Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-03-17

Debian Security Advisory 2880-1
Posted Mar 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.

tags | advisory, python
systems | linux, debian
advisories | CVE-2013-4238, CVE-2014-1912
MD5 | 7fcd2b54485f6aa2f92a611bd4c1d7d2
Mandriva Linux Security Advisory 2014-063
Posted Mar 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-063 - A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process. A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has also been fixed.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4376
MD5 | d04dee72afa08bea4df3cf20c85fbe16
Mandriva Linux Security Advisory 2014-064
Posted Mar 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-064 - A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon.

tags | advisory, arbitrary, local, code execution
systems | linux, mandriva
advisories | CVE-2014-0004
MD5 | 74bceb17a64d31206247df6b5ee1e391
Mandriva Linux Security Advisory 2014-062
Posted Mar 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.

tags | advisory, arbitrary, perl, php, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893
MD5 | 167cace9ae510696dea0951b9e786d73
Slackware Security Advisory - php Updates
Posted Mar 17, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-1943
MD5 | 3d3ac8baa585a0f0ce8010b167522e4e
Red Hat Security Advisory 2014-0306-01
Posted Mar 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0306-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting attack on an application that uses data submitted by a user as parameters to the affected helpers. A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected.

tags | advisory, remote, web, denial of service, xss, ruby
systems | linux, redhat
advisories | CVE-2014-0081, CVE-2014-0082
MD5 | 2165282286e43fb494ca0b87573ab2ed
Red Hat Security Advisory 2014-0304-01
Posted Mar 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0304-01 - Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the user running mutt. All mutt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of mutt must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0467
MD5 | c940e434dc1975843d8d0ab2026b31da
Red Hat Security Advisory 2014-0305-01
Posted Mar 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0305-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | 12dc7ea867e1c2cff6d59aad29d1e59f
Ubuntu Security Notice USN-2149-1
Posted Mar 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2149-1 - It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2013-1881
MD5 | 77ff71c50c94d46fa0f639420183c268
Ubuntu Security Notice USN-2148-1
Posted Mar 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2148-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-2240, CVE-2014-2241
MD5 | 7725fb3628c1de3fdd03a2e2ad0c0261
Ubuntu Security Notice USN-2149-2
Posted Mar 17, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2149-2 - USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files. Various other issues were also addressed.

tags | advisory, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2013-1881
MD5 | 88eb78ddf549096e0a21c9f7dabb2584
Quantum DXi V1000 2.2.1 SSH Key / Root User
Posted Mar 17, 2014
Authored by xistence

Quantum DXi V1000 versions 2.2.1 and below come with a static private ssh key for the root account that allows you to ssh in as root to any appliance. They also have a static password set for the root user.

tags | exploit, root
MD5 | 99c963602d5b101ce619d77f1fe99256
Square 0.3.1 Cross Site Scripting
Posted Mar 17, 2014
Authored by Hossein Hezami

Square version 0.3.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 054428bb67e09696858e737f14c44b7d
HP-UX rlpdaemon Local .rhosts Append
Posted Mar 17, 2014
Authored by Namen Nescio

HP-UX rlpdaemon privilege escalation local exploit that appends junk, including localhost +, to .rhosts.

tags | exploit, denial of service, local
systems | hpux
MD5 | 93036929ad62ab0d2cafff2a2ede78fb
osCmax 2.5.x Cross Site Request Forgery
Posted Mar 17, 2014
Authored by TUNISIAN CYBER

osCmax version 2.5.x suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 22651303a3be15c4e1ba1d9b198b5eb3
Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key
Posted Mar 17, 2014
Authored by xistence

Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.

tags | exploit
MD5 | 37f891804293f83d99541b90c8134d6d
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    2 Files
  • 24
    Jun 24th
    1 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close