what you don't know can hurt you
Showing 1 - 24 of 24 RSS Feed

Files Date: 2014-03-14

Free Download Manager 3.x Buffer Overflow
Posted Mar 14, 2014
Authored by Julien Ahrens | Site rcesecurity.com

Free Download Manager versions 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and possibly others are affected by a stack-based buffer overflow vulnerability. Proof of concept code included.

tags | exploit, overflow, proof of concept
advisories | CVE-2014-2087
MD5 | 320bc871522b546403d5b3540eed9cd9
SeedDMS XSS / Traversal / Shell Upload
Posted Mar 14, 2014
Authored by Craig Arendt

SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, file inclusion
advisories | CVE-2014-2278, CVE-2014-2279, CVE-2014-2280
MD5 | 2e486461aaf9db3ee80286e2e95e9f54
HP Security Bulletin HPSBMU02975
Posted Mar 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02975 - A potential security vulnerability has been identified in HP Smart Update Manager for Linux version 5.3.5. The vulnerability could be exploited to allow an elevation of privileges on the target system. Revision 1 of this advisory.

tags | advisory
systems | linux
advisories | CVE-2013-6208
MD5 | a407e7e6a29737646dc9d68b02c2598a
MicroP 0.1.1.1600 Buffer Overflow
Posted Mar 14, 2014
Authored by Necmettin COSKUN

MicroP version 0.1.1.1600 local stack buffer overflow exploit.

tags | exploit, overflow, local
MD5 | 7be0a779bcf14569f786d321711ef42a
WatchGuard XTM 11.8 Cross Site Scripting
Posted Mar 14, 2014
Authored by William Costa

WatchGuard XTM version 11.8 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1cd511d713cba873297b5c021c5422e1
HP Security Bulletin HPSBMU02967
Posted Mar 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02967 - A potential security vulnerability has been identified with HP Unified Functional Testing Running on Windows. This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2013-6210
MD5 | e43c2396b725677e0e8597e5b29a4ecd
Red Hat Security Advisory 2014-0294-01
Posted Mar 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0294-01 - XStream is a simple library to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not contain the vulnerable XStream library and is not vulnerable to CVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who installed an optional S-RAMP distribution as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285
MD5 | 475899d13d08e5138c99e90491d11086
Red Hat Security Advisory 2014-0293-01
Posted Mar 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0293-01 - The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon. This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

tags | advisory, overflow, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2014-0004
MD5 | c8cd2c5271afe40c4e2f598fa3957248
Red Hat Security Advisory 2014-0292-01
Posted Mar 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0292-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This could allow them to modify configuration values, as well as read and write any data the directory holds.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2014-0132
MD5 | e3bb7f6f23ac2df730b786b14a3623a8
Gentoo Linux Security Advisory 201403-04
Posted Mar 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-4 - A vulnerability in QXmlSimpleReader class can be used to cause a Denial of Service condition. Versions less than 4.8.5-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-4549
MD5 | e28a26e4e1b8cfa87558f4196ccaf00d
Mandriva Linux Security Advisory 2014-061
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-061 - It was found that comments in /etc/users.oath could prevent one-time-passwords from being invalidated, leaving the OTP vulnerable to replay attacks.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-7322
MD5 | 4d94a410ec4a331c341fc174694dce2a
Mandriva Linux Security Advisory 2014-060
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-060 - Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl. The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login.

tags | advisory, web, perl
systems | linux, mandriva
advisories | CVE-2013-4279, CVE-2014-2014
MD5 | dc91e85cd09740eb24207d0339f140db
Mandriva Linux Security Advisory 2014-059
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2013-7327, CVE-2014-1943, CVE-2014-2270
MD5 | 10f0b2029163f23eeb2c046e98bb08b8
Slackware Security Advisory - samba Updates
Posted Mar 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4496, CVE-2013-6442
MD5 | bac6257748cb2b0f42534ac6fb13ed49
Debian Security Advisory 2879-1
Posted Mar 14, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2879-1 - It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the recovery of the private key.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0017
MD5 | 6232464bf06f0084520acfa8ce1a630e
Mandriva Linux Security Advisory 2014-058
Posted Mar 14, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-058 - SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlm_pap module if the password source uses an unusually long hashed password.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-2015
MD5 | f9c1f400c4325f84d09391a913c308b5
Gentoo Linux Security Advisory 201403-03
Posted Mar 14, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-3 - A vulnerability in file could result in Denial of Service. Versions less than 5.17 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-1943
MD5 | 0ada6a3a2787d19606195418a06c579f
Ubuntu Security Notice USN-2147-1
Posted Mar 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2147-1 - Beatrice Torracca and Evgeni Golov discovered a buffer overflow in mutt while expanding addresses when parsing email headers. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking mutt.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0467
MD5 | 967d8552e03996dd852abc09162eb202
Slackware Security Advisory - mutt Updates
Posted Mar 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mutt packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0467
MD5 | 758be33333bff584e266c8b82342bba5
Joomla AJAX Shoutbox SQL Injection
Posted Mar 14, 2014
Authored by Ibrahim Raafat

Joomla AJAX Shoutbox suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e04f9d450355f48c71f33d2f6a92cf2e
Trixbox Pro Remote Command Execution
Posted Mar 14, 2014
Authored by i-Hmx

Trixbox Pro suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | bc822244643d8e2c9b8b53e439980f26
iOS 7 Arbitrary Code Execution
Posted Mar 14, 2014
Authored by Andy Davis | Site nccgroup.com

iOS 7 suffered from an arbitrary code execution vulnerability in kernel mode.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2014-1287
MD5 | e104beb46b23cf9a52320b572c270924
OS X / Safari / Firefox REGEX Denial Of Service
Posted Mar 14, 2014
Authored by Maksymilian Arciemowicz | Site cxsecurity.com

Mac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp().

tags | exploit, denial of service
systems | apple, osx
advisories | CVE-2010-4051, CVE-2010-4052, CVE-2011-3336
MD5 | 88c2401f212d47291e03a6841a990296
GNUboard SQL Injection
Posted Mar 14, 2014
Authored by Claepo Wang

GNUboard suffers from a remote SQL injection vulnerability in ajax.autosave.php.

tags | exploit, remote, php, sql injection
MD5 | b7a2e598232a7cfa64432d76a76743b5
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close