what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2014-04-28

HP Security Bulletin HPSBUX02963 SSRT101297 2
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02963 SSRT101297 2 - A potential security vulnerability has been identified with HP-UX's m4(1) macro processor command. The vulnerability could be exploited locally resulting in unauthorized access. Revision 2 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2013-6200
SHA-256 | 59c2099bd84ba67d08b22cdb56812971e7ee08d98025ea91319d22b2fd53b979
SAP Software Lifecycle Manager Information Disclosure
Posted Apr 28, 2014
Authored by Nahuel D. Sanchez | Site onapsis.com

Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.

tags | advisory, info disclosure
SHA-256 | 66175ddf4ff1b483f9589574588c2c2d8333d5951f8f26a85a6a946dc17690be
TRENDnet TEW-634GRU 1.00.23 Disclosure / DoS / Privilege Escalation
Posted Apr 28, 2014
Authored by SirGod

TRENDnet TEW-634GRU version 1.00.23 suffers from local file disclosure, router crash, and privilege escalation vulnerabilities.

tags | exploit, local, vulnerability
SHA-256 | 38342dcf82a4e158add2c032f5e76a186438778accbb57fe5bb4c316489090c3
NTP DDoS Amplification
Posted Apr 28, 2014
Authored by Danilo PC

NTP ntpd monlist query reflection denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2013-5211
SHA-256 | fc458431c984a824aac0863ef7422ed300c3dc830b42f819b52b5db6f76ba518
McAfee ePolicy Owner (ePowner) 0.1
Posted Apr 28, 2014
Authored by Jerome Nokin

McAfee ePolicy Owner (ePowner) version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5.

tags | exploit, arbitrary
systems | unix
advisories | CVE-2013-0140, CVE-2013-0141
SHA-256 | 0d651b0edd706e44bde243c2797b7f496490b9316136b12f61d3d2aa3d0e1523
SEP Manager 12.1.2015.2015 Overflow Proof Of Concept
Posted Apr 28, 2014
Authored by Jerome Nokin

Symantec Endpoint Protection Manager version 12.1.2015.2015 SEH overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
systems | unix
advisories | CVE-2013-1612
SHA-256 | 8bee128e1781c61bead3c3b0efa4f85a7a42194ff51d0beaf8d2d0e973d01216
HP Security Bulletin HPSBMU03022
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 7c7a616ea0bc1d238574c012deee840077e6027ee20c991b2e71a95cc720bf18
HP Security Bulletin HPSBMU03025
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03025 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 347c3c86c55fb210fc9799ac5fef38c3c769fb03d47928b50b4baa56fdb9121f
HP Security Bulletin HPSBGN03010 2
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03010 2 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 5d03cfbf9506cfa5ffba29cb25add2ed339e9a76c30ccf4b7e8a326e25adf64b
HP Security Bulletin HPSBMU02995 6
Posted Apr 28, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02995 6 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | a16128da2b79c4167b73519c5aa603028d61b3670cd39f820ab4f7d536462f45
Debian Security Advisory 2917-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2917-1 - John Lightsey of the Debian Security Audit project discovered that the super package did not check for setuid failures, allowing local users to increase the privileges on kernel versions which do not guard against RLIMIT_NPROC attacks.

tags | advisory, kernel, local
systems | linux, debian
advisories | CVE-2014-0470
SHA-256 | e0476131e071183f506462ecceda9739dfc04884d9904a2c1bdd34573468feae
Debian Security Advisory 2916-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2916-1 - Alex Chapman discovered that a buffer overflow in processing "MMS over HTTP" messages could result in the execution of arbitrary code.

tags | advisory, web, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-2892
SHA-256 | b98c02efa33ad151d06db39badeaf7597e398a418c2631e736133f390348bf39
Debian Security Advisory 2915-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2915-1 - Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0471
SHA-256 | 859d36f5c8dbbb0f25181d9f7ae180b3b816a16350c962858405417b686e0242
Red Hat Security Advisory 2014-0441-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0441-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2013-6445
SHA-256 | 76d13db51b4045a6c0f2480a10421f2b9d3e34717be95ac5e1153a50ab90035b
Red Hat Security Advisory 2014-0440-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0440-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6619, CVE-2013-6445
SHA-256 | 8a92a7112ff8929cffa301f60b1e4e60c37e9603b197a23ec374b5be691ea107
Red Hat Security Advisory 2014-0439-01
Posted Apr 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0439-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel's IPv6 implementation processed IPv6 router advertisement packets. An attacker able to send a large number of RA packets to a target system could potentially use this flaw to crash the target system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, redhat
advisories | CVE-2013-7263, CVE-2013-7265, CVE-2014-0069, CVE-2014-1438, CVE-2014-1690, CVE-2014-1874, CVE-2014-2309, CVE-2014-2523
SHA-256 | 2b623200e0a9ae6450a12d72a8175b17fe8b289abc75e214b50cd7e3b3ee735b
Debian Security Advisory 2913-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2913-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2014-2983
SHA-256 | d394e08c70f78f10ec9cd82c86a33e9f0cbfa6cc31f0ca140dbf37e345337995
Debian Security Advisory 2914-1
Posted Apr 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2914-1 - An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2014-2983
SHA-256 | 246d8804c5c7645744ef8f11ef9cd8acadbd918b3d44f0b1af1fb7a5b3520249
Ubuntu Security Notice USN-2182-1
Posted Apr 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2182-1 - Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. This issue only applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net MAC addresses. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2013-4544, CVE-2014-0150, CVE-2014-2894
SHA-256 | 9700f1e369f6c75392ba440defb4087b4a9b1b71d9338c9338c67279882a6a1e
Ubuntu Security Notice USN-2183-1
Posted Apr 28, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2183-1 - Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0471
SHA-256 | 8d3851678414f8bc3ad88106e10038b6b01d7a3dd84c9b1c2b73fac8076b184f
Cells Blog 3.4 Cross Site Scripting
Posted Apr 28, 2014
Authored by kurdish hackers team

Cells Blog version 3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ac38eaafb762b8cd9ec3b83028d2896357b2d5a6ff887d5e608437f19de3ff8e
Terminal IP Lookup Tool (TILT) 0.5 Beta
Posted Apr 28, 2014
Authored by AeonDave | Site github.com

TILT is a tool written in python that performs simple recon jobs against a given host.

tags | tool, python
systems | unix
SHA-256 | 7650ecfc159019f337cfedb9c433953f434bc3023e343c316fa0f81082d2e29a
CalendarScript 3.2.1 Password Disclosure
Posted Apr 28, 2014
Authored by Felipe Andrian Peixoto

CalendarScript version 3.2.1 suffers from a remote password disclosure vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, info disclosure
SHA-256 | 2e13799d7288e78b76f6fa3dbafdf7e565429515f7fc0f98fd86950948824f2d
Adem 0.5.1 Local File Inclusion
Posted Apr 28, 2014
Authored by jiko

Adem version 0.5.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 5490331b8db5b36ceac02b07263b7087277af584b62dbd78bccb2cfc1a49abbc
Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking
Posted Apr 28, 2014
Authored by Aryan Bayaninejad

Kmplayer versions 3.8.0.122 and 3.8.0.123 suffer from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2014-2985
SHA-256 | 4f4e9badb8f84d790e98982d772cc340148cbc9c1495f5667c8e623b4e81ca66
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close