all things security
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-03-31

PhonerLite 2.14 Digest Information Leak
Posted Mar 31, 2014
Authored by Jason Ostrom

PhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party. After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials.

tags | exploit, spoof, info disclosure
advisories | CVE-2014-2560
MD5 | 0486dc8fe4cf0fd6ac1c020c7c62d834
EMC Cloud Tiering Appliance 10.0 XXE Injection
Posted Mar 31, 2014
Authored by Brandon Perry

EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included.

tags | exploit, proof of concept
MD5 | 5ef5ecf90114c6f005126aa0d09028a9
Vanctech File Commander 1.1 LFI / File Upload
Posted Mar 31, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Vanctech File Commander version 1.1 for iOS suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
systems | apple, ios
MD5 | bdaff7b22874ae6069ad4a82ece8e9c4
AlienVault 4.5.0 SQL Injection
Posted Mar 31, 2014
Authored by Brandon Perry

AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included.

tags | exploit, remote, sql injection, proof of concept
MD5 | 6c8650d544f8d947671316e7fab76a0e
PhotoWIFI Lite 1.0 Command Injection / LFI / File Upload
Posted Mar 31, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PhotoWIFI Lite version 1.0 for iOS suffers from command injection, local file inclusion, and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
systems | apple, ios
MD5 | 88b272304e6011e72c9b35e1f5d3e5f2
Debian Security Advisory 2891-1
Posted Mar 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2891-1 - Several vulnerabilities were discovered in MediaWiki, a wiki engine.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2031, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610
MD5 | b09f5c967e9cf501fd39740032b03258
Debian Security Advisory 2890-1
Posted Mar 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2890-1 - Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2014-0054, CVE-2014-1904
MD5 | 474ca2bc88ccaa6970f867eeb737c886
Red Hat Security Advisory 2014-0344-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0344-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0093
MD5 | 479dce0d3d5922d77ef759aff60a2f1b
Red Hat Security Advisory 2014-0342-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0342-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2013-7112, CVE-2013-7114, CVE-2014-2281, CVE-2014-2283, CVE-2014-2299
MD5 | d3eb343d9ab78e7dd073db397e7e2646
Red Hat Security Advisory 2014-0345-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0345-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0093
MD5 | 95308a7a6883db8786f3ac4ad62d4a22
Red Hat Security Advisory 2014-0343-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0343-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0093
MD5 | 09e6384db464688ea9f897333bfcbfa5
Red Hat Security Advisory 2014-0341-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0341-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3559, CVE-2013-4081, CVE-2013-4083, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112, CVE-2014-2281, CVE-2014-2299
MD5 | 7ef70a9e61bd973f82a14891299a8520
Red Hat Security Advisory 2014-0340-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0340-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.

tags | advisory
systems | linux, redhat
MD5 | 6b5b3aa55824b21309749b299747e3ed
Red Hat Security Advisory 2014-0339-01
Posted Mar 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0339-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-1860, CVE-2014-0055, CVE-2014-0092
MD5 | f0331f590830fdb46dbb9a21e14ae2ca
Debian Security Advisory 2891-2
Posted Mar 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2891-2 - In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2031, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610
MD5 | 253a4b9b0047c7c1d29127645e30d922
Immunity Hooking Script
Posted Mar 31, 2014
Authored by nrz | Site nullsecurity.net

This is an Immunity template plugin for function hooking while reverse engineering.

tags | tool
systems | unix
MD5 | 077dde4710a2e1939843d1b357add9e2
w3af Web Application Attack and Audit Framework 1.6
Posted Mar 31, 2014
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

Changes: Improved performance for scans. Better documentation. Improved quality.
tags | tool, remote, web, local, xss, sql injection, python, file inclusion
MD5 | 614242a2298466ab399630bc816b2b19
Primo CMS 6.2 Remote Command Execution
Posted Mar 31, 2014
Authored by Felipe Andrian Peixoto

Primo CMS version 6.2 suffers from a remote command injection vulnerability.

tags | exploit, remote
MD5 | cfcbb2971992728070136223544f30dd
Apache ModSecurity Chunked Request Bypass
Posted Mar 31, 2014
Authored by Martin Holst Swende

Apache ModSecurity versions prior to 2.7.6 appears to suffer from a filter evasion vulnerability via chunked requests.

tags | advisory, bypass
MD5 | 719f997d13b5e3279ff919e3f5bb11e3
Horde Webmail 5.1 Open Redirect
Posted Mar 31, 2014
Authored by Felipe Andrian Peixoto

Horde Webmail version 5.1 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 41a086bc828258d712166baf28979b44
Tor Timing Attack Proof Of Concept
Posted Mar 31, 2014
Authored by Jann Horn

This write up is a proof of concept end-to-end correlation for Tor connections using an active timing attack.

tags | paper, proof of concept
MD5 | 5ca8d02d1879930b83dfabcf15c06dc0
WordPress Js-Multi-Hotel 2.2.1 XSS / DoS / Disclosure / Abuse
Posted Mar 31, 2014
Authored by MustLive

WordPress Js-Multi-Hotel plugin version 2.2.1 suffers from cross site scripting, abuse of functionality, denial of service, and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | cbf6983c25cfcd9c51b58def73ef9795
AudioCoder 0.8.29 Memory Corruption
Posted Mar 31, 2014
Authored by sajith

AudioCoder version 0.8.29 memory corruption to code execution via SEH exploit.

tags | exploit, code execution
MD5 | c0da33b2e853f8d5afabcd45b387d6c4
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close