ignore security and it'll go away
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-01-23

Simple Packet Sender 4.2
Posted Jan 23, 2014
Authored by Hohlraum | Site sites.google.com

Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.

Changes: Fixed memory leaks. Improved error handling. Various additions and bug fixes.
tags | tool, udp, scanner, tcp
systems | linux, unix
MD5 | 3830f1e65006ebc350dd2622061b8438
Drupal Language Switcher Dropdown 7.x Open Redirect
Posted Jan 23, 2014
Authored by Eric Peterson | Site drupal.org

Drupal Language Switcher Dropdown third party module version 7.x suffers from an open redirection vulnerability.

tags | advisory
MD5 | 975dec687c2d0711ca34120c2b7e4070
Capstone 2.0
Posted Jan 23, 2014
Authored by Nguyen Anh Quynh | Site capstone-engine.org

Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.

Changes: Library size is around 50% smaller. Much less memory usage. Framework is way faster. Various other updates and enhancements.
tags | tool
systems | linux, unix
MD5 | fb4c0e23351511dadff6a58d668f4c74
Drupal Leaflet 7.x Access Bypass
Posted Jan 23, 2014
Authored by Interdruper, Chris Hood | Site drupal.org

Drupal Leaflet third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | e5138b8f9cd77d861d90ba36afc99dd9
MW6 Active-X Buffer Overflows
Posted Jan 23, 2014
Authored by Pedro Ribeiro

MW6 Technologies has various active-x controls that suffer from buffer overflow vulnerabilities. Proof of concept code is included.

tags | exploit, overflow, vulnerability, activex, proof of concept
systems | linux
MD5 | 48b4f0c5d4b82ec96ab5919da9c4e28a
Drupal Doubleclick For Publishers 7.x Cross Site Scripting
Posted Jan 23, 2014
Authored by Matt Vance | Site drupal.org

Drupal Doubleclick for Publishers third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | a78f403c641b30edbb2c62e73fbc87f7
Drupal Secure Cookie Data 7.x Information Disclosure
Posted Jan 23, 2014
Authored by Heine Deelstra, Jonathan Kuma | Site drupal.org

Drupal Secure Cookie Data third party module version 7.x suffers from information disclosure and hard-coded secret vulnerabilities.

tags | advisory, vulnerability, info disclosure
MD5 | c1e8aa9adc0bc5bfe7c09d163d57bbf2
Cisco Security Advisory 20140122-cts
Posted Jan 23, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence System Software contains a vulnerability in the System Status Collection Daemon (SSCD) code that could allow an unauthenticated, adjacent attacker to execute arbitrary commands with the privileges of the root user.

tags | advisory, arbitrary, root
systems | cisco
MD5 | e39d0f92fb02629d76396c97c4669ef9
Cisco Security Advisory 20140122-vcs
Posted Jan 23, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded.

tags | advisory, remote
systems | cisco
MD5 | c85b67b7b4bd99c401931c8432ae6bb8
Cisco Security Advisory 20140122-isdngw
Posted Jan 23, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the drop of the data channel (D-channel) causing all calls to be terminated and preventing users from making new calls.

tags | advisory, remote
systems | cisco
MD5 | 825edd10944f3259e2197514f33d96b5
Mandriva Linux Security Advisory 2014-020
Posted Jan 23, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-020 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-6424
MD5 | a707da3098175df0c8e16b5f7f39a641
Red Hat Security Advisory 2014-0089-01
Posted Jan 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0089-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.

tags | advisory, remote, python
systems | linux, redhat
advisories | CVE-2013-6391
MD5 | 2192252d36c2dbc318065f5b358bef6e
Red Hat Security Advisory 2014-0091-01
Posted Jan 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0091-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2013-6419
MD5 | aec3c9f24595f61aacc09404848cd25f
Red Hat Security Advisory 2014-0090-01
Posted Jan 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0090-01 - The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could use the CreateStack or UpdateStack methods to create or update a stack, resulting in a violation of the API policy. Note that only setups using Orchestration's cloudformation-compatible API were affected. A flaw was found in the way Orchestration's REST API implementation handled modified request paths. An authenticated remote user could use this flaw to bypass the tenant-scoping restriction by modifying the request path, resulting in privilege escalation. Note that only setups using Orchestration's cloudformation-compatible API were affected.

tags | advisory, remote, python
systems | linux, redhat
advisories | CVE-2013-6426, CVE-2013-6428
MD5 | 4a84e84c57d5e0c6b1283b4a408afdd9
Mandriva Linux Security Advisory 2014-019
Posted Jan 23, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-019 - When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue.

tags | advisory
systems | linux, mandriva
MD5 | 2a2f277a7cc671649555ab92b652e115
Mandriva Linux Security Advisory 2014-018
Posted Jan 23, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-018 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6151
MD5 | 8ebf5ef529674b13bd9f8b52c52d0a97
Mandriva Linux Security Advisory 2014-017
Posted Jan 23, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-017 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. This update also fixes two other minor issues: IPADDRESS size in python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable.

tags | advisory, remote, denial of service, python
systems | linux, mandriva
advisories | CVE-2012-6151
MD5 | 6bc9ad87f0027a6a20eff1b9061599e9
Mandriva Linux Security Advisory 2014-016
Posted Jan 23, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-016 - A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.

tags | advisory, remote, overflow
systems | linux, mandriva
advisories | CVE-2013-4282
MD5 | 7d6c2aef5b38db259e8b5396002fa719
Mandriva Linux Security Advisory 2014-015
Posted Jan 23, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-015 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-6891
MD5 | 4434f3050de573647a75e67da5bff5e9
Juniper SSG20 Denial Of Service
Posted Jan 23, 2014
Site ffri.jp

A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20.

tags | advisory, denial of service
systems | juniper
advisories | CVE-2013-6958
MD5 | 99e37f917ddeee37c75d942dc2e036fd
Modern Browser XSS Filter Evasion
Posted Jan 23, 2014
Authored by Ioseba Palop

Multiple modern browsers have failed to mitigate a cross site scripting scenario leveraging the srcdoc attribute of an IFRAME tag.

tags | exploit, xss, bypass
MD5 | 716db1ce22554524c5f895e325cad38e
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close