Exploit the possiblities
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-03-11

Oracle VirtualBox 3D Acceleration Memory Corruption
Posted Mar 11, 2014
Authored by Core Security Technologies, Andres Blanco, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2014-0981, CVE-2014-0982, CVE-2014-0983
MD5 | e64c663a75df61c063ab412dac73acc8
Apple Facetime Information Disclosure
Posted Mar 11, 2014
Authored by Guillaume Ross

Facetime allows video calls for iOS. Facetime-Audio, added in iOS 7, allows audio only calls. The audio version uses a vulnerable URL scheme which is not used by Facetime Video. The URL Scheme used for Facetime-Audio allows a website to establish a Facetime-audio call to the attacker's account, revealing the phone number or email address of the user browsing the site. This was fixed in iOS 7.1.

tags | exploit, info disclosure
systems | apple, ios
advisories | CVE-2013-6835
MD5 | b7f5a2e1650c60e8d9f5a015da9b2261
Microsoft Security Bulletin Summary For March, 2014
Posted Mar 11, 2014
Site microsoft.com

This bulletin summary lists five released Microsoft security bulletins for March, 2014.

tags | advisory
MD5 | 3df156938345d5057ccd324e94d19c26
Apple TV Touch Password Disclosure
Posted Mar 11, 2014
Authored by David Shuetz

Apple TV had an issue where it was logging a user's Apple ID and password via debug output in logs.

tags | exploit, info disclosure
systems | apple
advisories | CVE-2014-1279
MD5 | 4b858d649b50bb6ec52a6cf7af7aac8f
HP Security Bulletin HPSBUX02976 SSRT101236
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02976 SSRT101236 - A potential security vulnerability has been identified with HP-UX running NFS rpc.lockd. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2013-6209
MD5 | 862e06f04ea5147130df8745f36ff611
HP Security Bulletin HPSBMU02948
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02948 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4167, CVE-2012-4168, CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555
MD5 | 718badcb4d285b73620eb41b7e40f4f9
HP Security Bulletin HPSBMU02947
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02947 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in disclosure of information or cross-site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, vulnerability, csrf
systems | linux, windows
advisories | CVE-2013-4846, CVE-2013-6188
MD5 | 9005e15d59f7c4b1acb71d278c0ec009
Slackware Security Advisory - udisks, udisks2 Updates
Posted Mar 11, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New udisks and udisks2 packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0004
MD5 | 7168d8c442d8c1b350cc985d696aa7bc
Red Hat Security Advisory 2014-0284-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0284-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, local, udp, tcp, protocol
systems | linux, redhat
advisories | CVE-2013-2851, CVE-2013-4387, CVE-2013-4470, CVE-2013-4591, CVE-2013-6367, CVE-2013-6368, CVE-2013-6381
MD5 | f194ea2b693f4f89a7e22f4a7e80da9a
Red Hat Security Advisory 2014-0215-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0215-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164, CVE-2014-0057, CVE-2014-0081, CVE-2014-0082
MD5 | e1a7d0c7e42e3692cd8b570e480fe9c5
The Art Of Stealth Scanning
Posted Mar 11, 2014
Authored by Fardin Allahverdinazhand

This is a whitepaper called the Art of Stealth Scanning. It is written in Persian.

tags | paper
MD5 | aa52196ed35b1a79dd6ab972a5d542ec
Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow
Posted Mar 11, 2014
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.

tags | exploit, overflow
systems | windows, xp
MD5 | fa606c143dc35c833d9e127d7caf9581
Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow
Posted Mar 11, 2014
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKBCopyD.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3.

tags | exploit, overflow
systems | windows, xp
MD5 | 20bd11007145962fba07664161789cde
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140309
Posted Mar 11, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release bumps tor to version 0.2.4.21 and the kernel to 3.13.5 plus Gentoo's hardened-patches. All other components are kept at the same versions as the previous release. It also adds haveged, a daemon to help generate entropy on diskless systems, for a more cryptographically sound system. Testing shows that previous versions of tor-ramdisk were operating at near zero entropy, while haveged easily keeps the available entropy close to 9000 bits. Upgrading is strongly encouraged.
tags | tool, kernel, peer2peer
systems | linux
MD5 | c7a0aaf77c27eeca4a06b8ea374c1c10
Apple Security Advisory 2014-03-10-2
Posted Mar 11, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-03-10-2 - Apple TV 6.1 is now available and addresses information disclosure, date checking failure, buffer overflow, and various other vulnerabilities.

tags | advisory, overflow, vulnerability, info disclosure
systems | apple
advisories | CVE-2012-2088, CVE-2013-2909, CVE-2013-2926, CVE-2013-2928, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5228, CVE-2013-6625, CVE-2013-6629, CVE-2013-6635, CVE-2014-1267, CVE-2014-1269, CVE-2014-1270, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1275, CVE-2014-1278, CVE-2014-1279, CVE-2014-1280, CVE-2014-1282, CVE-2014-1287, CVE-2014-1289, CVE-2014-1290, CVE-2014-1291
MD5 | 2ae769d091c598fa675a26195864d9a6
Apple Security Advisory 2014-03-10-1
Posted Mar 11, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-03-10-1 - iOS 7.1 is now available and addresses multiple security vulnerabilities.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2012-2088, CVE-2013-2909, CVE-2013-2926, CVE-2013-2928, CVE-2013-5133, CVE-2013-5196, CVE-2013-5197, CVE-2013-5198, CVE-2013-5199, CVE-2013-5225, CVE-2013-5227, CVE-2013-5228, CVE-2013-6625, CVE-2013-6629, CVE-2013-6635, CVE-2013-6835, CVE-2014-1252, CVE-2014-1267, CVE-2014-1269, CVE-2014-1270, CVE-2014-1271, CVE-2014-1272, CVE-2014-1273, CVE-2014-1274, CVE-2014-1275, CVE-2014-1276, CVE-2014-1277, CVE-2014-1278
MD5 | 70cda4a52a9f31c8130129c0ed9c6957
Lynis Auditing Tool 1.4.5
Posted Mar 11, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds additional support for Chakra Linux, the pacman package manager, and checks for installed packages. It has some improvements regarding the color scheme, logging, PAM modules, and enhanced support for Solaris.
tags | tool, scanner
systems | unix
MD5 | 79cf75785361efbc1d361616204c18d0
CodeCrypt 1.5
Posted Mar 11, 2014

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds hashfiles and several speed and user interface improvements.
tags | tool, encryption
systems | unix
MD5 | e42dade5899760c55481eb4576e3856c
Asterisk Project Security Advisory - AST-2014-004
Posted Mar 11, 2014
Authored by Mark Michelson, Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's handling of SUBSCRIBE requests. If a SUBSCRIBE request is received for the presence Event, and that request has no Accept headers, Asterisk will attempt to access an invalid pointer to the header location. Note that this issue was fixed during a re-architecture of the res_pjsip_pubsub module in Asterisk 12.1.0. As such, this issue has already been resolved in a released version of Asterisk. This notification is being released for users of Asterisk 12.0.0.

tags | advisory
advisories | CVE-2014-2289
MD5 | f9984c9c3245f1133638fada061a2940
Asterisk Project Security Advisory - AST-2014-003
Posted Mar 11, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the "qualify_frequency" configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.

tags | advisory, remote
advisories | CVE-2014-2288
MD5 | dd6a6ccd5211873a753b83153d64e8d6
Asterisk Project Security Advisory - AST-2014-002
Posted Mar 11, 2014
Authored by Kinsey Moore, Colin Farrell | Site asterisk.org

Asterisk Project Security Advisory - An attacker can use all available file descriptors using SIP INVITE requests, which can result in a denial of service.

tags | advisory, denial of service
advisories | CVE-2014-2287
MD5 | 3d76dd3c52bb750a6281fbfa6dff8ae1
Asterisk Project Security Advisory - AST-2014-001
Posted Mar 11, 2014
Authored by Richard Mudgett, Lucas Molas, Dr. Manuel Sadosky | Site asterisk.org

Asterisk Project Security Advisory - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

tags | advisory, web, overflow
advisories | CVE-2014-2286
MD5 | e6bbe4e2d49a4866b570f2440dae92de
Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalation
Posted Mar 11, 2014
Authored by LiquidWorm | Site zeroscience.mk

Huawei Technologies eSpace Meeting Service version 1.0.0.23 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 78fdaef64ef3fe6cc8eb6c563d789994
WordPress LayerSlider 4.6.1 CSRF / Traversal
Posted Mar 11, 2014
Authored by Akastep

WordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
MD5 | c8817a417f940dc5c706240eeb452e98
HP Security Bulletin HPSBGN02970
Posted Mar 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02970 - Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2010-4008, CVE-2010-4494, CVE-2011-2182, CVE-2011-2213, CVE-2011-2492, CVE-2011-2518, CVE-2011-2689, CVE-2011-2723, CVE-2011-3188, CVE-2011-4077, CVE-2011-4110, CVE-2012-0058, CVE-2012-0879, CVE-2012-1088, CVE-2012-1179, CVE-2012-2137, CVE-2012-2313, CVE-2012-2372, CVE-2012-2373, CVE-2012-2375, CVE-2012-2383, CVE-2012-2384, CVE-2013-6205, CVE-2013-6206
MD5 | c2d608f9e9d50c7f6de2082d32f781db
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close