2594 matches found
Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two proxy objects to an...
[USN-2704-1] Swift vulnerabilities
========================================================================== Ubuntu Security Notice USN-2704-1 August 06, 2015 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] Fedora 22 Update: elasticsearch-1.6.1-0.fc22
Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with a RESTful web interface and schema-free JSON documents. Elasticsearch is developed in Java and is relea sed as open source under the terms of the Apache License. It is a...
[SECURITY] Fedora 21 Update: quassel-0.11.0-2.fc21
Quassel IRC is a modern, distributed IRC client, meaning that one or multiple clients can attach to and detach from a central core -- much like the popular combination of screen and a text-based IRC client such as WeeChat, but graphical...
IBM WebSphere eXtreme Scale Denial of Service Vulnerability
IBM WebSphere eXtreme Scale is a distributed caching solution from IBM USA. The solution provides high-performance, scalable caching framework and grid technology to handle massive transactions, reduce database performance limitations and so on. A security vulnerability exists in IBM WebSphere...
NTPD - MON_GETLIST Query Amplification Denial of Service
NTPD - MONGETLIST Query Amplification Denial of Service !/usr/bin/perl ntp MONGETLIST query amplification ddos Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg A Network Time Protocol NTP Amplification attack is an emergin...
Threat Outbreak Alert RuleID15980: Email Messages Distributing Malicious Software on October 7, 2015
Medium Alert ID: 39551 First Published: 2015 June 30 13:19 GMT Last Updated: 2015 October 7 19:54 GMT Version: 14 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID15980 and...
Elasticsearch Arbitrary Code Execution Vulnerability
Elasticsearch is a set of open source distributed RESTful search engine built on Lucene , it is mainly used in cloud computing , and supports data indexing via HTTP using JSON . A security vulnerability exists in Elasticsearch that allows a remote attacker to submit a special request to execute...
The vulnerability of the distributed network access control device of SolarWinds Firewall Security Manager allows a hacker to elevate their privileges and execute arbitrary code within the client session.
The vulnerability of the userlogin.jsp module in the SolarWinds Firewall Security Manager distributed network access control system allows a malicious actor to escalate their privileges and execute arbitrary code within the client session...
I2P - The Invisible Internet Project
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based a la IP, but there is a library available to allow reliable streaming communication on top of it a la TCP. All...
[SECURITY] [DLA 237-1] mercurial security update
Package : mercurial Version : 1.6.4-1+deb6u1 CVE ID : CVE-2014-9390 CVE-2014-9462 CVE-2014-9462 Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command...
Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03487)
IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...
Multiple IBM Product Denial of Service Vulnerabilities (CNVD-2015-03496)
IBM manufactures and sells computer hardware and software, and provides consulting services for systems architecture and web hosting. Common Inventory Technology CIT versions prior to 2.7.0.2050 are used in IBM License Metric Tool versions 7.2.2, 7.5 and 9, Endpoint Manger for Software Use Analys...
[SECURITY] Fedora 22 Update: quassel-0.11.0-2.fc22
Quassel IRC is a modern, distributed IRC client, meaning that one or multiple clients can attach to and detach from a central core -- much like the popular combination of screen and a text-based IRC client such as WeeChat, but graphical...
[SECURITY] [DSA 3258-1] quassel security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3258-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 12, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3258-1 (quassel - security update)
It was discovered that the fix for CVE-2013-4422 in quassel, a distributed IRC client, was incomplete. This could allow remote attackers to inject SQL queries after a database reconnection e.g. when the backend PostgreSQL server is restarted. OpenVAS Vulnerability Test $Id: deb3258.nasl 6609...
Debian DSA-3257-1 : mercurial - security update
Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian Security Advisory DSA 3241-1 (elasticsearch - security update)
John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. OpenVAS Vulnerability Test $Id: deb3241.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3241-1 using nvtgen 1.0 Script version: 1.0 Author:...
Vulnerabilities in the operating system openSUSE, which allow a malicious individual to compromise the accessibility of protected information
The drbd-kmp-trace package of the OpenSUSE operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
UBUNTU-CVE-2015-0405
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA...