what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-02-20

Drupal Slickgrid 7.x Access Bypass
Posted Feb 20, 2014
Authored by Tim Wood | Site drupal.org

Drupal Slickgrid third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | b82495ac12980498ae19fd2c3fa6a88d0ba085f50649e1069079841e6635be62
Drupal Maestro 7.x Cross Site Scripting
Posted Feb 20, 2014
Authored by Aron Novak | Site drupal.org

Drupal Maestro third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 2ef084f5b4cc54fe1dc67b659959f605be95c7487e7c178f6f67bf4e8b3e199f
Lynis Auditing Tool 1.4.2
Posted Feb 20, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release improves HostID detection, has extended umask tests, and adds a Squid test to suppress the version number of Squid.
tags | tool, scanner
systems | unix
SHA-256 | 77e9015adf20f1a1397e9fa7fc2ac4b73f43c75a47f67bb7b020872373a6ac27
VideoCharge Studio 2.12.3.685 Stack Buffer Overflow
Posted Feb 20, 2014
Authored by Julien Ahrens | Site rcesecurity.com

VideoCharge Studio version 2.12.3.685 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 73fd64057ffa4960396c8186ba3b099299420ab0955d8d2a7ad8d4308d44e0eb
GrrCON 2014 Call For Papers
Posted Feb 20, 2014
Site grrcon.org

GrrCON is an information security and hacking conference held annually in the Midwest. This conference was put together to provide the information security community with a venue to come together and share ideas, information, solutions, forge relationships, and most importantly engage with like minded people in a fun atmosphere. It will take place October 16th and 17th, 2014 in Grand Rapids, MI, USA.

tags | paper, conference
SHA-256 | 3b5484ae6a6a13324183db506359575667832d052ccfc9c3d9afe68d0870c75a
Barracuda Message Archiver 650 Cross Site Scripting
Posted Feb 20, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Barracuda Message Archiver 650 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c5e54f9d0079086202b8f53bdb2e3aae88194dc2ae39e9f989565f1b9d4ec9ff
D-LINK DIR-615 Cross Site Request Forgery
Posted Feb 20, 2014
Authored by Dhruv Shah

D-LINK DIR-615 hardware version E4 with firmware version 5.10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 79c1fce86910caf00ee360dd0bfae7427428d7e44f5672f4781cd8741683517e
SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 Buffer Overflow
Posted Feb 20, 2014
Authored by Mohamed Shetta

SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 suffers from a stack buffer overflow vulnerability.

tags | exploit, denial of service, overflow
SHA-256 | b53b0842f06abd5f681b92c8635f73be4d64f335c2f4519000c78f057c047e85
ICEWARP 11.0.0.0 Script Insertion
Posted Feb 20, 2014
Authored by Usman Saeed

ICEWARP client versions 11.0.0.0 and 10.3.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2c88f1ef76dc5398e8df3835afc5073a52f444ebc0c66b2712321aa934123890
Owning A CA Control Access Server
Posted Feb 20, 2014
Authored by Sanehdeep Singh

This whitepaper documents how to compromise CA ControlMinder versions 12.5, 12.6, and 12.6 SP1 running JBoss version 4.2.2.GA.

tags | paper
SHA-256 | d79c4e8b7e01e49acdda05ad5eceda4f0bf7d0d76f4b960c5d9135475bebc7d6
WRT120N 1.0.0.7 Stack Overflow
Posted Feb 20, 2014
Authored by Craig Heffner

WRT120N version 1.0.0.7 stack overflow exploit which clears the admin password.

tags | exploit, overflow
SHA-256 | e1aa2a251a9986b0b7cc00e00e274da9c8e78a9cfc2a13541756864a4b3830d7
Cisco Security Advisory 20140219-phone
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

tags | advisory, remote, root
systems | cisco
SHA-256 | 263d52d0a8e480eea065400653b0fdc7afcef68f1eee6b4bf79831817897f504
Cisco Security Advisory 20140219-ucsd
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, root
systems | cisco
SHA-256 | 455d4762adae3d53ac5f9a0be511be629af140dfb873bcfee3b94ecc53315070
Grails 2.3.5 Information Disclosure
Posted Feb 20, 2014
Authored by Ramsharan065

Grails by Pivotal versions 2.0.0 through 2.3.5 suffer from an information disclosure vulnerability. The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF by default. This means that both configuration files and class files are publicly accessible when they should be private.

tags | advisory, web, info disclosure
advisories | CVE-2014-0053
SHA-256 | 451b602b09ccce7eff090015aff878aa007f796e3c4b5d2deb17b38dbd1a45a0
Core FTP Server 1.2 Build 505 Code Execution
Posted Feb 20, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.

tags | advisory, local, code execution
advisories | CVE-2014-1215
SHA-256 | 64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5
Cisco Security Advisory 20140219-ips
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
SHA-256 | 087b1f35eb691046fdadd7e1fc8310b32781c77a9caf1c1cd2a1b0f0b23ac858
Cisco Security Advisory 20140219-fwsm
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication.

tags | advisory, remote
systems | cisco
SHA-256 | 5459e6bb915e633b8b42ae60ecd4bef2461e0ba288585381f58d06ba5e554903
Mandriva Linux Security Advisory 2014-042
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-042 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.

tags | advisory, java, remote, web, denial of service, arbitrary, root
systems | linux, mandriva
advisories | CVE-2012-3544, CVE-2013-1571, CVE-2013-1976, CVE-2013-2067
SHA-256 | 899f987c3224ac9faee7d0f8a77e88d81115d42fecc6807eb47c8c4790da5b05
Mandriva Linux Security Advisory 2014-041
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-041 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary, python
systems | linux, mandriva
advisories | CVE-2014-1912
SHA-256 | da50f71992b9d1a2c03c6502e8bd1dbe854857f25d456e1a32f4008d58362066
Debian Security Advisory 2863-1
Posted Feb 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2863-1 - A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2013-4420
SHA-256 | 0e11e3769923befebdd733c1caad998bee809266d37f48e3bae036e9d3d90fae
Red Hat Security Advisory 2014-0189-01
Posted Feb 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0189-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MariaDB command line client tool processed excessively long version strings. If a user connected to a malicious MariaDB server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-3839, CVE-2013-5807, CVE-2013-5891, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
SHA-256 | 9363f0425f3e1aa13fb9ec359268ed701ecf985bc1020734a200c6db13333cfd
Mandriva Linux Security Advisory 2014-044
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-044 - Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users. The updated packages have been upgraded to the 7.1.8 version which is not vulnerable to these issues. Additionally kyotocabinet 1.2.76 packages is also being provided due to new dependencies.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0037, CVE-2014-0079
SHA-256 | a53f386b9882d580e087a3e6c1faa105aaaac76b817adb4cc3a4774c7a9bd33f
Ubuntu Security Notice USN-2119-1
Posted Feb 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2119-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1477, CVE-2014-1479, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1481, CVE-2013-6674, CVE-2013-6674, CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
SHA-256 | 5d3902230b50cfd2bd1b1b1aa5ebd526fbc1fd4a01b7b4e886ba19146d65c11b
Ubuntu Security Notice USN-2102-2
Posted Feb 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2102-2 - USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1489, CVE-2014-1488, CVE-2014-1481
SHA-256 | 085d3227e717c4fbd89c5b5e3cb5eff85c21ea506f206c55ffa9a456ae32b368
Mandriva Linux Security Advisory 2014-043
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-043 - Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default .

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-1959
SHA-256 | ccb53c0c3fb168128935e2e504f9dc6c12abe0742874f1a2f750a22fb46a0a0f
Page 1 of 2
Back12Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close