what you don't know can hurt you
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-03-03

GNU Transport Layer Security Library 3.2.12
Posted Mar 3, 2014
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This is a security bug fix release.
tags | protocol, library
SHA-256 | 74c1698a7f6c5ef4938f86285e4fb3929e5f9c6826521b5f2df8ebac22b52505
Lynis Auditing Tool 1.4.4
Posted Mar 3, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds initial support for plugins (phase 1), detects the tune2fs/egrep binaries, and has several new functions. Some tests have been extended to properly display findings. The scan report and screen output have been extended to reflect the usage of plugins. Several smaller improvements make this release worthy of use.
tags | tool, scanner
systems | unix
SHA-256 | 3bba6fa31825a4b4a51e3d7c27fcd7f433fcb8393b21595e0b0a0f8653e937b9
GetGo Download Manager 4.x Stack Buffer Overflow
Posted Mar 3, 2014
Authored by Julien Ahrens | Site rcesecurity.com

GetGo Download Manager versions 4.9.0.1982, 4.8.2.1346, and 4.4.5.502 suffer from a stack based buffer overflow.

tags | exploit, overflow
advisories | CVE-2014-2206
SHA-256 | 37e7b43cd0b640f958d68aebcb6fef26f37e335a1fdb848743f568b90af6185c
RSA Data Loss Prevention Improper Session Management
Posted Mar 3, 2014
Site emc.com

RSA Data Loss Prevention versions up to 9.6 SP1 contain an improper session management vulnerability that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory
advisories | CVE-2014-0624
SHA-256 | cb510fb97b53bc40e0b9253dd87a0085703a960dc1bcf5a1b9941ed5b7beec59
Google Analytics MU 2.3 Cross Site Request Forgery
Posted Mar 3, 2014
Authored by Tom Adams

Google Analytics MU version 2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2f51292719cd124f47c236e74c0bd18cc694de5dbc56151074b34ae995c21cf5
PasswordsCon 14 Call For Papers
Posted Mar 3, 2014
Authored by Per Thorsheim

The Passwords^14 Call For Papers has been announced. This year they will be teaming up with BsidesLV and it will be held August 5th and 6th, 2014 in Las Vegas, NV, USA.

tags | paper, conference
SHA-256 | 0e6de150d688bebe16bd35e0c270eef72a5d368e42d96e788440cfd04e133119
Netvolution WCM CMS 3 SQL Injection
Posted Mar 3, 2014
Authored by projectzero | Site projectzero.gr

Netvolution WCM CMS version 3 suffers from an error-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | f2f7bcd1bc112b4eb343151af922f3febbefa864cd8ac33feb7635c46419ab03
Debian Security Advisory 2869-1
Posted Mar 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2869-1 - Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported successfully even in cases were an error would prevent all verification steps to be performed.

tags | advisory
systems | linux, redhat, debian
advisories | CVE-2014-0092
SHA-256 | 4051fda1725c49e1b37ba9a446a6b871a75ffc03ece3782ad6ac57fc31750d7b
Debian Security Advisory 2868-1
Posted Mar 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2868-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1943
SHA-256 | 16d86ac3902e25715484eb1f631a6288c8a627b11fbb80a7d56c3e4c0d3132f8
Red Hat Security Advisory 2014-0247-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0247-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A flaw was found in the way GnuTLS handled version 1 X.509 certificates. An attacker able to obtain a version 1 certificate from a trusted certificate authority could use this flaw to issue certificates for other sites that would be accepted by GnuTLS as valid.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2009-5138, CVE-2014-0092
SHA-256 | 326ee8034637a4e66c55990e111e0d88f7d48d299e523235319d603d7db909b6
Red Hat Security Advisory 2014-0245-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
SHA-256 | 2e94e8a1c355505c1954424496b8001a3e24d262909aa6bd71a8c6f8c99b3696
Red Hat Security Advisory 2014-0246-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0246-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0092
SHA-256 | 7223c9a5088840219dd9299f121d0234dc37b2bdd29972ef7ba568b1c92c6aeb
Ubuntu Security Notice USN-2126-1
Posted Mar 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2126-1 - Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-1943, CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943, CVE-2014-2020
SHA-256 | 9a5ab283b9e55f400a4b88d11cf1323ae8f64e35c58bab2a1495db996de123ce
Ubuntu Security Notice USN-2125-1
Posted Mar 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2125-1 - Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrom_into() function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2014-1912
SHA-256 | 531736c6fb0495c327e9ef010cd9f3ddb37a76e6a1bdbd869391557af852926e
MantisBT Admin SQL Injection Arbitrary File Read
Posted Mar 3, 2014
Authored by Brandon Perry | Site metasploit.com

MantisBT versions 1.2.16 and below Metasploit module that leverages a remote SQL injection vulnerability to perform an arbitrary file read. Administrative credentials required.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2014-2238
SHA-256 | aa47d71bf88217768761036b4fe39e67d36b8a53ac37514259ca02cca0186d98
Welcart e-Commerce usc-e-shop.1.3.12 XSS / SQL Injection
Posted Mar 3, 2014
Authored by HauntIT

Welcart e-Commerce version usc-e-shop.1.3.12 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ad1718ad205dd9849acfbc38521e21a91e210dabdbbef3a1d68e73ca31cf7da1
ALLPlayer 5.8.1 Buffer Overflow
Posted Mar 3, 2014
Authored by Gabor Seljan

ALLPlayer version 5.8.1 SEH buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
SHA-256 | 2b9a546a1e0e23c899b312b4d3da50a553de79acf3ddcf82a6105131f2c0483a
Eventy Plus Cross Site Request Forgery
Posted Mar 3, 2014
Authored by TUNISIAN CYBER

Eventy Plus suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0c6f8aec09447b0b47b0ffc63a0caa42f128228bda6cb7976512cbbcd5a00cb4
mrtparse MRT Parsing Tool
Posted Mar 3, 2014
Authored by Nobuhiro ITOU, Tetsumune KISO, Yoshiyuki YAMAUCHI | Site github.com

mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

tags | tool, protocol, python
systems | unix
SHA-256 | 14ee5c55b0d6f1ce79ea3e84d4849391526783eb3161394bf6a164d1c6b8e777
Joomla 3.2.2 Cross Site Scripting
Posted Mar 3, 2014
Authored by HauntIT

Joomla version 3.2.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8f49da4eb30400915ab538ac590fa428e1269c05be6c868285a863ff00fb83b0
Yii Framework Blog Cross Site Request Forgery
Posted Mar 3, 2014
Authored by Christy Philip Mathew

Yii Framework Blog suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7bc3cea8501a2ffbbeb09577198793356a4c517a8dd44f39677b563a17afcf94
Byte CMS Cross Site Scripting
Posted Mar 3, 2014
Authored by projectzero | Site projectzero.gr

Byte CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | aeda529dae952f94ec82e81966f4502b71991064b69ae99c381e9d8ce539e648
WordPress TheCotton Shell Upload
Posted Mar 3, 2014
Authored by IeDb

WordPress TheCotton theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 7f26d37c59e3c7e62ab4165e4b7f69bf67f77d89443632ebf4af69666e581987
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close