CVE-2013-5481

Cisco IOS Software NAT implementation contains a vulnerability in PPTP handling that, when NAT is used, can be exploited by remote attackers sending crafted TCP port-1723 packets to cause a DoS and device reload. Affected releases include Cisco IOS 12.2 and 15.0–15.3. The issue is identified as B...

Debian Security Advisory DSA 2766-1 (linux-2.6 - privilege escalation/denial of service/information leak)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2141 Emese Revfy provided a fix for an information leak in...

Mandriva Linux Security Advisory : kernel (MDVSA-2013:242)

Multiple vulnerabilities has been found and corrected in the Linux kernel : Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of servic...

Debian DSA-2762-1 : icedove - several vulnerabilities

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code. The Icedove version in the oldstable distribution squeeze is no longer supported...

CVE-2013-5710

The nullfs implementation in sys/fs/nullfs/nullvnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance...

Debian Security Advisory DSA 2762-1 (icedove - several vulnerabilities)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code. The Icedove version in the oldstable distribution squeeze is no longer supported...

CVE-2013-4707

The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service device hang by leveraging login access...

tcp(port&seq) backdoor

Автор: slashd Что это? Реализации скрытого канала передачи данных на сервер с помощью стандартных полейв нашем случае поля SEQ и Source Port TCP-заголовка. Теоритическая часть. Реализовать скрытую передачу данных с помощью TCP-заголовка можно несколькими способами. Клиентхакер иницирующий...

Cisco TelePresence Multipoint Switch Multiple Vulnerabilities (cisco-sa-20120711-ctms)

According to its self-reported version, the version of Cisco TelePresence Multipoint Switch Server installed on the remote host is potentially affected by multiple vulnerabilities : - By sending specially crafted IP packets at a high rate, it may be possible to crash some of the services running ...

Code injection

The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service device reload via a crafted AS path set, aka Bug ID CSCuf49554...

Debian: Security Advisory (DSA-2588-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-5754

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving 1 ActiveX, 2 a...

[SECURITY] Fedora 19 Update: python-pyrad-2.0-3.fc19

pyrad is an implementation of a RADIUS client as described in RFC2865. It takes care of all the details like building RADIUS packets, sending them and decoding responses...

Information disclosure

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-0531

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Yahoo Fantasy Football Mobile App Vulnerable to Attack

All but the most recent version of the mobile application for Yahoo’s popular fantasy football service are vulnerable to a session hijack attack in which an unauthenticated person could remotely change team lineups, post messages and perform other mischief on behalf of the legitimate user...

gdm security update

gdm 2.16.0-59.0.1.el59.1 - Fix gdmconfig memory leaks orabug 12734629 2.16.0-59.1 - Don't try to pre-create directories that are internal implementation details of X. Resolves: 997619 CVE-2013-4169 initscripts 8.45.42-2.0.1.el59.1 - Do not rename eth devices. Orabug 14266688. Apply upstream...

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...

Amazon Linux AMI : kernel / nvidia (ALAS-2013-148)

A malicious Network File System version 4 NFSv4 server could return a crafted reply to a GETACL request, causing a denial of service on the client. CVE-2012-2375 , Moderate A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the...

Amazon Linux AMI : glibc (ALAS-2012-39)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code wi...