GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
74c1698a7f6c5ef4938f86285e4fb3929e5f9c6826521b5f2df8ebac22b52505Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
3bba6fa31825a4b4a51e3d7c27fcd7f433fcb8393b21595e0b0a0f8653e937b9GetGo Download Manager versions 4.9.0.1982, 4.8.2.1346, and 4.4.5.502 suffer from a stack based buffer overflow.
37e7b43cd0b640f958d68aebcb6fef26f37e335a1fdb848743f568b90af6185cRSA Data Loss Prevention versions up to 9.6 SP1 contain an improper session management vulnerability that could potentially be exploited by malicious users to compromise the affected system.
cb510fb97b53bc40e0b9253dd87a0085703a960dc1bcf5a1b9941ed5b7beec59Google Analytics MU version 2.3 suffers from a cross site request forgery vulnerability.
2f51292719cd124f47c236e74c0bd18cc694de5dbc56151074b34ae995c21cf5The Passwords^14 Call For Papers has been announced. This year they will be teaming up with BsidesLV and it will be held August 5th and 6th, 2014 in Las Vegas, NV, USA.
0e6de150d688bebe16bd35e0c270eef72a5d368e42d96e788440cfd04e133119Netvolution WCM CMS version 3 suffers from an error-based remote SQL injection vulnerability.
f2f7bcd1bc112b4eb343151af922f3febbefa864cd8ac33feb7635c46419ab03Debian Linux Security Advisory 2869-1 - Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported successfully even in cases were an error would prevent all verification steps to be performed.
4051fda1725c49e1b37ba9a446a6b871a75ffc03ece3782ad6ac57fc31750d7bDebian Linux Security Advisory 2868-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.
16d86ac3902e25715484eb1f631a6288c8a627b11fbb80a7d56c3e4c0d3132f8Red Hat Security Advisory 2014-0247-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A flaw was found in the way GnuTLS handled version 1 X.509 certificates. An attacker able to obtain a version 1 certificate from a trusted certificate authority could use this flaw to issue certificates for other sites that would be accepted by GnuTLS as valid.
326ee8034637a4e66c55990e111e0d88f7d48d299e523235319d603d7db909b6Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.
2e94e8a1c355505c1954424496b8001a3e24d262909aa6bd71a8c6f8c99b3696Red Hat Security Advisory 2014-0246-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.
7223c9a5088840219dd9299f121d0234dc37b2bdd29972ef7ba568b1c92c6aebUbuntu Security Notice 2126-1 - Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.
9a5ab283b9e55f400a4b88d11cf1323ae8f64e35c58bab2a1495db996de123ceUbuntu Security Notice 2125-1 - Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrom_into() function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code.
531736c6fb0495c327e9ef010cd9f3ddb37a76e6a1bdbd869391557af852926eMantisBT versions 1.2.16 and below Metasploit module that leverages a remote SQL injection vulnerability to perform an arbitrary file read. Administrative credentials required.
aa47d71bf88217768761036b4fe39e67d36b8a53ac37514259ca02cca0186d98Welcart e-Commerce version usc-e-shop.1.3.12 suffers from cross site scripting and remote SQL injection vulnerabilities.
ad1718ad205dd9849acfbc38521e21a91e210dabdbbef3a1d68e73ca31cf7da1ALLPlayer version 5.8.1 SEH buffer overflow exploit that creates a malicious .m3u file.
2b9a546a1e0e23c899b312b4d3da50a553de79acf3ddcf82a6105131f2c0483aEventy Plus suffers from a cross site request forgery vulnerability.
0c6f8aec09447b0b47b0ffc63a0caa42f128228bda6cb7976512cbbcd5a00cb4mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.
14ee5c55b0d6f1ce79ea3e84d4849391526783eb3161394bf6a164d1c6b8e777Joomla version 3.2.2 suffers from a persistent cross site scripting vulnerability.
8f49da4eb30400915ab538ac590fa428e1269c05be6c868285a863ff00fb83b0Yii Framework Blog suffers from a cross site request forgery vulnerability.
7bc3cea8501a2ffbbeb09577198793356a4c517a8dd44f39677b563a17afcf94Byte CMS suffers from a cross site scripting vulnerability.
aeda529dae952f94ec82e81966f4502b71991064b69ae99c381e9d8ce539e648WordPress TheCotton theme suffers from a remote shell upload vulnerability.
7f26d37c59e3c7e62ab4165e4b7f69bf67f77d89443632ebf4af69666e581987
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed