Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-01-31

OpenSSH 6.5p1
Posted Jan 31, 2014
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is a feature-focused release. New features include new ciphers and key types, a new private key format, and rejection of connection requests from old insecure clients. There are also a number of bug fixes.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | a084e7272b8cbd25afe0f5dce4802fef
Ubuntu Security Notice USN-2096-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2096-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | de71c756acf323ef79014f04e6a9918f
Debian Security Advisory 2849-1
Posted Jan 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2849-1 - Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-0015
MD5 | 30995661227275cc7e173b0a93245365
Ubuntu Security Notice USN-2095-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2095-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | bb8bd178738afb72dc5657048330c13c
Joomla JomSocial 2.6 Code Execution
Posted Jan 31, 2014
Authored by Matias Fontanini, Carlos Gaston Traberg

Joomla JomSocial component version 2.6 remote PHP code execution exploit.

tags | exploit, remote, php, code execution
MD5 | 2de6823a840b1df40cb6d64d7d514fbc
TopicsViewer 3.0 Beta 1 SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

TopicsViewer version 3.0 Beta 1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 1277ce9378caf362c3950cb952de5b88
Ubuntu Security Notice USN-2094-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2094-1 - Pageexec reported a bug in the Linux kernel's recvmsg syscall when called from code using the x32 ABI. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or gain administrator privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-0038
MD5 | 4f953fe0b29053dbb30be8649a200bc8
Linux 3.4+ recvmmsg Proof Of Concept
Posted Jan 31, 2014
Authored by Kees Cook

Linux 3.4+ recvmmsg x32 compat proof of concept exploit.

tags | exploit, proof of concept
systems | linux
MD5 | 5d369525e99b7cd930dfb482e5bfa6a6
Jobsite Logo Cross Site Scripting / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | e1229bebc7fffabc0240d51b2e0df21e
Booking Calendar PHP CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Booking Calendar PHP suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection, csrf
MD5 | 66942b22f11a954aa9bbd7cfc7e89b3b
Eventy Online Scheduler 1.8 CSRF / XSS / SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | d91b51a5bce33cba8609d7c19517fe50
WordPress Contact Form 7 3.5.3 Shell Upload
Posted Jan 31, 2014
Authored by MustLive

WordPress Contact Form 7 versions 3.5.3 and below suffer from a remote shell upload vulnerability.

tags | advisory, remote, shell
MD5 | 31d061b82323d1b6d271c09a577543ae
Newtontree IT Services SQL Injection
Posted Jan 31, 2014
Authored by AtT4CKxT3rR0r1ST

Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass
MD5 | eabbeea98f8dc5691f8b7a9572a1b438
Ubuntu Security Notice USN-2092-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2092-1 - Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2013-4344, CVE-2013-4375, CVE-2013-4377, CVE-2013-4344, CVE-2013-4375, CVE-2013-4377
MD5 | ec1c918c14603a1f253da7d644ed8fcf
Ubuntu Security Notice USN-2093-1
Posted Jan 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2093-1 - Martin Kletzander discovered that libvirt incorrectly handled reading memory tunables from LXC guests. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Dario Faggioli discovered that libvirt incorrectly handled the libxl driver. A local user could possibly use this flaw to cause libvirtd to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028, CVE-2014-1447, CVE-2013-6436, CVE-2013-6457, CVE-2013-6458, CVE-2014-0028, CVE-2014-1447
MD5 | f51e0cfacbcfb0b443a67a0f0fc08ecb
Red Hat Security Advisory 2014-0124-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
MD5 | 5744bd870f1f4cce365229826aefe6e9
Red Hat Security Advisory 2014-0113-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0113-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was discovered in the way the LDAP backend in keystone handled the removal of a role. A user could unintentionally be granted a role if the role being removed had not been previously granted to that user. Note that only OpenStack Identity setups using an LDAP backend were affected. All openstack-keystone users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-4477
MD5 | ff3d6a0a2ee9a70a7881cecc967601f5
Red Hat Security Advisory 2014-0112-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0112-01 - The openstack-nova packages provide OpenStack Compute, which provides services for provisioning, managing, and using virtual machine instances. It was discovered that enabling "qpid_protocol = ssl" in the nova.conf file did not result in nova using SSL to communicate to Qpid. If Qpid was not configured to enforce SSL this could lead to sensitive information being sent unencrypted over the communication channel. A flaw was found in the way OpenStack Compute controlled the size of disk images. An authenticated remote user could use malicious compressed qcow2 disk images to consume large amounts of disk space, potentially causing a denial of service on the OpenStack Compute nodes.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4463, CVE-2013-6491
MD5 | 8d1a24b1931678f63b8907beb8b4c103
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close