ignore security and it'll go away
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-03-04

Java OpenID Server 1.2.1 XSS / Session Fixation
Posted Mar 4, 2014
Authored by Bartlomiej Balcerek

JOIDS (Java OpenID Server) version 1.2.1 suffers from reflected cross site scripting and session fixation vulnerabilities.

tags | exploit, java, vulnerability, xss
MD5 | 95a214dd5973285304e1372cae1ccdae
ClickDesk 4.3 Cross Site Scripting
Posted Mar 4, 2014
Authored by Owais Mehtab

ClickDesk versions 4.3 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-9211
MD5 | 45ce381e46a507e884e78841a04ee17f
Google Youtube Arbitrary File Upload
Posted Mar 4, 2014
Authored by Nicholas Lemonias

Youtube.com suffered from an arbitrary file upload vulnerability when headers were manipulated.

tags | exploit, arbitrary, file upload
MD5 | f25e06a25e86b69302ceeabf4bee5f3d
Ganib 2.3 SQL Injection
Posted Mar 4, 2014
Authored by drone

Ganib versions 2.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8f69b07b2fc8cb3184db23c82befcb70
Red Hat Security Advisory 2014-0233-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0233-01 - PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations. It was found that PackStack did not correctly install the rules defined in the default security groups when deployed on OpenStack Networking, allowing network connections to be made to systems that should not have been accessible.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0071
MD5 | 1408bfe37d3159d67e0b305d4232c316
Red Hat Security Advisory 2014-0232-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0232-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-0006
MD5 | 086b5405f2d588055f891d2460c09bc3
Apache Cordova 2.9.0 Privilege Escalation
Posted Mar 4, 2014
Authored by Neil Bergman

Cordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.

tags | advisory
systems | ios
advisories | CVE-2014-0073
MD5 | 5dd1e7754e5584b61163d467bcb19599
Apache Shiro 1.2.2 LDAP Authentication Bypass
Posted Mar 4, 2014
Authored by The Apache Shiro Team

Apache Shiro versions 1.0.0-incubating through 1.2.2 suffer from an LDAP authentication bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2014-0074
MD5 | af2369c26d76bbf09b7431cd5a1ba1fb
Ipdecap 0.7
Posted Mar 4, 2014
Authored by Loic Pefferkorn | Site loicp.eu

Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, and ESP (IPSEC) protocols, and can also remove IEEE 802.1Q (virtual LAN) headers. It reads packets from a pcap file, removes the encapsulation protocol, and writes them in another pcap file.

Changes: This release has been ported to FreeBSD, and has better error messages and internal cleanup.
tags | tool, protocol
systems | unix
MD5 | b7800e5247ac77db4229d793515bb30b
Red Hat Security Advisory 2014-0229-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0229-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An information leak flaw was found in the way glance stored certain logging information. An attacker with access to the glance log files could use this flaw to obtain authentication credentials to the OpenStack Object Storage back end. Note that only setups using the swift back end were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-1948
MD5 | c5a4e399bbcad907b7ab5ed912fc0d1f
Red Hat Security Advisory 2014-0231-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0231-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.

tags | advisory, remote, info disclosure
systems | linux, redhat
advisories | CVE-2013-6419, CVE-2013-6437, CVE-2013-7048, CVE-2013-7130
MD5 | 83c5f4033581246d0631c979ef31f54a
CMS Made Simple XSS / CSRF / PHP Object Insertion
Posted Mar 4, 2014
Authored by Pedro Ribeiro

CMS made simple has several security problems including cross site scripting in the admin console, weak cross site request forgery protection, and a possible PHP object insertion via unserialize.

tags | advisory, php, xss, csrf
advisories | CVE-2014-0334
MD5 | bf4889f00b4e4595c78cdb4da9bc9140
Red Hat Security Advisory 2014-0230-01
Posted Mar 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0230-01 - MongoDB is a NoSQL database. A buffer over-read flaw was found in the way MongoDB handled BSON data. A database user permitted to insert BSON data into a MongoDB server could use this flaw to read server memory, potentially disclosing sensitive data. All mongodb users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6619
MD5 | 2d31e8f496e21f16e503f7e28c3cf32a
Slackware Security Advisory - gnutls Updates
Posted Mar 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0092
MD5 | d61450c97a7e42c65090775ad3e66c6a
Cory JobSearch 1.0 SQL Injection
Posted Mar 4, 2014
Authored by Slotleet

CoryApp Cory JobSearch suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0b2bdc4d147230fff545c1f916bfaa37
Calavera Uploader 3.5 Buffer Overflow
Posted Mar 4, 2014
Authored by Daniel La Calavera

Calavera Uploader version 3.5 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | 9b8e961e1f6339a61e5ae20e2aec50f5
Malware Analysis Part I
Posted Mar 4, 2014
Authored by Thomas Moller | Site 0x90.se

Malware Analysis Part I - This guide is the first part of a series of three where we begin with setting up the very foundation of a analysis environment; the analysis station. It will give the reader a quick recap in the different phases of malware analysis along with a few examples. It will then guide the reader in how to build an analysis station optimized for these phases. Along with this, the guide also introduces a workflow that will give the reader a good kick-start in performing malware analysis on a professional basis, not only on a technical level.

tags | paper, malware
MD5 | 70b62f61e4761da8c6c4292fcb1d60db
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close