exploit the possibilities
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-03-03

GNU Transport Layer Security Library 3.2.12
Posted Mar 3, 2014
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This is a security bug fix release.
tags | protocol, library
MD5 | f507365940de8f095e1d867c6f0842f6
Lynis Auditing Tool 1.4.4
Posted Mar 3, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds initial support for plugins (phase 1), detects the tune2fs/egrep binaries, and has several new functions. Some tests have been extended to properly display findings. The scan report and screen output have been extended to reflect the usage of plugins. Several smaller improvements make this release worthy of use.
tags | tool, scanner
systems | unix
MD5 | eb476fa8519fd5041d876234c81acc41
GetGo Download Manager 4.x Stack Buffer Overflow
Posted Mar 3, 2014
Authored by Julien Ahrens | Site rcesecurity.com

GetGo Download Manager versions 4.9.0.1982, 4.8.2.1346, and 4.4.5.502 suffer from a stack based buffer overflow.

tags | exploit, overflow
advisories | CVE-2014-2206
MD5 | 8150015b9359290479bf7d4c3234749a
RSA Data Loss Prevention Improper Session Management
Posted Mar 3, 2014
Site emc.com

RSA Data Loss Prevention versions up to 9.6 SP1 contain an improper session management vulnerability that could potentially be exploited by malicious users to compromise the affected system.

tags | advisory
advisories | CVE-2014-0624
MD5 | 0666bd7b3364b34218c16d924b361894
Google Analytics MU 2.3 Cross Site Request Forgery
Posted Mar 3, 2014
Authored by Tom Adams

Google Analytics MU version 2.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 4453def57ec31765d4f776853093d303
PasswordsCon 14 Call For Papers
Posted Mar 3, 2014
Authored by Per Thorsheim

The Passwords^14 Call For Papers has been announced. This year they will be teaming up with BsidesLV and it will be held August 5th and 6th, 2014 in Las Vegas, NV, USA.

tags | paper, conference
MD5 | 32dfa952a38d3b7b0345916fdd9fbeb6
Netvolution WCM CMS 3 SQL Injection
Posted Mar 3, 2014
Authored by projectzero | Site projectzero.gr

Netvolution WCM CMS version 3 suffers from an error-based remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 56727d4b5af1f3a2d7d5db2b1bd2c738
Debian Security Advisory 2869-1
Posted Mar 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2869-1 - Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported successfully even in cases were an error would prevent all verification steps to be performed.

tags | advisory
systems | linux, redhat, debian
advisories | CVE-2014-0092
MD5 | 6b1c6be793ed2ff268e2e395fa4efc65
Debian Security Advisory 2868-1
Posted Mar 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2868-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1943
MD5 | 813c4c44d829fc0149e8e8ecdd9083ad
Red Hat Security Advisory 2014-0247-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0247-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A flaw was found in the way GnuTLS handled version 1 X.509 certificates. An attacker able to obtain a version 1 certificate from a trusted certificate authority could use this flaw to issue certificates for other sites that would be accepted by GnuTLS as valid.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2009-5138, CVE-2014-0092
MD5 | 9604dc50e5adabee1bde3a63778ced63
Red Hat Security Advisory 2014-0245-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
MD5 | c53b528c76b33df7b0f9dfaf0f241e4c
Red Hat Security Advisory 2014-0246-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0246-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0092
MD5 | 24b2e2d69c95b97113d0e74298f17040
Ubuntu Security Notice USN-2126-1
Posted Mar 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2126-1 - Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-1943, CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943, CVE-2014-2020
MD5 | 8413251579575380e81f41fbf62fe6a9
Ubuntu Security Notice USN-2125-1
Posted Mar 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2125-1 - Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes when using the socket.recvfrom_into() function. An attacker could possibly use this issue to cause Python to crash, resulting in denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2014-1912
MD5 | d974e1710f8bd707a1b96c73ad22a012
MantisBT Admin SQL Injection Arbitrary File Read
Posted Mar 3, 2014
Authored by Brandon Perry | Site metasploit.com

MantisBT versions 1.2.16 and below Metasploit module that leverages a remote SQL injection vulnerability to perform an arbitrary file read. Administrative credentials required.

tags | exploit, remote, arbitrary, sql injection
advisories | CVE-2014-2238
MD5 | a77e451636e8cf271e82ebc58d041434
Welcart e-Commerce usc-e-shop.1.3.12 XSS / SQL Injection
Posted Mar 3, 2014
Authored by HauntIT

Welcart e-Commerce version usc-e-shop.1.3.12 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 8c0a4cc14879fbf0a89a222aefe0401e
ALLPlayer 5.8.1 Buffer Overflow
Posted Mar 3, 2014
Authored by Gabor Seljan

ALLPlayer version 5.8.1 SEH buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
MD5 | a5d3a5798b0933b4dfb5e973d9143623
Eventy Plus Cross Site Request Forgery
Posted Mar 3, 2014
Authored by TUNISIAN CYBER

Eventy Plus suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | cd7b316942b5118833fb75bc30be4975
mrtparse MRT Parsing Tool
Posted Mar 3, 2014
Authored by Nobuhiro ITOU, Tetsumune KISO, Yoshiyuki YAMAUCHI | Site github.com

mrtparse is a module to read and analyze the MRT format data. The MRT format data can be used to export routing protocol messages, state changes, and routing information base contents, and is standardized in RFC6396. Programs like Quagga / Zebra, BIRD, OpenBGPD and PyRT can dump the MRT format data. Written in Python.

tags | tool, protocol, python
systems | unix
MD5 | 28e1904c2903851a78fced3c68dc215c
Joomla 3.2.2 Cross Site Scripting
Posted Mar 3, 2014
Authored by HauntIT

Joomla version 3.2.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | a4fb29d02b2ea853e7f3e028f2026feb
Yii Framework Blog Cross Site Request Forgery
Posted Mar 3, 2014
Authored by Christy Philip Mathew

Yii Framework Blog suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8befc18596e28b4f4205304dbe19690a
Byte CMS Cross Site Scripting
Posted Mar 3, 2014
Authored by projectzero | Site projectzero.gr

Byte CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3722da5eb3e7f2251d15edcd0f761aa
WordPress TheCotton Shell Upload
Posted Mar 3, 2014
Authored by IeDb

WordPress TheCotton theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 51d82a544fbf4f67aac007bb18931aec
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close