seeing is believing
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-02-14

WordPress Acunetix WP Security Make Backup 4.0.3 CSRF
Posted Feb 14, 2014
Authored by Yashar shahinzadeh

Acunetix WordPress WP Security Make Backup plugin version 4.0.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 6df6a67086eadfcf2fc1eb89a869f679
Nagios NRPE Weak Cryptography Implementation
Posted Feb 14, 2014
Authored by Aaron Zauner

This advisory discusses a weak cryptography implementation in NRPE, the remote monitoring agent distributed with Nagios.

tags | advisory, remote
MD5 | a40ed0251705fe7281e73d8b68a1475e
Framework For Improving Critical Infrastructure Cybersecurity
Posted Feb 14, 2014
Site nist.gov

This document is the new cybersecurity framework produced by NIST for the Whitehouse. The intention of this release is to produce a set of industry standards and best practices to help organizations manage cybersecurity risks.

tags | paper
MD5 | 3d2dca820cb0ebcc5c8e8f8d0f0e0085
Apple Security Advisory 2014-02-11-1
Posted Feb 14, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-11-1 - Boot Camp 5.1 addresses a security issue. A bounds checking issue existed in the AppleMNT.sys driver's parsing of Portable Executable files. If a Portable Executable file with a malformed header is loaded, this could cause a Boot Camp driver to corrupt kernel memory. The issue was addressed through improved bounds checking.

tags | advisory, kernel
systems | apple
advisories | CVE-2014-1253
MD5 | d236643acf16e6917618551df3b581c3
Dexter CasinoLoader SQL Injection
Posted Feb 14, 2014
Authored by bwall

Proof of concept SQL injection exploit for the panel in Dexter CasinoLoader. It exploits the gateway for bots to connect in, which sanitizes none of its input. This version of the exploit just dumps database data, and can create a GEXF file to make a graph in Gephi.

tags | exploit, sql injection, proof of concept
MD5 | 27f6db88604434b092c8e19bef8326b7
Ubuntu Security Notice USN-2105-1
Posted Feb 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2105-1 - James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. Chris Glass discovered that the MAAS API was vulnerable to cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.

tags | advisory, remote, local, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1070, CVE-2013-1069, CVE-2013-1069, CVE-2013-1070
MD5 | 30370f2b084871da72ecdf99e8ec7a26
Mandriva Linux Security Advisory 2014-029
Posted Feb 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-029 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0001
MD5 | 333a850c2f238b8eeafedb7f5782d2a3
Mandriva Linux Security Advisory 2014-028
Posted Feb 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-028 - Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Various other issues have been addressed. The updated packages have been upgraded to the 5.5.35 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, CVE-2014-0402
MD5 | 91fd7bdaf03d53565d9cda48d9830e61
Red Hat Security Advisory 2014-0173-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0173-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-3839, CVE-2013-5807, CVE-2013-5891, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
MD5 | 91b857deb97af0d19ed6c425c76aade9
Red Hat Security Advisory 2014-0174-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0174-01 - Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server, as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials.

tags | advisory, remote, web, kernel
systems | linux, redhat
advisories | CVE-2013-6492
MD5 | 5d930a3f7cc36798d14a8aa5b8feff9f
Red Hat Security Advisory 2014-0175-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0175-01 - Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server, as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials.

tags | advisory, remote, web, kernel
systems | linux, redhat
advisories | CVE-2013-6492
MD5 | 54c29c1c7ae2fd7052afee2be8e087d3
Red Hat Security Advisory 2014-0172-01
Posted Feb 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0172-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517, CVE-2013-6440, CVE-2014-0018
MD5 | 33d05b594bca0d3fd20c5b4ae96afd2a
ASUS RT Router Anonymous FTP Access
Posted Feb 14, 2014
Authored by Kyle Lovett

Five ASUS RT series routers suffer from a vendor vulnerability that default FTP service to anonymous access with full read/write permissions.

tags | advisory
MD5 | 0a09109ee42194b159a6f5024b62f3cb
WordPress Buddypress 1.9.1 Privilege Escalation
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-1889
MD5 | b7ae87866e54f8494c55561931e79a7b
WordPress Buddypress 1.9.1 Cross Site Scripting
Posted Feb 14, 2014
Authored by Pietro Oliva

WordPress Buddypress plugin versions 1.9.1 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1888
MD5 | c11fda673c81b0c6a4c652a69f4bd6cf
FreePBX 2.9 Remote Code Execution
Posted Feb 14, 2014
Authored by Rob Thomas

FreePBX version 2.9 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2014-1903
MD5 | ea79ea9edf834d68a315e818dd90ed1a
Boxcryptor Cross Site Scripting
Posted Feb 14, 2014
Authored by Vicente Aguilera Diaz

Boxcryptor.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b210db85736315811aa530df3528bf4a
DAVOSET 1.1.7
Posted Feb 14, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added new services into full list of zombies, added support of hours in timer and improved support of plugin Google Maps.
tags | tool, denial of service
MD5 | d917519b0d557e6ffbb8c3962b271caa
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close