what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-01-20

Hackito Ergo Sum 2014 Call For Papers
Posted Jan 20, 2014
Authored by HES CFP | Site 2014.hackitoergosum.org

The Hackito Ergo Sum 2014 Call For Papers has been announced. It will be held from April 24th through the 26th, 2014 in Paris France.

tags | paper, conference
MD5 | 60d654b8aa5f646c991dd9959b8ded33
Gentoo Linux Security Advisory 201401-11
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2728, CVE-2011-2939, CVE-2012-5195, CVE-2013-1667
MD5 | ecd43ce19385b37811ba89561b4b5b37
Gentoo Linux Security Advisory 201401-10
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-10 - Multiple vulnerabilities have been found in libexif and exif, some of which may allow execution of arbitrary code. Versions less than 0.6.21 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841, CVE-2012-2845
MD5 | 81d022ca2c3a63ddff6de5dd8dca2f54
Gentoo Linux Security Advisory 201401-09
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-9 - A vulnerability in Openswan could result in execution of arbitrary code or Denial of Service. Versions less than 2.6.39 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2013-2053
MD5 | a22d1ff188194a7a54ba15da60e6f509
Red Hat Security Advisory 2014-0045-01
Posted Jan 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0045-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method of remotely accessing Seam components from a web page, using AJAX. It was found that the ExecutionHandler, PollHandler, and SubscriptionHandler classes in JBoss Seam Remoting unmarshalled user-supplied XML and resolved external entities in this XML. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML External Entity attacks.

tags | advisory, java, remote, web, xxe
systems | linux, redhat
advisories | CVE-2013-6447, CVE-2013-6448
MD5 | a3ffa0deea6c0c0d53b8bb4332882951
Red Hat Security Advisory 2014-0044-01
Posted Jan 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0044-01 - Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-6412
MD5 | e4f01797c76b70a6aa66cc3d9619c53f
Red Hat Security Advisory 2014-0043-01
Posted Jan 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0043-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-0591
MD5 | 271fdf9d50854644d324823e8ce56429
Mandriva Linux Security Advisory 2014-012
Posted Jan 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-012 - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2013-1740
MD5 | c1cecd4bf61b409aba3a046fbc00acfd
Mandriva Linux Security Advisory 2014-011
Posted Jan 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-011 - Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys. The updated packages provides a solution for these security issues.

tags | advisory, java, vulnerability, xxe
systems | linux, mandriva
advisories | CVE-2013-5878, CVE-2013-5884, CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428
MD5 | b54aa8c96f62b19872b82fbceca09be2
Gentoo Linux Security Advisory 201401-14
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422
MD5 | 3ce972737b30b0c5dc026e59570caab5
Gentoo Linux Security Advisory 201401-13
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-13 - Multiple vulnerabilities have been found in VirtualBox, allowing local attackers to escalate their privileges or cause a Denial of Service condition. Versions less than 4.2.22 are affected.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3221, CVE-2013-5892, CVE-2014-0404, CVE-2014-0405, CVE-2014-0406, CVE-2014-0407
MD5 | 0dc8d8e80178ae1c9a08cb3d99c035a4
Gentoo Linux Security Advisory 201401-12
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-12 - Multiple vulnerabilities have been found in GNUstep Base library, the worst of which allow execution of arbitrary code. Versions less than 1.20.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1457, CVE-2010-1620
MD5 | e67fa9ce26784849858f6f1bcae63427
BlueCom 5360/52018 Password Reset
Posted Jan 20, 2014
Authored by Kai

BlueCom router model 5360/52018 remote password reset exploit.

tags | exploit, remote
MD5 | 5d7b0354a33230c98e9b28a0405aab8b
Doodle4Gift Cross Site Scripting
Posted Jan 20, 2014
Authored by Dr.NaNo

Doodgle4Gift suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
MD5 | 1f7da27ddb1240e910d03baec281d758
Cookies
Posted Jan 20, 2014
Authored by F4RY4R_RED

This is a whitepaper discussing the use of cookies. Written in Persian.

tags | paper
MD5 | 4a191ed7e91ca36a68d86936feac5826
Autoresponder PRO Cross Site Scripting
Posted Jan 20, 2014
Authored by TUNISIAN CYBER

Autoresponder PRO suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 02d2fa352e4664ee5f0e918f58abaa83
Teracom Modem T2-B-Gawv1.4U10Y-BI Cross Site Scripting
Posted Jan 20, 2014
Authored by Rakesh S

Teracom Modem version T2-B-Gawv1.4U10Y-BI suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1e7c2ac62eb4f5785f0b949504861940
WordPress Social Ring 1.1.9 Cross Site Scripting
Posted Jan 20, 2014
Authored by Ashiyane Digital Security Team

WordPress Social Ring plugin versions 1.0 through 1.1.9 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e6df4cea5f012c1434e5c6419ffd26d3
WordPress Global Flash Galleries File Upload
Posted Jan 20, 2014
Authored by Ashiyane Digital Security Team

WordPress Global Flash Galleries plugin suffers from an arbitrary file upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, arbitrary, file upload
MD5 | 7e05c77cb2837d5f91b407fd4425c92f
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close