HP Security Bulletin HPSBMU03239 1 - A potential security vulnerability has been identified with HP UCMDB. The vulnerability could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
a0fca233fc71344255014b77bede7f12e2aa1b74776825405da4cc3de6cce1c2Debian Linux Security Advisory 3150-1 - Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia player and streamer.
dad27706c332cb8c1a538fc598f10305c3e3212c27ff7ad113b1350017412d31Red Hat Security Advisory 2015-0113-01 - LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.
2c8785410993376fff5c29bb7bc10a430ce410769ce8c5d3d2f73ce9640152a7Red Hat Security Advisory 2015-0112-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.
e7e47fedd99a2e7ae8058064043acac9bb0a9789eccc788ad6f1782ad6ec2f6cDebian Linux Security Advisory 3149-1 - Florian Weimer, of Red Hat Product Security, discovered an issue in condor, a distributed workload management system. Upon job completion, it can optionally notify a user by sending an email; the mailx invocation used in that process allowed for any authenticated user able to submit jobs, to execute arbitrary code with the privileges of the condor user.
d67dc19e1a51dcc33a68b430ffc86de24f5824b229425ade21a664c4eb4718b1Ubuntu Security Notice 2488-1 - Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.
7f85859eb916a83eb1c5f0ac5499233c1ad69ebe34b2d85cc4b102f99167c4eaInternet Explorer 11 on Windows 7 suffers from a same origin bypass vulnerability via universal cross site scripting.
3294cd653e4079d6b85c8167d441eb2511790b7a6842394532d5a09b6426fe9cThis Metasploit module abuses a process creation policy in Internet Explorer's sandbox, specifically the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape the Protected Mode, and execute code with Medium Integrity. At the moment, this module only bypass Protected Mode on Windows 7 SP1 and prior (32 bits). This Metasploit module has been tested successfully on Windows 7 SP1 (32 bits) with IE 8 and IE 11.
f251b5620da0f914f68f8405e014d12e7a42023b75421dd37103a505dd589601WordPress Quasar Theme version 1.9.1 suffers from a privilege escalation vulnerability.
c598b7e66c16762ea7b73df6860b119e97301a02e41b309dcab241a0b8b7878bThis archive contains all of the 187 exploits added to Packet Storm in January, 2015.
baa98ae3798024bcce58888a633b7094d55481d0fcde94647dc46ea8af74dcc7Debian Linux Security Advisory 3148-1 - Security support for the chromium web browser is now discontinued for the stable distribution (wheezy). Chromium upstream stopped supporting wheezy's build environment (gcc 4.7, make, etc.), so there is no longer any practical way to continue building security updates.
146cbb4f671450513f73e2b6fbe2350216a8be9339bc7d0c578ba5f3c2ee4ad5HP Security Bulletin HPSBMU03236 1 - A potential security vulnerability has been identified with HP Systems Insight Manager for Windows running Bash shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
0b30d6cd920d41ee2125d1b3503d2de9d4d82cceab9f6819f51330357463b946The B-Sides Knoxville 2015 Call For Papers has been announced. It will take place May 15th, 2015 at Scruffy City Hall.
1f723f6812c04a80c21220df662c65636f147035c6e4e21150834a853a381dcdLandesk Management Suite version 9.5 suffers from a cross site scripting vulnerability.
80f41bee0c9b08fa8095f1512a9ed6c1bb81de7e5a86874760dc24f35e98b31fOptimalSite CMS versions 1 and 2.4 suffer from a cross site scripting vulnerability.
bfa1f87cdd9a0315af305a897fa2cfcd4a254746f41335d367c3d9895da93774All "topic sites" on about.com suffer from cross site scripting and iframe injection vulnerabilities. The researcher has reported this to about.com but they have not responded nor addressed the issues since October, 2014.
6b185b212d9c7e8b5cca27a8726c53efde81fba88595fbd45215392b45fc3395Whitepaper that discusses types of computer worms and how metamorphic worms differ from the rest.
a0add4653a5c75e92a5147130c2b9d8fa675a786b51bb7b700de2c8af48867f3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed