what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-04-16

SAP Router Password Timing Attack
Posted Apr 16, 2014
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - SAP Router is an application-level gateway used to connect systems in a SAP infrastructure. A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack.

tags | exploit, remote
advisories | CVE-2014-0984
SHA-256 | 67534b1aa55c4ebc99ebad2f7db41847f6e0a096fd1ef794897091693aa6aa8a
EMC Cloud Tiering Appliance XXE / Information Disclosure
Posted Apr 16, 2014
Site emc.com

EMC CTA is vulnerable to XML External Entity (XXE) and information disclosure vulnerabilities that may allow a remote malicious user to compromise the affected system. Affected includes EMC Cloud Tiering Appliance (CTA) versions 9.x, 10, and 10 SP1 and EMC File Management Appliance (FMA) version 7.x.

tags | advisory, remote, vulnerability, info disclosure, xxe
advisories | CVE-2014-0644, CVE-2014-0645
SHA-256 | af60406e0c07f546fc93a7c4e3a0eee9599dd22a265f47327d80f8c66dc24eac
Nmap Port Scanner 6.45
Posted Apr 16, 2014
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Added ssl-heartbleed script to detect the Heartbleed bug in OpenSSL. Various other additions and updates.
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
SHA-256 | 6feba861a1f1a854a992914e4afbc72c03891f12ee73e9d6c5711ef9858188d4
MobFox mAdserver 2.0 SQL Injection
Posted Apr 16, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

MobFox mAdserver version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-2654
SHA-256 | 469bad10763b6818af316c907c21b5437b0335df565f56c9356dd44dd0cce242
WinSCP 5.5.2.4130 Missing X.509 Validation
Posted Apr 16, 2014
Authored by Micha Borrmann | Site syss.de

WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.

tags | advisory
advisories | CVE-2014-2735
SHA-256 | c02e58412a1d791bba874a01d9d7de079487428a4d6386a5000a3a88f7464688
Ektron CMS 8.7 Cross Site Scripting
Posted Apr 16, 2014
Authored by Joseph Zeng Xianbo

Ektron CMS version 8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2729
SHA-256 | 9637b8b1c6742cd767c5158770127fe5062c9de9308e72ad987388ac7dba136b
HP Security Bulletin HPSBMU02999
Posted Apr 16, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02999 - A potential vulnerability exists in HP Autonomy WorkSite Server (on-premises software) running OpenSSL. The vulnerability can be exploited to allow remote disclosure of information. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2014-0160
SHA-256 | 2ade1a02b85d543c8f621e8b2e60d0f7b8765b928d4f613aee862c249d6eab42
HP Security Bulletin HPSBUX03001 SSRT101382
Posted Apr 16, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03001 SSRT101382 - A potential security vulnerability has been identified with the HP-UX Whitelisting (WLI) product. The vulnerability could be exploited locally resulting system integrity compromises. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2013-6219
SHA-256 | 78596eddae03b2808d1d687f1532841bc8f57158acba518fa16ac890d511a888
Debian Security Advisory 2905-1
Posted Apr 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2905-1 - Several vulnerabilities were discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2014-1716, CVE-2014-1717, CVE-2014-1718, CVE-2014-1719, CVE-2014-1720, CVE-2014-1721, CVE-2014-1722, CVE-2014-1723, CVE-2014-1724, CVE-2014-1725, CVE-2014-1726, CVE-2014-1727, CVE-2014-1728, CVE-2014-1729
SHA-256 | 3bf80668059e80d11bd10afabf17b49b4fd492b6b14c3f10e374498a3b0a0e39
Red Hat Security Advisory 2014-0408-01
Posted Apr 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0408-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | 88fddb9b9e3aaa8e057193e51a00d709088300825606820ee4b66f23f7eb4e0c
Red Hat Security Advisory 2014-0406-01
Posted Apr 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0406-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | 9eeb99798d9302f74aed1b19c1c8c066a1ef51f28dbc76f718791cb3ec0d1c6e
Red Hat Security Advisory 2014-0407-01
Posted Apr 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0407-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | ecb205450da7276a8a2a49d2dcf8d32d2b41e9fed07d44df3a1bf0874934225a
Debian Security Advisory 2907-1
Posted Apr 16, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2907-1 - This is an advance notice that regular security support for Debian GNU/Linux 6.0 (code name "squeeze") will be terminated on the 31st of May.

tags | advisory
systems | linux, debian
SHA-256 | a514183d2b22e9dfc9b1354e00b8dbcfe455c5a7ad09a40ced3b3b6d7c411bd9
Mandriva Linux Security Advisory 2014-078
Posted Apr 16, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-078 - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly. The updated packages has been upgraded to the 11.8.1 version which is not vulnerable to these issues.

tags | advisory, web, overflow
systems | linux, mandriva
advisories | CVE-2014-2286, CVE-2014-2287
SHA-256 | a0a04e709341076d8907ad13869e2a5dcf340db01df322e1f815939a498720fc
PCNetSoftware RAC Server 4.0.4 / 4.0.5 Denial Of Service
Posted Apr 16, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

PCNetSoftware RAC server versions 4.0.4 and 4.0.5 suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2014-2597
SHA-256 | 12bb65a7bc6783dea9e1ade46281f4de7f58d684482c5c0ea3f406da057f11bf
CMS Studio Cross Site Scripting
Posted Apr 16, 2014
Authored by Renzi

CMS Studio suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f33f9d853dd9b613db5cbd03c7aed249f72f61b514909503612db63af377ca1e
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
Posted Apr 16, 2014
Authored by juan vazquez, temp66, Jean-Jamil Khalife | Site metasploit.com

This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP.

tags | exploit
advisories | CVE-2014-0322
SHA-256 | 10fcb5c8d675a721b05ed3e69363ebeb92832f95ef6672333150a8c4b295da5e
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close