IBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.
326046758c80dfd7a90603cb6033621d1db225d4cc2532b1585420f2b0419948
The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 assigns an empty trust manager to its SSL context, causing it to accept any certificate regardless of validity.
e5644b3c84ef1767a4c3219f5059c4bdfb37dcedae655c50b6b91a1d4af6d79a
The remote configuration Java applet in Citrix Netscaler versions prior to 10.1-122.17/9.3-66.5 contains a poor implementation of the Diffie-Hellman key exchange algorithm. The random number generator used to produce secret values is the java.util.Random class, which is not of cryptographic quality. Publicly known predictors exist for the underlying RNG, and the seed is either 32-bit or 48-bit depending on the host system.
612fdba9feea5c0713bc91be355ef4db41095f1483e3d0a2d21522880fdb4da5
Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.
541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27
HP Security Bulletin HPSBMU03037 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
aec8b95add2f092b528971141113365b225da682d19aac54594e220dbc06f630
Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.
66e4705c388028be2e16a9b4d12a2811c4c3a961557abb18afaabbf367a8d1ad
Ubuntu Security Notice 2204-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
dd7a26245866c9a5c07f22316740d7f9acf798a4a732970e7b6e116adc20e740
Ubuntu Security Notice 2203-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
c8d25e87b929d65edcc4cd7a6d6997665aa69f135e56f3af4a28e7a152ae78ae
Ubuntu Security Notice 2202-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
391772af2fe8a72ffc41773aafe534e075b531dc203a91903e122f9adaa42138
Ubuntu Security Notice 2201-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
fb6cb392ae5025b853c23e0430dec9d8ad8a370f8d544cc861684db1e453338d
Ubuntu Security Notice 2200-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
58b21505b3ee4b4f9e782fef31f952a0b9c0df237cc181522f5eed95a55ae5a5
Ubuntu Security Notice 2199-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
895e12b282957d8d9a403060050150dc4fdd148f9a42d3595bb1170fd560463e
Ubuntu Security Notice 2196-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
86d38fbc6418df4de6cab53031a6df5774f0fa1a28eb2685d604c9a0545d454a
Ubuntu Security Notice 2207-1 - Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients.
048ba1c7b39cf652bb2065000cd752dba467066f0f3b3d5301251481601b14b5
Red Hat Security Advisory 2014-0473-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.1 release serves as a replacement for JBoss Operations Network 3.2.0, and includes several bug fixes.
4f401d1844f1516c45c35fb297633215009b76b4c56f316e4ac41897e16d6d9b
Ubuntu Security Notice 2198-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
4cd66a33cf7bd7b75d1dfcc1384e054c40e7d85f25e960c208bf19e7e72d6e6d
Ubuntu Security Notice 2206-1 - Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
5c3b290e4761888a3009adbe26af55923b41684a41ebfe3808e4adc5174691b3
Ubuntu Security Notice 2205-1 - Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Pedro Ribeiro discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
0a36165cd5461687b32e574203a454a3c7144c64466afed8433775e0d7a46ec0
Ubuntu Security Notice 2197-1 - A flaw was discovered in the Linux kernel's pseudo tty (pty) device. An unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrator privileges.
bed89c789a924164c49f25a9ba1c04c675e19f473575882e6c37259a569abf3b
CMS PUNTOPY suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
eaa6b822df51a218305e7b93ebd17c7dba80bc9043aaf9e64d3041648d6adea9
SOAPpy version 0.12.5 suffers from XXE and denial of service vulnerabilities.
fcbd1ab000fb47d02b209bbaf51f935e156706c4d194b9781d2f5dc2fdbd552a
Ruxcon 2014 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre, Melbourne, Australia.
9926fc8ff7b928e9ca8836613b897aed5bdebc0a2ed3dd14bbd749357e065645
HP Security Bulletin HPSBGN03010 4 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. Revision 4 of this advisory.
acf1c601833a846a4939625ab8ce20b162f3678927f1bc481d459741c4a2a195
Ubuntu Security Notice 2193-1 - Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user.
ff9740f205e6ae1e20a5d556a38042223b927531b3ab3ebba7441ac9ff0dd2c7
Debian Linux Security Advisory 2924-1 - Multiple security issues have been found in Icedove, Debian's version errors, buffer overflows, missing permission checks, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, privilege escalation, cross-site scripting or denial of service.
0a36e8832664a7fa25c7ef5f78f104e18d401f48f76439906c0a1067563c3ea6