5118 matches found
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
Kernel: mm/shmem: denial of service
A race condition flaw was found in the way the Linux kernel's mmap2, madvise2, and fallocate2 system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service...
[SECURITY] [DSA 3093-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3093-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 08, 2014 http://www.debian.org/security/faq -...
Debian DSA-3093-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation : - CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference. - CVE-2014-83...
Debian Security Advisory DSA 3093-1 (linux - security update)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation: CVE-2014-7841 Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will panic on malformed INIT chunks by triggering a NULL pointer dereference. CVE-2014-8369 A...
targets-ipv6-map4to6 NSE Script
This script runs in the pre-scanning phase to map IPv4 addresses onto IPv6 networks and add them to the scan queue. The technique is more general than what is technically termed "IPv4-mapped IPv6 addresses." The lower 4 bytes of the IPv6 network address are replaced with the 4 bytes of IPv4...
Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment
The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...
MGASA-2014-0483 Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...
Factlink: File name/folder enumeration.
Hello, an attacker may be able to map your server and find configuration file names by the following method: Valid attempt Not found: https://staging.factlink.com/%5C../%5C../%5C../%5C../%5C../%5C../etc/passwd Invalid attempt 404...
How To Setup Postfix
How To Setup Postfix Postfix is a very popular open source Mail Transfer Agent MTA that can be used to route and deliver email on a Linux system. It is estimated that around 25% of public mail servers on the internet run Postfix. In this guide, we’ll teach you how to get up and running quickly wi...
DEBIAN-CVE-2014-8369
The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service host OS page unpinning or possibly have unspecified other impact by leveraging...
CVE-2014-8369
The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service host OS page unpinning or possibly have unspecified other impact by leveraging...
CVE-2014-8369
The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service host OS page unpinning or possibly have unspecified other impact by leveraging...
UBUNTU-CVE-2014-8369
The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service host OS page unpinning or possibly have unspecified other impact by leveraging...
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141014)
A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. CVE-2014-5077, Important An integer overflow flaw wa...
NAT-PMP Security Vulnerability Affects 1.2M Routers
Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...
Incorrect implementation of NAT-PMP in multiple devices
Overview Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping...
kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()
A flaw was found in the way the Linux kernel's kvmiommumappages function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host...
libX11: Multiple integer overflows leading to heap-based buffer-overflows
Multiple integer overflows in X.org libX11 1.5.99.901 1.6 RC1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the 1 XQueryFont, 2 XF86BigfontQueryFont, 3 XListFontsWithInfo, 4 XGetMotionEvents, 5 XListHosts, 6...