1. IT-Security >
  2. IT Security Tools

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese
Anzeige

IT Security Tools


Suchen

Haveged 1.9.2

IT Security Tools vom 17.11.2017 um 23:23 Uhr | Quelle packetstormsecurity.com
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
News bewerten

Weiterlesen Artikel ansehen

Flawfinder 2.0.5

IT Security Tools vom 17.11.2017 um 23:20 Uhr | Quelle packetstormsecurity.com
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
News bewerten

Weiterlesen Artikel ansehen

Red Hat Security Advisory 2017-3247-01

IT Security Tools vom 17.11.2017 um 23:18 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2017-3247-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
News bewerten

Weiterlesen Artikel ansehen

Microsoft Security Bulletin Advisory Update For November, 2017

IT Security Tools vom 17.11.2017 um 23:01 Uhr | Quelle packetstormsecurity.com
This Microsoft bulletin summary holds information regarding an update to ADV170012.
News bewerten

Weiterlesen Artikel ansehen

Cisco Umbrella Virtual Appliance 2.1.0 Hardcoded Credentials

IT Security Tools vom 17.11.2017 um 17:23 Uhr | Quelle packetstormsecurity.com
Cisco Umbrella virtual appliance versions 2.1.0 and below contain undocumented hardcoded credentials which could allow an attacker to access the hypervisor console and provide persistent and unrestricted access to the virtual appliance.
News bewerten

Weiterlesen Artikel ansehen

Google Chrome Universal Cross Site Scripting

IT Security Tools vom 17.11.2017 um 17:20 Uhr | Quelle packetstormsecurity.com
Google Chrome versions prior to 62 universal cross site scripting proof of concept exploit.
News bewerten

Weiterlesen Artikel ansehen

VXSearch 10.2.14 Local SEH Overflow

IT Security Tools vom 17.11.2017 um 17:18 Uhr | Quelle packetstormsecurity.com
VXSearch version 10.2.14 local SEH buffer overflow exploit that binds a shell to port 1337.
News bewerten

Weiterlesen Artikel ansehen

Progress Sitefinity 10.0 / 10.1 Broken Access Control / LINQ Injection

IT Security Tools vom 17.11.2017 um 17:16 Uhr | Quelle packetstormsecurity.com
Progress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.
News bewerten

Weiterlesen Artikel ansehen

FreeBSD Security Advisory - FreeBSD-SA-17:08.ptrace

IT Security Tools vom 17.11.2017 um 17:11 Uhr | Quelle packetstormsecurity.com
FreeBSD Security Advisory - Not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. Some bytes from the kernel stack of the thread using ptrace(PT_LWPINFO) call can be observed in userspace.
News bewerten

Weiterlesen Artikel ansehen

D-Link DCS-936L Cross Site Request Forgery

IT Security Tools vom 17.11.2017 um 15:55 Uhr | Quelle packetstormsecurity.com
D-Link DCS-936L suffers from a cross site request forgery vulnerability.
News bewerten

Weiterlesen Artikel ansehen

Dell Active Roles 7.x Unquoted Service Path Privilege Escalation

IT Security Tools vom 17.11.2017 um 15:22 Uhr | Quelle packetstormsecurity.com
Dell Active Roles versions 7.1, 7.0.4, 7.0.3, 7.0.2, and 7.0 suffer from an unquoted service path privilege escalation vulnerability.
News bewerten

Weiterlesen Artikel ansehen

phpMyFAQ 2.9.9 Code Injection

IT Security Tools vom 17.11.2017 um 11:11 Uhr | Quelle packetstormsecurity.com
phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].
News bewerten

Weiterlesen Artikel ansehen

Red Hat Security Advisory 2017-3240-01

IT Security Tools vom 17.11.2017 um 01:10 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2017-3240-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
News bewerten

Weiterlesen Artikel ansehen

Red Hat Security Advisory 2017-3239-01

IT Security Tools vom 17.11.2017 um 01:10 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2017-3239-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
News bewerten

Weiterlesen Artikel ansehen

Ubuntu Security Notice USN-3482-1

IT Security Tools vom 17.11.2017 um 01:10 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3482-1 - It was discovered that racoon, the ipsec-tools IKE daemon, incorrectly handled certain ISAKMP fragments. A remote attacker could use this issue to cause racoon to crash, resulting in a denial of service.
News bewerten

Weiterlesen Artikel ansehen

Ubuntu Security Notice USN-3477-1

IT Security Tools vom 17.11.2017 um 01:10 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3477-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. Various other issues were also addressed.
News bewerten

Weiterlesen Artikel ansehen

Ubuntu Security Notice USN-3481-1

IT Security Tools vom 17.11.2017 um 01:10 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3481-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
News bewerten

Weiterlesen Artikel ansehen

Red Hat Security Advisory 2017-3244-01

IT Security Tools vom 17.11.2017 um 01:09 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2017-3244-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.
News bewerten

Weiterlesen Artikel ansehen

Red Hat Security Advisory 2017-3227-01

IT Security Tools vom 17.11.2017 um 01:09 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2017-3227-01 - openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry or Time-Series-Database-as-a-Service. Security Fix: A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user.
News bewerten

Weiterlesen Artikel ansehen

Debian Security Advisory 4039-1

IT Security Tools vom 16.11.2017 um 18:25 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4039-1 - Rod Widdowson of Steading System Software LLP discovered a coding error in the OpenSAML library, causing the DynamicMetadataProvider class to fail configuring itself with the filters provided and omitting whatever checks they are intended to perform.
News bewerten

Weiterlesen Artikel ansehen

HP Security Bulletin HPESBMU03794 1

IT Security Tools vom 16.11.2017 um 18:24 Uhr | Quelle packetstormsecurity.com
HP Security Bulletin HPESBMU03794 1 - Security vulnerabilities have been identified in HPE Insight Control that could be exploited remotely. Revision 1 of this advisory.
News bewerten

Weiterlesen Artikel ansehen

HP Security Bulletin HPESBMU03795 1

IT Security Tools vom 16.11.2017 um 18:23 Uhr | Quelle packetstormsecurity.com
HP Security Bulletin HPESBMU03795 1 - Security vulnerabilities have been identified in HPE Matrix Operating Environment (MOE) on Windows. The vulnerabilities could be exploited remotely resulting in Unauthenticated Disclosure of Information and indirect vulnerabilities. Revision 1 of this advisory.
News bewerten

Weiterlesen Artikel ansehen

Debian Security Advisory 4037-1

IT Security Tools vom 16.11.2017 um 18:22 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4037-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to set of classes was identified as unsafe for deserialization.
News bewerten

Weiterlesen Artikel ansehen

FreeBSD Security Advisory - FreeBSD-SA-17:10.kldstat

IT Security Tools vom 16.11.2017 um 18:21 Uhr | Quelle packetstormsecurity.com
FreeBSD Security Advisory - The kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. Some bytes from the kernel stack can be observed in userspace.
News bewerten

Weiterlesen Artikel ansehen

FreeBSD Security Advisory - FreeBSD-SA-17:09.shm

IT Security Tools vom 16.11.2017 um 18:20 Uhr | Quelle packetstormsecurity.com
FreeBSD Security Advisory - Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. A malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
News bewerten

Weiterlesen Artikel ansehen

Debian Security Advisory 4036-1

IT Security Tools vom 16.11.2017 um 18:19 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4036-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work.
News bewerten

Weiterlesen Artikel ansehen

Debian Security Advisory 4035-1

IT Security Tools vom 16.11.2017 um 18:18 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4035-1 - Several security issues have been found in the Mozilla Firefox web implementation errors may lead to the execution of arbitrary code, denial of service or bypass of the same origin policy.
News bewerten

Weiterlesen Artikel ansehen

HP Security Bulletin HPESBHF03705 4

IT Security Tools vom 16.11.2017 um 18:17 Uhr | Quelle packetstormsecurity.com
HP Security Bulletin HPESBHF03705 4 - A potential security vulnerability has been identified in HPE iLO 4, 3, 2 and Moonshot RCA. The vulnerability could be exploited remotely to allow disclosure of information. Revision 4 of this advisory.
News bewerten

Weiterlesen Artikel ansehen

D-Link DIR605L 2.08 Denial Of Service

IT Security Tools vom 16.11.2017 um 01:45 Uhr | Quelle packetstormsecurity.com
D-Link DIR605L versions 2.08 and below suffer from a denial of service vulnerability via a simple HTTP GET.
News bewerten

Weiterlesen Artikel ansehen

Microsoft Edge Chakra JIT Bailout Generation

IT Security Tools vom 16.11.2017 um 01:43 Uhr | Quelle packetstormsecurity.com
Microsoft Edge Chakra suffers from a JIT issue where bailouts must be generated for OP_Memset.
News bewerten

Weiterlesen Artikel ansehen

Microsoft Edge Charka JIT Incorrect Check

IT Security Tools vom 16.11.2017 um 01:41 Uhr | Quelle packetstormsecurity.com
Microsoft Edge Chakra suffers from a Jit related incorrect integer overflow check in Lowerer::LowerBoundCheck.
News bewerten

Weiterlesen Artikel ansehen

Microsoft Edge Chakra JIT Type Confusion

IT Security Tools vom 16.11.2017 um 01:39 Uhr | Quelle packetstormsecurity.com
Microsoft Edge Chakra suffers from a JIT related type confusion vulnerability with switch statements.
News bewerten

Weiterlesen Artikel ansehen

Microsoft Edge Object.setPrototypeOf Memory Corruption

IT Security Tools vom 16.11.2017 um 01:38 Uhr | Quelle packetstormsecurity.com
Microsoft Edge suffers from a memory corruption vulnerability in Object.setPrototypeOf.
News bewerten

Weiterlesen Artikel ansehen

Ubuntu Security Notice USN-3480-1

IT Security Tools vom 16.11.2017 um 01:36 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3480-1 - Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. Various other issues were also addressed.
News bewerten

Weiterlesen Artikel ansehen

Microsoft Windows Kernel Pool Address Derivation

IT Security Tools vom 15.11.2017 um 18:07 Uhr | Quelle packetstormsecurity.com
The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.
News bewerten

Weiterlesen Artikel ansehen

Seitennavigation

Seite 1 von 28 Seiten (Bei Beitrag 1 - 35)
970x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite