what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2014-02-20

Drupal Slickgrid 7.x Access Bypass
Posted Feb 20, 2014
Authored by Tim Wood | Site drupal.org

Drupal Slickgrid third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 382582324699e2eaf54d70da5d8ffb01
Drupal Maestro 7.x Cross Site Scripting
Posted Feb 20, 2014
Authored by Aron Novak | Site drupal.org

Drupal Maestro third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | a56c6502ee5df80ab31c0a839d13f4be
Lynis Auditing Tool 1.4.2
Posted Feb 20, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release improves HostID detection, has extended umask tests, and adds a Squid test to suppress the version number of Squid.
tags | tool, scanner
systems | unix
MD5 | 4e97dbf9da1e4fb81a52a26e1f615f9f
VideoCharge Studio 2.12.3.685 Stack Buffer Overflow
Posted Feb 20, 2014
Authored by Julien Ahrens | Site rcesecurity.com

VideoCharge Studio version 2.12.3.685 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 34070cc72a43434bfeb8b453e488e6c7
GrrCON 2014 Call For Papers
Posted Feb 20, 2014
Site grrcon.org

GrrCON is an information security and hacking conference held annually in the Midwest. This conference was put together to provide the information security community with a venue to come together and share ideas, information, solutions, forge relationships, and most importantly engage with like minded people in a fun atmosphere. It will take place October 16th and 17th, 2014 in Grand Rapids, MI, USA.

tags | paper, conference
MD5 | 111a284c97c0d9e3f9e2d239f4d3685f
Barracuda Message Archiver 650 Cross Site Scripting
Posted Feb 20, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Barracuda Message Archiver 650 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9d1fcc88d1d6941a5abc730a8f1b686d
Cisco Systems Cross Site Scripting
Posted Feb 20, 2014
Authored by Nicholas Lemonias

Cisco.com suffered from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
MD5 | 09f4564bae8705d650461636641f415b
D-LINK DIR-615 Cross Site Request Forgery
Posted Feb 20, 2014
Authored by Dhruv Shah

D-LINK DIR-615 hardware version E4 with firmware version 5.10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 4a6e9732a84914fe0e2a004c2e2597c4
SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 Buffer Overflow
Posted Feb 20, 2014
Authored by Mohamed Shetta

SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 suffers from a stack buffer overflow vulnerability.

tags | exploit, denial of service, overflow
MD5 | 73f17d812826083a9adf1aff904783c8
ICEWARP 11.0.0.0 Script Insertion
Posted Feb 20, 2014
Authored by Usman Saeed

ICEWARP client versions 11.0.0.0 and 10.3.4 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 580833c27997aa0086c5b2301db5bdca
Owning A CA Control Access Server
Posted Feb 20, 2014
Authored by Sanehdeep Singh

This whitepaper documents how to compromise CA ControlMinder versions 12.5, 12.6, and 12.6 SP1 running JBoss version 4.2.2.GA.

tags | paper
MD5 | b2fbb92d2438c9ea11e8997c642a8de3
WRT120N 1.0.0.7 Stack Overflow
Posted Feb 20, 2014
Authored by Craig Heffner

WRT120N version 1.0.0.7 stack overflow exploit which clears the admin password.

tags | exploit, overflow
MD5 | 6fc4c70e2261e1d8caee7ac0a799ed98
Cisco Security Advisory 20140219-phone
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.

tags | advisory, remote, root
systems | cisco
MD5 | 0daa93eb0efeea96d5703503b718af9c
Cisco Security Advisory 20140219-ucsd
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, root
systems | cisco
MD5 | 0f41765683eaada65929fe874efd2b0c
Grails 2.3.5 Information Disclosure
Posted Feb 20, 2014
Authored by Ramsharan065

Grails by Pivotal versions 2.0.0 through 2.3.5 suffer from an information disclosure vulnerability. The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF by default. This means that both configuration files and class files are publicly accessible when they should be private.

tags | advisory, web, info disclosure
advisories | CVE-2014-0053
MD5 | 857a8656625796568620ecefa3a24d3d
Core FTP Server 1.2 Build 505 Code Execution
Posted Feb 20, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.

tags | advisory, local, code execution
advisories | CVE-2014-1215
MD5 | 83664bebc1aa0e124107072091dc0a1a
Cisco Security Advisory 20140219-ips
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
MD5 | 6c9778f2dd00f8cf9f625591d717bdc7
Cisco Security Advisory 20140219-fwsm
Posted Feb 20, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication.

tags | advisory, remote
systems | cisco
MD5 | 08c14d7ee30f41ae1824974153695650
Mandriva Linux Security Advisory 2014-042
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-042 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.

tags | advisory, java, remote, web, denial of service, arbitrary, root
systems | linux, mandriva
advisories | CVE-2012-3544, CVE-2013-1571, CVE-2013-1976, CVE-2013-2067
MD5 | 53d0dd2df95627bc9c4704fd77d94c7c
Mandriva Linux Security Advisory 2014-041
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-041 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary, python
systems | linux, mandriva
advisories | CVE-2014-1912
MD5 | 1d48475bd1bd9bcdb076924cc3018097
Debian Security Advisory 2863-1
Posted Feb 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2863-1 - A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2013-4420
MD5 | 3838ceaa0b04cb549b9d76deef36618c
Red Hat Security Advisory 2014-0189-01
Posted Feb 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0189-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MariaDB command line client tool processed excessively long version strings. If a user connected to a malicious MariaDB server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-3839, CVE-2013-5807, CVE-2013-5891, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437
MD5 | 4140445e5f1684cb40ebf1087d73e5b4
Mandriva Linux Security Advisory 2014-044
Posted Feb 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-044 - Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users. The updated packages have been upgraded to the 7.1.8 version which is not vulnerable to these issues. Additionally kyotocabinet 1.2.76 packages is also being provided due to new dependencies.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0037, CVE-2014-0079
MD5 | abdff567fc9e241121d472bf7c6e5bf9
Ubuntu Security Notice USN-2119-1
Posted Feb 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2119-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1477, CVE-2014-1479, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1481, CVE-2013-6674, CVE-2013-6674, CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
MD5 | 2cb102f8f2600e0ade905206f10b0a4e
Ubuntu Security Notice USN-2102-2
Posted Feb 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2102-2 - USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1489, CVE-2014-1488, CVE-2014-1481
MD5 | ea800c6b30dc6330d1f23d910ec601ee
Page 1 of 2
Back12Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close