seeing is believing
Showing 1 - 25 of 31 RSS Feed

Files Date: 2014-04-09

Sophos Web Protection Appliance Command Execution
Posted Apr 9, 2014
Authored by Brandon Perry | Site metasploit.com

This Metasploit module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password hash, the module updates the password to login as the admin to reach the second vulnerability. No server-side sanitization is done on values passed when configuring a static network interface. This allows an administrator user to run arbitrary commands in the context of the web application, which is root when configuring the network interface. This Metasploit module will inadvertently delete any other users that may have been present as a side effect of changing the admin's password.

tags | exploit, remote, web, arbitrary, root, vulnerability, code execution
MD5 | 30d93627ab082757dcb5714fd36a9c41
FreeBSD Security Advisory - OpenSSL Issues
Posted Apr 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

tags | advisory, vulnerability
systems | freebsd
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 8a77a029dc414dcdc8e56eaed517058b
FreeBSD Security Advisory - NFS Server Deadlock
Posted Apr 9, 2014
Authored by Rick Macklem | Site security.freebsd.org

FreeBSD Security Advisory - The Network File System (NFS) allows a host to export some or all of its file systems so that other hosts can access them over the network and mount them as if they were on local disks. FreeBSD includes both server and client implementations of NFS. The kernel holds a lock over the source directory vnode while trying to convert the target directory file handle to a vnode, which needs to be returned with the lock held, too. This order may be in violation of normal lock order, which in conjunction with other threads that grab locks in the right order, constitutes a deadlock condition because no thread can proceed. An attacker on a trusted client could cause the NFS server become deadlocked, resulting in a denial of service.

tags | advisory, denial of service, kernel, local
systems | freebsd
advisories | CVE-2014-1453
MD5 | c5cc5bd2d9b6638b99872d4bcc30b466
GNUnet P2P Framework 0.10.1
Posted Apr 9, 2014
Authored by Christian Grothoff | Site ovmj.org

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

Changes: This release contains the first release of GNUnet-java for the 0.10.x-series. It improves the documentation, including significant extensions to the Java developer tutorial. Various bugs that resulted in peer-to-peer connections failing and various crashes were fixed.
tags | tool, web, udp, tcp, peer2peer
systems | unix
MD5 | b1171f038473f8eb7fe86db138624ff7
XCloner Standalone 3.5 Cross Site Request Forgery
Posted Apr 9, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

XCloner Standalone version 3.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-2579
MD5 | 980819a1f8b04337554cd7137c06189c
CodeCrypt 1.6
Posted Apr 9, 2014
Site github.com

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds lots of new ciphers (made from ChaCha20 and provably-secure XSYND), adds support for symmetric encryption (for large files), removes some obsolete RC4 usage, and adds some convenience features.
tags | tool, encryption
systems | unix
MD5 | 1711502b19db59d530f7ed5788734408
Heartbleed TLS/DTLS Information Leak
Posted Apr 9, 2014
Authored by prdelka

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics. The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length. The vulnerability occurs due to bounds checking not being performed on a heap value which is user supplied and returned to the user as part of DTLS/TLS heartbeat SSL extension. All versions of OpenSSL 1.0.1 to 1.0.1f are known affected. You must run this against a target which is linked to a vulnerable OpenSSL library using DTLS/TLS.

Changes: Multiple bug fixes have been added since the first release. Please ensure you have the latest copy.
tags | exploit
advisories | CVE-2014-0160
MD5 | 1fcb27d5626960bf7954eecbb97b6a10
Cisco Security Advisory 20140409-asa
Posted Apr 9, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Adaptive Security Appliance (ASA) Software is affected by privilege escalation, denial of service, and authentication bypass vulnerabilities. These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities.

tags | advisory, denial of service, vulnerability, bypass
systems | cisco
advisories | CVE-2014-0160
MD5 | a781be3aaa48e0d433ad40b1e924ed85
Cisco Security Advisory 20140409-heartbleed
Posted Apr 9, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension. An attacker could exploit this vulnerability by implementing a malicious TLS or Datagram Transport Layer Security (DTLS) client, if trying to exploit the vulnerability on an affected server, or a malicious TLS or DTLS server, if trying to exploit the vulnerability on an affected client. An exploit could send a specially crafted TLS or DTLS heartbeat packet to the connected client or server. An exploit could allow the attacker to disclose a limited portion of memory from a connected client or server for every heartbeat packet sent. The disclosed portions of memory could contain sensitive information that may include private keys and passwords. Cisco is currently investigating its product line to determine which products may be affected by this vulnerability and the impact on the affected product. This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

tags | advisory, remote, vulnerability
systems | cisco
MD5 | bd101f979ba03e48ed7a96d95c3b863a
Mandriva Linux Security Advisory 2014-067
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-067 - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-0076
MD5 | 75101ad8cfc951d035959f7c4ed1b87a
Slackware Security Advisory - openssl Updates
Posted Apr 9, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 8c14c9bec9d43e48de87d8ee618d6fd2
Red Hat Security Advisory 2014-0380-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0380-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
MD5 | 677ef7cab470fd6bbf9d178f77d9ece5
Red Hat Security Advisory 2014-0389-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0389-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. XStream is a simple library used by the Red Hat Enterprise Virtualization reports package to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-7285
MD5 | f26c977cfb4242aab5164a4053d7ad2f
Red Hat Security Advisory 2014-0383-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0383-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-6150, CVE-2013-4496, CVE-2013-6442
MD5 | 9801c5ac35f9ea6c1c5d12214ed3e0fa
Red Hat Security Advisory 2014-0382-01
Posted Apr 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0382-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2014-0105
MD5 | 69209937d885f8d095930968b12cf66e
Debian Security Advisory 2898-1
Posted Apr 9, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2898-1 - Several buffer overflows were found in Imagemagick, a suite of image manipulation programs. Processing malformed PSD files could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-1947, CVE-2014-1958, CVE-2014-2030
MD5 | 003072b27beb63fd931a79b8acfe0a6a
Mandriva Linux Security Advisory 2014-073
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-073 - The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-7345
MD5 | 76a28dad2871d6d2a208ab23eee47f1f
Mandriva Linux Security Advisory 2014-070
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-070 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, mandriva
advisories | CVE-2013-6393, CVE-2014-2525
MD5 | 433d7383870da24a01d6adc1f108f4be
Mandriva Linux Security Advisory 2014-072
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-072 - XML eXternal Entity flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity attacks. Using the Consumer component of Zend_OpenId, it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2681, CVE-2014-2682, CVE-2014-2683, CVE-2014-2684, CVE-2014-2685
MD5 | a0fc06506332c62cd108af5fe5e35832
Mandriva Linux Security Advisory 2014-071
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-071 - Updated yaml package fixes security vulnerability. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2525
MD5 | 8f84536f636dd2a174e76c6fa299d98a
Mandriva Linux Security Advisory 2014-069
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-069 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. The perl-YAML-LibYAML package is being updated as it contains an embedded copy of LibYAML.

tags | advisory, remote, overflow, arbitrary, perl
systems | linux, redhat, mandriva
advisories | CVE-2013-6393, CVE-2014-2525
MD5 | 3b3ef2b8dc99c854135c54e00277d9a9
Mandriva Linux Security Advisory 2014-068
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-068 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-2532, CVE-2014-2653
MD5 | 9a7f2f79a175a9f3638664f7698b9090
Orbit Open Ad Server 1.1.0 SQL Injection
Posted Apr 9, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Orbit Open Ad Server version 1.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-2540
MD5 | 8659f3da8e0b375807ec20e70b91e029
TLS Heartbeat Proof Of Concept
Posted Apr 9, 2014
Authored by Jared Stafford, Csaba Fitzl

OpenSSL TLS Heartbeat extension memory disclosure proof of concept. Expansion of the original exploit from Jared Stafford - this one supports multiple SSL/TLS versions.

tags | exploit, proof of concept
advisories | CVE-2014-0160
MD5 | a3f9f0f2c78e2db7edb3c9b76c7c2c30
Trixbox 2.8.0.4 Cross Site Scripting
Posted Apr 9, 2014
Authored by W1ckerMan

Trixbox version 2.8.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ec34e2641bd71868d58cd5dcc146e91e
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close