what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2013-12-19

Hancom Office 2010 SE Buffer Overflow
Posted Dec 19, 2013
Authored by diroverflow

Hancom Office 2010 SE suffers from a buffer overflow vulnerability when parsing the TEXTART tag in .hml files. Version 8.5.8 is vulnerable.

tags | advisory, overflow
SHA-256 | 05541c8cc40849ea336d882d7811dc128a0cb46699ad4e48d5f4108d8f73f066
Ubuntu Security Notice USN-2059-1
Posted Dec 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2059-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4576
SHA-256 | 16ac9e783f1fa692c48f7890174bad76117c06f8e39951e4f7f09ea68b7bdfaf
Mandriva Linux Security Advisory 2013-294
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-294 - Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a large blue color mask in an XWD file. Integer overflow in the load_image function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large color entries value in an X Window System image dump. Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an X Window System image dump with more colors than color map entries. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5576, CVE-2013-1913, CVE-2013-1978
SHA-256 | 0c589706e06de2ee17c8adb14f2b13ecc5fc630ee2176e6b974e94db33c91251
Debian Security Advisory 2822-1
Posted Dec 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2822-1 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2013-6424
SHA-256 | 66fcbb72905303854553c318110502945ae96573c41cae030df8ed60812bede3
Debian Security Advisory 2823-1
Posted Dec 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2823-1 - Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2013-6425
SHA-256 | b8a639a177afca1986b40d6051d055f2f313629e9a1e2173c1b845c9f2956f34
Debian Security Advisory 2821-1
Posted Dec 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2821-1 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4576
SHA-256 | 2c2d8746bfc6dea5665e9588d1a565e9aff727d819902a5cb1828388f1e982a2
Mandriva Linux Security Advisory 2013-293
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-293 - An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1913, CVE-2013-1978
SHA-256 | 5e3bd9cac00599b26a7ec924df38599d0f1f666d992b0dd3e71b25bca6772aea
Mandriva Linux Security Advisory 2013-292
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.

tags | advisory, web, overflow
systems | linux, mandriva
advisories | CVE-2013-6050
SHA-256 | 53ecfaa26cc528aa74b8d4d52619c864a4263b41ba8d2f04813cc75c9f74c416
Mandriva Linux Security Advisory 2013-291
Posted Dec 19, 2013
Site mandriva.com

Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the au1100fb_fb_mmap function in drivers/video/au1100fb.c and the au1200fb_fb_mmap function in drivers/video/au1200fb.c. Various other issues have also been addressed.

advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4511, CVE-2013-4512, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6380, CVE-2013-6381, CVE-2013-6383, CVE-2013-6763
SHA-256 | e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1
Mandriva Linux Security Advisory 2013-289
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-289 - Possible security bypass on admin page under certain circumstances and MariaDB. The owncloud package has been updated to version 5.0.13, fixing this and many other issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6403
SHA-256 | 2be9f28fc7baf97fcf0451a03c839ede1e68d3aff1131963db3c1c04ac9ef0e3
Mandriva Linux Security Advisory 2013-290
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-290 - Kevin Israel identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist. Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users.

tags | advisory, javascript
systems | linux, mandriva
advisories | CVE-2013-4567, CVE-2013-4568, CVE-2013-4572
SHA-256 | a043d15db222d711988b06beb8a88a68fdc48afb69eb8a49a4920d9ea05e5bc0
Mandriva Linux Security Advisory 2013-291
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Various other issues have also been addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2013-2929, CVE-2013-2930, CVE-2013-4511, CVE-2013-4512, CVE-2013-4514, CVE-2013-4515, CVE-2013-4592, CVE-2013-6378, CVE-2013-6380, CVE-2013-6381, CVE-2013-6383, CVE-2013-6763
SHA-256 | e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1
Ubuntu Security Notice USN-2058-1
Posted Dec 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2058-1 - Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-6422
SHA-256 | 60e1a170797d874eef066f39fc83ca164b33b2336bbec6186892e9f7263a5944
Mandriva Linux Security Advisory 2013-292
Posted Dec 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.

tags | advisory, web, overflow
systems | linux, mandriva
advisories | CVE-2013-6050
SHA-256 | 53ecfaa26cc528aa74b8d4d52619c864a4263b41ba8d2f04813cc75c9f74c416
Gentoo Linux Security Advisory 201312-14
Posted Dec 19, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-14 - An integer overflow in libsndfile might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.0.25 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2011-2696
SHA-256 | f7c23a9b011fc58c901e07dea8431f7de7ded4020406ceec1e4b3c9d4c647493
Apple Security Advisory 2013-12-16-2
Posted Dec 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-12-16-2 - OS X Mavericks v10.9.1 is now available and includes the content of Safari 7.0.1, addressing multiple security issues.

tags | advisory
systems | apple, osx
SHA-256 | e933c076a84f4b522646ec6c1591fb525d0a49d27e6fcd2b7235452666660f3b
Apple Security Advisory 2013-12-16-1
Posted Dec 19, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-12-16-1 - Safari 6.1.1 and Safari 7.0.1 are now available and address credential disclosure and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2013-2909, CVE-2013-5195, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228
SHA-256 | 7ab3d1c697dc9369b9d42f8726a8bd7c90a0b03b1ec0e1784851af8f406ce3f8
Jenkins CI 1.523 Persistent Script Insertion
Posted Dec 19, 2013
Authored by Christian Catalano

Jenkins CI version 1.523 has a default markup formatter that permits offsite-bound forms. This vulnerability could be exploited by a remote attacker (a malicious user) to inject malicious persistent HTML script code (application side) and in turn perform a cross site scripting attack.

tags | exploit, remote, xss
advisories | CVE-2013-5573
SHA-256 | 5764f0eb1aedc4495f9f0a84672d7a2996fc96b4c3ea9d658bcea48cd425c6bf
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close