all things security
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-04-14

Fwknop Port Knocking Utility 2.6.1
Posted Apr 14, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: When SPA packets are built with GnuPG, the fwknopd daemon now requires a valid GnuPG signature by default, and a new variable GPG_DISABLE_SIG was added for backwards compatibility (but using this is not a recommended configuration). A bug was fixed in fwknopd for a memory in SPA packet decryption when GnuPG is used. A new code coverage mode was added to the test suite to interface with the 'lcov' tool. Several other minor bugs were fixed.
tags | tool, scanner, vulnerability
systems | unix
MD5 | 7347e1c8eec9cc8a51966d35c52a36ea
Ubuntu Security Notice USN-2167-1
Posted Apr 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2167-1 - Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP addresses. An attacker could possibly exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, web, protocol
systems | linux, ubuntu
advisories | CVE-2014-0138, CVE-2014-0139
MD5 | b886ba23f33ddd081591ac1cb3642690
Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | cc88ecdb91a716104a78df1b3dd9c664
Red Hat Security Advisory 2014-0401-02
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2192, CVE-2013-4152, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | 4849d75300282602745f7c2369f2e14a
Ubuntu Security Notice USN-2166-1
Posted Apr 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2166-1 - Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A remote attacker could use this issue to cause the server to crash or to hang, resulting in a denial of service. It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-6151, CVE-2014-2284, CVE-2014-2285, CVE-2014-2310
MD5 | 2ad23c3c903048952d5679dab5341836
PDF Album 1.7 Local File Inclusion
Posted Apr 14, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PDF Album version 1.7 for iOS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
systems | apple, ios
MD5 | 0653a3f6263536c68cb4a66052674823
HP Insecure RPATH Use
Posted Apr 14, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 9.40 of HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux are affected.

tags | exploit
systems | linux
advisories | CVE-2013-6216
MD5 | 401a3c64d44816cbb03567f052a115fc
BMC Patrol For AIX Insecure RPATH Use
Posted Apr 14, 2014
Authored by Tim Brown | Site portcullis-security.com

It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 3.9.00 of BMC Patrol for AIX is affected.

tags | exploit
systems | aix
advisories | CVE-2014-2591
MD5 | 82e142ecb7429ecf312c0bc873447d0a
MS14-012 Internet Explorer CMarkup Use-After-Free
Posted Apr 14, 2014
Authored by Jean-Jamil Khalife

Microsoft Internet Explorer CMarkup use-after-free exploit that demonstrates the issue documented in MS14-012.

tags | exploit
advisories | CVE-2014-0322
MD5 | 1077418d8db83c59ad47bb2e1dbcd78b
Joomla BeaconDecode Cross Site Scripting
Posted Apr 14, 2014
Authored by Renzi

The Joomla BeaconDecode component suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 420d625b0d4d7c5e1ee2f05bbb6a3100
PHP Event Calendar SQL Injection
Posted Apr 14, 2014
Authored by Daniel Godoy

PHP Event Calendar suffers from a remote SQL injection vulnerability in day_view.php.

tags | exploit, remote, php, sql injection
MD5 | c54ee9c490adc4396e3a28fefa0b83f8
CMS Int24 SQL Injection
Posted Apr 14, 2014
Authored by Renzi

CMS Int24 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3d4ac24f7aca318fb047cf7c17cb1a5e
WordPress LineNity Local File Inclusion
Posted Apr 14, 2014
Authored by Felipe Andrian Peixoto

WordPress LineNity theme suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | ca892ca1e6f9f941ae8dd62f29a8d7be
PE Injection Explained
Posted Apr 14, 2014
Authored by Emeric Nasi

Whitepaper called PE Injection Explained. Injecting code into other process memory is generally limited to shellcodes, either to hide the shellcode from Antivirus or to inject a DLL. The method described here is more powerful and enables you to inject and run a complete PE module inside another process' memory, including the possibility to call any system or runtime API with plain C++. It relies only on documented features and C++, no assembly knowledge required.

tags | paper, shellcode
MD5 | cedbc89dcac3988de4c0f477137c827b
Joomla EWriting Cross Site Scripting
Posted Apr 14, 2014
Authored by Renzi

The Joomla EWriting component suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b129630013497fb00989abf898f4d7c2
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close