what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-01-10

Cisco Security Advisory 20140110-sbd
Posted Jan 10, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, root, vulnerability
systems | cisco
SHA-256 | f2904214edf565450c46b33ee605148c5e29f09f71f311bf295142aa6102eca1
Debian Security Advisory 2840-1
Posted Jan 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2840-1 - Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. A remote attacker could exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.

tags | advisory, remote, denial of service, overflow, protocol
systems | cisco, linux, debian
advisories | CVE-2013-2139
SHA-256 | 7a4e6e3edbabd53c7021a5f4ea2490aa91c3d510fd476c8a0afd8ec7c592ac90
Gentoo Linux Security Advisory 201401-07
Posted Jan 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-7 - Multiple Denial of Service vulnerabilities have been found in libxslt. Versions less than 1.1.28 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2870, CVE-2012-2893, CVE-2012-6139, CVE-2013-4520
SHA-256 | f23dd72c3b893d110a45c420e9dac3a0ca04e3ad16ed8dc28007045c29b7bbf2
Gentoo Linux Security Advisory 201401-06
Posted Jan 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-6 - A stack-based buffer overflow in Git might allow a local attacker to gain escalated privileges. Versions less than 1.7.2.2 are affected.

tags | advisory, overflow, local
systems | linux, gentoo
advisories | CVE-2010-2542
SHA-256 | 0078fd3cb1b2ce989ded157fb1594874759fe92f440b59fbaf7e69d2366bd48b
Red Hat Security Advisory 2014-0018-01
Posted Jan 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0018-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2013-6462
SHA-256 | 0f840c2a80d469348a2f0f6db12138d55905de6840034df20511234afa0c5b66
Conceptronic CIPCAMPTIWL 21.37.2.49 Cross Site Request Forgery
Posted Jan 10, 2014
Authored by Felipe Molina

Conceptronic camera CIPCAMPTIWL with firmware 21.37.2.49 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2013-7204
SHA-256 | c936953abc9b003cdedd3e88f2c0d79e0d4917e23725676c6212ee65de3ad7d4
Joomla Aclassfb Shell Upload
Posted Jan 10, 2014
Authored by DevilScreaM

The Joomla Aclassfb component suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9d0fb8ff59906454f8f77b6cd1a8d6cbd5c42f068d8b4fc058718a4e32f3316f
vBulletin YUI 2.9.0 Cross Site Scripting
Posted Jan 10, 2014
Authored by TUNISIAN CYBER

vBulletin YUI version 2.9.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 70b04ec197f8e63c02b7663b1a4b2d9d18521f1c0c32ac2e1970802272e3fc06
Lorex Security DVR Active-X Buffer Overflow
Posted Jan 10, 2014
Authored by Pedro Ribeiro

Lorex Security DVR systems suffers from an active-x related buffer overflow vulnerability.

tags | advisory, overflow, activex
advisories | CVE-2014-1201
SHA-256 | a54d0f52ae58b40ee40061c7e9c569e51ba1726893d2ddd6e053141f37699907
SerComm Device Remote Code Execution
Posted Jan 10, 2014
Authored by Matt Andreko, Eloi Vanderbeken | Site metasploit.com

This Metasploit module will cause remote code execution on several SerComm devices. These devices typically include routers from NetGear and Linksys. Tested against NetGear DG834.

tags | exploit, remote, code execution
SHA-256 | 9b733578aa9b9d3b0e314171f950e5b06d7e37d888dc961f586106abfaaeedec
OpenSSL Toolkit 1.0.1f
Posted Jan 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A TLS record tampering bug was fixed. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS digest and encryption contexts are kept in retransmission structures so that the previous session parameters can be used if they need to be re-sent (CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X was added.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-4353, CVE-2013-6450
SHA-256 | 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
Lynis Auditing Tool 1.3.9
Posted Jan 10, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release has additional support for Mac OS, performance adjustments, a better hostid function, and several smaller bug fixes.
tags | tool, scanner
systems | unix
SHA-256 | 78abf32de8ba0d0a67617e61fa1cb640b7508cd32d15ea092104768963766702
Ubuntu Security Notice USN-2079-1
Posted Jan 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | 8b01c75a1f6dc71ca305dc74fc6913c030cad0950cfba7ec713698b31175de80
WordPress NextGen Gallery Cross Site Scripting
Posted Jan 10, 2014
Authored by TUNISIAN CYBER

WordPress NextGen Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 2048dd3332f93135c9fa534a0d715495878f18701186d45dda32ab9eff032a79
Joomla Melody Cross Site Scripting
Posted Jan 10, 2014
Authored by TUNISIAN CYBER

The Joomla Melody component suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6102f20c0e44aa4040f3c629757e685bd0741d329ca67792e2fd597dab8e54ad
Ubuntu Security Notice USN-2077-2
Posted Jan 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2077-2 - USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. It was discovered that Puppet incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
SHA-256 | 5412352220a034db7b4522541d0173b31733bffdd5c28132671bce3335a562c7
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close