

Linux Security - ons, 2015-09-02 14:58
Kategorier: Säkerhet

Fedora 23 drupal7-7.39-1.fc23

Linux Security - ons, 2015-09-02 14:58
Kategorier: Säkerhet

Fedora 23 pcre-8.37-4.fc23

Linux Security - ons, 2015-09-02 14:58
Kategorier: Säkerhet

Debian: 3344-1: php5: Summary

Linux Security - ons, 2015-09-02 14:58
Kategorier: Säkerhet

Ubuntu: 2724-1: QEMU vulnerabilities

Linux Security - ons, 2015-09-02 14:58
Kategorier: Säkerhet

XGI Windows VGA Display Manager Privilege Escalation

Packet storm - ons, 2015-09-02 09:01
A vulnerability within the xrvkp module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege.
Kategorier: Säkerhet

SiS Windows VGA Display Manager Privilege Escalation

Packet storm - ons, 2015-09-02 08:59
Vulnerabilities within the srvkp module allows an attacker to inject memory they control into an arbitrary location they define or cause memory corruption. IOCTL request codes 0x96002400 and 0x96002404 have been demonstrated to trigger these vulnerabilities. These vulnerabilities can be used to obtain control of code flow in a privileged process and ultimately be used to escalate the privilege of an attacker. Version affected is 6.14.10.3930.
Kategorier: Säkerhet

FortiClient Antivirus Information Exposure / Access Control

Packet storm - ons, 2015-09-02 08:55
FortiClient drivers are prone to multiple attacks and expose a wide surface that allows users to easily get SYSTEM privileges.
Kategorier: Säkerhet

HP Security Bulletin HPSBMU03339 1

Packet storm - ons, 2015-09-02 08:32
HP Security Bulletin HPSBMU03339 1 - A potential security vulnerability has been identified with HP LoadRunner Controller. The vulnerability could be exploited locally to allow execution of arbitrary code. Revision 1 of this advisory.
Kategorier: Säkerhet

Red Hat Security Advisory 2015-1700-01

Packet storm - ons, 2015-09-02 08:32
Red Hat Security Advisory 2015-1700-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.
Kategorier: Säkerhet

Ubuntu Security Notice USN-2727-1

Packet storm - ons, 2015-09-02 08:31
Ubuntu Security Notice 2727-1 - It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName (DN) entry in a certificate. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
Kategorier: Säkerhet

Red Hat Security Advisory 2015-1699-01

Packet storm - ons, 2015-09-02 08:31
Red Hat Security Advisory 2015-1699-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.
Kategorier: Säkerhet

Packet Storm New Exploits For August, 2015

Packet storm - tis, 2015-09-01 05:30
This archive contains 227 exploits that were added to Packet Storm in August, 2015.
Kategorier: Säkerhet

HP Security Bulletin HPSBGN03403 1

Packet storm - tis, 2015-09-01 05:15
HP Security Bulletin HPSBGN03403 1 - A potential security vulnerability has been identified in HP Virtualization Performance Viewer. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow unauthorized disclosure of information. Revision 1 of this advisory.
Kategorier: Säkerhet