accept no compromises
Showing 1 - 25 of 26 RSS Feed

Files Date: 2014-03-12

Busybox Statically Compiled With Ash
Posted Mar 12, 2014
Authored by Maximilian S Burkhardt, Denys Vlasenko | Site busybox.net

This is a statically compiled version of Busybox that contains multiple built-in utilities including the ash shell. It was created with forensics use cases in mind.

tags | tool, shell, forensics
MD5 | d71d2a6c0096776408d96f2ddd954333
Spring MVC 3.2.8 / 4.0.1 Cross Site Scripting
Posted Mar 12, 2014
Authored by Pivotal Security Team, Paul Wowk

Spring MVC suffers from a cross site scripting vulnerability. When a programmer does not specify the action on the Spring form, Spring automatically populates the action field with the requested uri. An attacker can use this to inject malicious content into the form. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.

tags | advisory, xss
advisories | CVE-2014-1904
MD5 | 8e45e90462d51aa79ab07c314995f4ce
Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion
Posted Mar 12, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Vtiger CRM versions 5.4.0, 6.0 RC, and 6.0.0 GA suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2014-1222
MD5 | e974f3405386d3ce676e7652f8d6cbf4
Procentia IntelliPen 1.1.12.1520 SQL Injection
Posted Mar 12, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

Procentia IntelliPen version 1.1.12.1520 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-2043
MD5 | cda2fd235cdec1902ca2a46d8aa68850
Drupal Webform Template 7.x Access Bypass
Posted Mar 12, 2014
Authored by Rick Manelius, theunraveler | Site drupal.org

Drupal Webform Template third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | 0c3a1d38d791f7418abe9530bb144114
Spring Security 3.2.1 / 3.1.5 Authentication Bypass
Posted Mar 12, 2014
Authored by Pivotal Security Team

The ActiveDirectoryLdapAuthenticator does not check the password length in Spring Security. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. Spring Security versions 3.2.0 through 3.2.1 and 3.1.0 through 3.1.5 are affected.

tags | advisory
advisories | CVE-2014-0097
MD5 | 16fb94e6372ab02b5b7a34920316ee44
Proxmox Mail Gateway 3.1 Cross Site Scripting
Posted Mar 12, 2014
Authored by William Costa

Proxmox Mail Gateway version 3.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c0519d69ea42339c99c311beae7c0d9b
Ruby Gem Arabic Prawn 0.0.1 Command Injection
Posted Mar 12, 2014
Authored by Larry W. Cashdollar

Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2014-2322
MD5 | b3975bf33d1b33dfd278e6017e8adc51
GNUpanel 0.3.5_R4 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 12, 2014
Authored by Necmettin COSKUN

GNUpanel version 0.3.5_R4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | ecf2ac5ee8ca2315bb1c70eef34f0bc2
Spring MVC 3.2.8 / 4.0.1 Incomplete Fix
Posted Mar 12, 2014
Authored by Pivotal Security Team, Spase Markovski

Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.

tags | advisory
advisories | CVE-2014-0054, CVE-2013-4152, CVE-2013-6429
MD5 | 1980eaf30d0f1250b46ce44e4a77d587
Open Classifieds 2-2.1.2 Cross Site Scripting
Posted Mar 12, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Open Classifieds version 2-2.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2024
MD5 | c7adba96fff0fc922f1c246498782147
VMware Security Advisory 2014-0002
Posted Mar 12, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0002 - VMware has updated vSphere third party libraries.

tags | advisory
advisories | CVE-2013-4332, CVE-2013-5211
MD5 | 6277f19772cb9b4af8706aead33870dd
Ubuntu Security Notice USN-2145-1
Posted Mar 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2145-1 - Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0017
MD5 | ed0e24190edad2306ebf52ea633ee668
Debian Security Advisory 2873-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2873-1 - Several vulnerabilities have been found in file, a file type classification tool.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2270
MD5 | 02e7d03f30445576af192b15e2c8f1b3
Ubuntu Security Notice USN-2143-1
Posted Mar 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2143-1 - Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. This issue only affected Ubuntu 13.10. Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6473, CVE-2013-6475, CVE-2013-6476, CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
MD5 | 7ec728d2353c1378cda892b8c041d8b4
Ubuntu Security Notice USN-2144-1
Posted Mar 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2144-1 - Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package incorrectly handled memory. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package did not restrict driver directories. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6476, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
MD5 | 0b4ee19bec63bc481688e0b06474db10
Red Hat Security Advisory 2014-0289-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0289-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-08, listed in the References section. A vulnerability was reported that could be used to bypass the same origin policy. A vulnerability was reported that could be used to read the contents of the clipboard.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2014-0503, CVE-2014-0504
MD5 | def31dc27a5b4e6ea03efab79e2fb08e
Red Hat Security Advisory 2014-0285-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory condition and, potentially, crash the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-2929, CVE-2013-4483, CVE-2013-4554, CVE-2013-6381, CVE-2013-6383, CVE-2013-6885, CVE-2013-7263
MD5 | 302f0e4f68804abdc33596d17985a27c
Red Hat Security Advisory 2014-0288-01
Posted Mar 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0288-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0092
MD5 | 98c89b4f6cdb28bf4a522253153c2076
Debian Security Advisory 2875-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2875-1 - Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.

tags | advisory, arbitrary, vulnerability
systems | linux, redhat, debian
advisories | CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
MD5 | 14b46ef6bfa25cab9ccf016aba6ead0c
Debian Security Advisory 2874-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2874-1 - Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-0467
MD5 | cfc2e4c47eff58b72a6654f0c7ec3889
Debian Security Advisory 2876-1
Posted Mar 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2876-1 - Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.

tags | advisory, arbitrary, vulnerability
systems | linux, redhat, debian
advisories | CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
MD5 | 53bace67786fdf61ef902bfa8e0173c5
ZyXEL P-660HN-T1A Authentication Bypass
Posted Mar 12, 2014
Authored by Michael Grifalconi

The ZyXEL P-660HN-T1A router suffers from an authentication bypass vulnerability. Version 3.40 (BYF.5) is affected.

tags | exploit, bypass
MD5 | 9d8beb9a491b805bf0539ce9def16a95
Mediawiki 1.18.0 Information Disclosure
Posted Mar 12, 2014
Authored by alejandr0.w3b.p0wn3r

Mediawiki version 1.18.0 suffers from a new file creation source path disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2014-1686
MD5 | 65e4558e5c4c74b5143917a74c08ca57
Linux perf_swevent_init Privilege Escalation
Posted Mar 12, 2014
Authored by Brad Spengler, Sorbo

This is a ROP exploit variant of the perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64.

tags | exploit, kernel, local, root
systems | linux
advisories | CVE-2013-2094
MD5 | e1430f6d2ca818b20a18208e482335a7
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close