what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2014-06-04

IPSwitch IMail 12.4 Cross Site Scripting
Posted Jun 4, 2014
Authored by Peru

IPSwitch IMail server web client versions 12.3 and 12.4 before 12.4.1.15 suffer from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
advisories | CVE-2014-3878
SHA-256 | e9708dde34587f7954f8bbd7dc8a189e6644a211a4b0f6306d1057b08bd834d8
FreeBSD Security Advisory - ktrace Kernel Memory Disclosure
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-3873
SHA-256 | 003649f925e12510c88e6cb5a41c1ae0e254a9bab779cb2c50b388f051a929e6
FreeBSD Security Advisory - PAM Policy Parser
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure (handled by searching in the next location) while the presence of an invalid file is a hard failure (handled by returning an error to the caller). The policy parser returns the same error code (ENOENT) when a syntactically valid policy references a non-existent module as when the requested policy file does not exist. The search loop regards this as a soft failure and looks for the next similarly-named policy, without discarding the partially-loaded configuration. A similar issue can arise if a policy contains an include directive that refers to a non-existent policy.

tags | advisory
systems | freebsd
advisories | CVE-2014-3879
SHA-256 | c172f1629a0148dc04e340253e113146894af7408276fd65c6e6c6e3a50f19a6
FreeBSD Security Advisory - Sendmail
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in sendmail(8) that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open.

tags | advisory
systems | freebsd
SHA-256 | 67eb06001085eef65797c58907ed0ff05690cedefd665a08e48f7f8b9ea16bf4
IBM DB2 Privilege Escalation
Posted Jun 4, 2014
Authored by Tim Brown | Site portcullis-security.com

setuid and setgid programs can escalate privileges via insecure RPATH use in IBM DB2 systems.

tags | advisory
advisories | CVE-2014-0907
SHA-256 | 40679a4e85d6d23356386f0877e57636c158e282cb759a60f37f439933615e4e
PHP 5.5.13 / Lynis 1.5.4 Insecure /tmp Use
Posted Jun 4, 2014
Authored by A B

PHP version 5.5.13 and Lynis version 1.5.4 use /tmp insecurely.

tags | advisory, php
SHA-256 | e8fd9a05110d214b1f51e304a9c367e55a2709149d4453dfa7eef7d72082bdfb
GoAgent SSL / TLS Issues
Posted Jun 4, 2014
Authored by David Fifield

GoAgent performs improper TLS validation and install a root CA certificate with a known private key.

tags | advisory, root
SHA-256 | a42aee19935e8c20d21fdb23e247e16af40644fb70df89c65537de10511e22be
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
Posted Jun 4, 2014
Authored by Angelo Ruwantha

BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a63aae44e22e7b8503f7f8ed7f9a72ebf26200a47052caf46142200a81ea59f6
UltraVintage Cross Site Scripting / SQL Injection
Posted Jun 4, 2014
Authored by Hekt0r

UltraVintage suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | e27b919bab1f7594cbf897ddfd0c517cff37e620db2aa020e7c0afff7b66445b
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close