what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-03-12

Busybox Statically Compiled With Ash
Posted Mar 12, 2014
Authored by Maximilian S Burkhardt, Denys Vlasenko | Site busybox.net

This is a statically compiled version of Busybox that contains multiple built-in utilities including the ash shell. It was created with forensics use cases in mind.

tags | tool, shell, forensics
SHA-256 | ad78938a532173ac62ba2999a6361d901885ce4ddbd6a37f3f768f2cc722abb0
Spring MVC 3.2.8 / 4.0.1 Cross Site Scripting
Posted Mar 12, 2014
Authored by Pivotal Security Team, Paul Wowk

Spring MVC suffers from a cross site scripting vulnerability. When a programmer does not specify the action on the Spring form, Spring automatically populates the action field with the requested uri. An attacker can use this to inject malicious content into the form. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.

tags | advisory, xss
advisories | CVE-2014-1904
SHA-256 | 5eb5caff637b21acb3508f02276c5259beb463317ea4a478aa07494344d9cac9
Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion
Posted Mar 12, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Vtiger CRM versions 5.4.0, 6.0 RC, and 6.0.0 GA suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2014-1222
SHA-256 | 68bb2b327d28dcaab7ff85b53bd244a5fe0efd7356cb8bd9d362854e3ea37f26
Procentia IntelliPen 1.1.12.1520 SQL Injection
Posted Mar 12, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Procentia IntelliPen version 1.1.12.1520 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-2043
SHA-256 | d237b665954a8280a24d83ef911164191cc03a3ddd5ab615424806c3e0e8827a
Drupal Webform Template 7.x Access Bypass
Posted Mar 12, 2014
Authored by Rick Manelius, theunraveler | Site drupal.org

Drupal Webform Template third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 991b254f50145a2194cdc21de75fc10e6fb2bf1160c173eecc5c4684b19a0e45
Spring Security 3.2.1 / 3.1.5 Authentication Bypass
Posted Mar 12, 2014
Authored by Pivotal Security Team

The ActiveDirectoryLdapAuthenticator does not check the password length in Spring Security. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. Spring Security versions 3.2.0 through 3.2.1 and 3.1.0 through 3.1.5 are affected.

tags | advisory
advisories | CVE-2014-0097
SHA-256 | a6f710e75878a79eb3c98eb2f5253ae95ffd7b23d3f70f0cc3988a5e59e0213e
Proxmox Mail Gateway 3.1 Cross Site Scripting
Posted Mar 12, 2014
Authored by William Costa

Proxmox Mail Gateway version 3.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b5cdd7514d6723e88c9cfec4dc8e23e32547ae75076b1244b7f8b68d4c4efd15
Ruby Gem Arabic Prawn 0.0.1 Command Injection
Posted Mar 12, 2014
Authored by Larry W. Cashdollar

Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2014-2322
SHA-256 | c5f02d425c1722103bd1066865763a5f030b1a9c066ab94408f02e058557d56b
GNUpanel 0.3.5_R4 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 12, 2014
Authored by Necmettin COSKUN

GNUpanel version 0.3.5_R4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | ef7d1104b64f8ef1d918d4be53d8efea3fe7f3d2335cf23809f1a354967fbc99
Spring MVC 3.2.8 / 4.0.1 Incomplete Fix
Posted Mar 12, 2014
Authored by Pivotal Security Team, Spase Markovski

Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.

tags | advisory, xxe
advisories | CVE-2014-0054, CVE-2013-4152, CVE-2013-6429
SHA-256 | 99a8ad7c850c897b9d19d09b3e771b91512dc689e5f940a3f5f0bfee478e8189
Open Classifieds 2-2.1.2 Cross Site Scripting
Posted Mar 12, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Open Classifieds version 2-2.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2024
SHA-256 | 4dc1de714413c133bd1b7430360726a9540c43f5db23325bd1f8997da9f5bff1
VMware Security Advisory 2014-0002
Posted Mar 12, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0002 - VMware has updated vSphere third party libraries.

tags | advisory
advisories | CVE-2013-4332, CVE-2013-5211
SHA-256 | f68785a86cf03bdcb6949e31e03b46c73a1eada57e4d11d2ee15b03dcb905f3f
Ubuntu Security Notice USN-2145-1
Posted Mar 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2145-1 - Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0017
SHA-256 | 95ffe26d0a11f3ae9be74f1583d0260e5c4fc05fe38a93d7c1bc3a7d8e7d3e3a
Debian Security Advisory 2873-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2873-1 - Several vulnerabilities have been found in file, a file type classification tool.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2270
SHA-256 | c2bf451d0b46c8fcb229f218a01ef4754b2b29f78fd5d1334ba90adc167e6302
Ubuntu Security Notice USN-2143-1
Posted Mar 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2143-1 - Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. This issue only affected Ubuntu 13.10. Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6473, CVE-2013-6475, CVE-2013-6476, CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
SHA-256 | 0fcaac0c7d5e406a33a77a223f1bc02a072b433a7ee654d7d276ca3f7f2d276a
Ubuntu Security Notice USN-2144-1
Posted Mar 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2144-1 - Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package incorrectly handled memory. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package did not restrict driver directories. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6476, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
SHA-256 | 1ba295385400a0e23f182c93b3934e2160b4ad0c56f428f457e3f4064d898b72
Red Hat Security Advisory 2014-0289-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0289-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-08, listed in the References section. A vulnerability was reported that could be used to bypass the same origin policy. A vulnerability was reported that could be used to read the contents of the clipboard.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2014-0503, CVE-2014-0504
SHA-256 | 9a925a1b92a21562dc22ed56324bc7513d10b455781a1f25b144272087491575
Red Hat Security Advisory 2014-0285-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory condition and, potentially, crash the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-4483, CVE-2013-4554, CVE-2013-6381, CVE-2013-6383, CVE-2013-6885, CVE-2013-7263
SHA-256 | a11eda61dbcf728addd1377584ae2b396b052364c5d94383cdb60ead21539012
Red Hat Security Advisory 2014-0288-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0288-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0092
SHA-256 | 0a170a8ff50ca1817d8dbb1bf5337a87577fa4be6ead12ecab8af5254403d619
Debian Security Advisory 2875-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2875-1 - Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.

tags | advisory, arbitrary, vulnerability
systems | linux, redhat, debian
advisories | CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
SHA-256 | 73c6f6fedc39fbf350b6bb3b7d31490dfad13c3f44e3dc9903260c66ef25b17a
Debian Security Advisory 2874-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2874-1 - Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-0467
SHA-256 | 85bfbaabb146c53fdaad1274b54b8cb239279509ec7b02d61d4874281a016f89
Debian Security Advisory 2876-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2876-1 - Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.

tags | advisory, arbitrary, vulnerability
systems | linux, redhat, debian
advisories | CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
SHA-256 | ad6a0d806e07d3d10c95239ddcb188c5630de51fb39bd67800ecbb284553b581
ZyXEL P-660HN-T1A Authentication Bypass
Posted Mar 12, 2014
Authored by Michael Grifalconi

The ZyXEL P-660HN-T1A router suffers from an authentication bypass vulnerability. Version 3.40 (BYF.5) is affected.

tags | exploit, bypass
SHA-256 | f18e9d48f0d20a07656d3b22913991bd93f4912ae2a287f14366f2b140bf48fe
Mediawiki 1.18.0 Information Disclosure
Posted Mar 12, 2014
Authored by alejandr0.w3b.p0wn3r

Mediawiki version 1.18.0 suffers from a new file creation source path disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2014-1686
SHA-256 | 5675a27b5908d6b27fa04c43090945ec656da5d0db68fcd7d5da9bbfe406ac0a
Linux perf_swevent_init Privilege Escalation
Posted Mar 12, 2014
Authored by Brad Spengler, Sorbo

This is a ROP exploit variant of the perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
SHA-256 | f2e2d43cd1b1f6062d1700da019b5cc1e08dbf07427dcb52fc47281b57ddf45f
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close