exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 38 RSS Feed

Files Date: 2014-05-01

Samhain File Integrity Checker 3.1.1
Posted May 1, 2014
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: All-numeric hostnames are correctly recognized now, and inline asm has been disabled on Cygwin/Windows.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | bc05220b79733fde3e2530f9f875d76f718f74fa291cda8d7c6554de89ac4814
Packet Storm New Exploits For April, 2014
Posted May 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 162 exploits added to Packet Storm in April, 2014.

tags | exploit
systems | linux
SHA-256 | 5007010267078b63a4b3b6a4243ee9a14e54335fe86b574a638aafce29bff230
RSA Access Manager Sensitive Information Disclosure
Posted May 1, 2014
Site emc.com

RSA Access Manager contains a security fix for sensitive information disclosure vulnerability where user passwords are potentially logged in plaintext within the log files of the runtime WS component. By default, the logging level is now set to ERROR, which is not affected by this vulnerability. This vulnerability only applies when the logging level is changed to INFO.

tags | advisory, info disclosure
advisories | CVE-2014-0646
SHA-256 | f2a7153a1c94a23e52c5a56371f0d3425921f5f0969eb2d87c60695686969f9f
Sitepark Information Enterprise Server 2.9 Unauthenticated Access
Posted May 1, 2014
Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

LSE discovered that the installer of the Information Enterprise Server (IES) was available to unauthenticated users over HTTP. When updating from previous versions of IES, an installation form was not disabled after installation. In this case the servlet "/ies/install" was exposed to unauthenticated users. By accessing the servlet at URI "/ies/install/" on an affected IES server, an unauthenticated attacker was able to set a new password for the manager account. Additionally sensitive information regarding the IES installation was displayed.

tags | advisory, web
advisories | CVE-2014-3006
SHA-256 | a3bd5fbb77d7da353b590c6fc5e71a5468197a93c7835a587b10d09fad706a47
FreeBSD Security Advisory - OpenSSL Use-After-Free
Posted May 1, 2014
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which requests the library to release the memory it holds when a read or write buffer is no longer needed for the context. The buffer may be released before the library have finished using it. It is possible that a different SSL connection in the same process would use the released buffer and write data into it. An attacker may be able to inject data to a different connection that they should not be able to.

tags | advisory
systems | freebsd
advisories | CVE-2010-5298
SHA-256 | 851202eaa4eb917df15887a014a505071ce6c2791fa4f5ca01d14d91e1ee960e
FreeBSD Security Advisory - TCP Reassembly
Posted May 1, 2014
Authored by Jonathan Looney | Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD may add a reassemble queue entry on the stack into the segment list when the reassembly queue reaches its limit. The memory from the stack is undefined after the function returns. Subsequent iterations of the reassembly function will attempt to access this entry. An attacker who can send a series of specifically crafted packets with a connection could cause a denial of service situation by causing the kernel to crash. Additionally, because the undefined on stack memory may be overwritten by other kernel threads, while extremely difficult, it may be possible for an attacker to construct a carefully crafted attack to obtain portion of kernel memory via a connected socket. This may result in the disclosure of sensitive information such as login credentials, etc. before or even without crashing the system.

tags | advisory, denial of service, kernel
systems | freebsd
advisories | CVE-2014-3000
SHA-256 | d62c34826b3a2bc95a7e65269fe0450176f9725427c19e3e4f8ef9f1b1720479
FreeBSD Security Advisory - devfs Rule Fail
Posted May 1, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The device file system, or devfs(5), provides access to kernel's device namespace in the global file system namespace. The devfs(5) rule subsystem provides a way for the administrator of a system to control the attributes of DEVFS nodes. Each DEVFS mount-point has a ruleset, or a list of rules, associated with it, allowing the administrator to change the properties, including the visibility, of certain nodes. The default devfs rulesets are not loaded on boot, even when jails are used. Device nodes will be created in the jail with their normal default access permissions, while most of them should be hidden and inaccessible. Jailed processes can get access to restricted resources on the host system. For jailed processes running with superuser privileges this implies access to all devices on the system. This level of access could lead to information leakage and privilege escalation.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-3001
SHA-256 | 11eb5a639867c386d3ee69127a1dd822508bbf87a2d5ddc4948fe6662d5078ff
MDSec Exploitation Notes On CVE-2014-0160
Posted May 1, 2014
Authored by Hacker Fantastic

This presentation is a set of slides that gives an overview of the Heartbleed vulnerability.

tags | paper
SHA-256 | 7278e4408858b07591a56dec3e0ae59d2bbaf5470e4ff7aa8258235334b9a0df
Libcap-NG Library 0.7.4
Posted May 1, 2014
Site people.redhat.com

The libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.

Changes: This release adds CAPNG_INIT_SUPP_GRP to capng_change_id, updates the autotools components for PPC lE, and dynamically detects the last capability. There are a couple other bugfixes.
tags | library
systems | unix
SHA-256 | 48a2083276f9820cb92dcb05d001b30733bcbf48c14c230303cac3cd08b45b6b
Beetel 450TC2 Cross Site Request Forgery
Posted May 1, 2014
Authored by shyamkumar somana

The Beetel 450TC2 router suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | f72be743db30f55df937adf951bd866e1bfc57ec7490522fcc21a43be99ccfaf
TYPO3 si_bibtex 0.2.3 XSS / SQL Injection
Posted May 1, 2014
Authored by B. Schildendorfer | Site sec-consult.com

TYPO3 si_bibtex plugin version 0.2.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection
SHA-256 | f91d78cba9c2ccfc0e739b0dc0188ffd873c1054a7c5beec5765ee8eefecc87e
Cisco Security Advisory 20140430-tcte
Posted May 1, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence TC and TE Software are affected by six SIP denial of service vulnerabilities along with buffer overflow and input validation vulnerabilities. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | cisco
advisories | CVE-2014-0160
SHA-256 | e2019f321a5d8f2f70d0f577ad7e88dd4abb933d1b89139eccc89d60c42c33c2
Cisco Security Advisory 20140430-mxp
Posted May 1, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco TelePresence System MXP Series Software contains three SIP denial of service vulnerabilities and three H.225 denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco
advisories | CVE-2014-0160
SHA-256 | ebd3722d2167cfb086ce6fc921e9189990391431890b30fd84c420e67d410544
HP Security Bulletin HPSBPI03031
Posted May 1, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03031 - A potential security vulnerability has been identified in HP Officejet Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 2cbae34930f188d1ded95cb05a58aff42835ab2801bc47c18ac0c3e5ab98dbdd
HP Security Bulletin HPSBST03016 2
Posted May 1, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03016 2 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 793518bc14af1a6466f765b9d8b7ac6f18f8c4d78ff0c7ae67f8b58aeb95e207
HP Security Bulletin HPSBMU03024
Posted May 1, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03024 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows and HP Systems Insight Manager (SIM), components of HP Insight Control server deployment. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Insight Control server deployment packages HP System Management Homepage (SMH) and HP Systems Insight Manager (SIM) and can deploy them through the below list of items. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2014-0160
SHA-256 | bd7190e8a804a8e452de5bad67e28a299b67b306ac3a7e0f28c873d251b98024
HP Security Bulletin HPSBGN03010 3
Posted May 1, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03010 3 - A potential security vulnerability has been identified in HP Sotware Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 9907a28d60dd8298a641863b9e3e018c8300d3ef3f9064a212ad8546bfbc0645
Slackware Security Advisory - mozilla-firefox Updates
Posted May 1, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | ef28a18a7b97111b18d3e34bcae8921c328aa7fe36b5d06e5f90be8d72ab0c88
Ubuntu Security Notice USN-2188-1
Posted May 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2188-1 - Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0172
SHA-256 | 88476ccac5dcf2b200ecd86b4926a1c73203a400f99cbc0219564da06f9199d9
Ubuntu Security Notice USN-2187-1
Posted May 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2187-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427
SHA-256 | 4af3ffe6f230d67c4d92504fde57c9d135907ed5347d9621cd5e74cf2f2c4fa0
Ubuntu Security Notice USN-2189-1
Posted May 1, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2189-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered an out of bounds read when decoding JPG images. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
SHA-256 | 84a238e254a2c4471becc1d883d2892ba3416652c3a0bbce8d3293c5e941a05e
Debian Security Advisory 2915-2
Posted May 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2915-2 - Javier Serrano Polo discovered that the recent dpkg update introduced a vulnerability in systems where the patch utility did not support C-style filename quoting - such as the oldstable distribution (squeeze). This revision of dpkg instead refuses to process patches with C-style filename quoting altogether.

tags | advisory
systems | linux, debian
SHA-256 | adca2ccc2d6bd352c14fb6cb690cac57d5c78eac98de390d0beb0992f061315c
Red Hat Security Advisory 2014-0458-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0458-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-4286
SHA-256 | d0275c8dba685014a68877f25abe15e607160f6124bbd48f9cdb4baefe7d745d
Red Hat Security Advisory 2014-0459-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0459-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. Red Hat JBoss Fuse Service Works allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2014-0002, CVE-2014-0003, CVE-2014-0050
SHA-256 | ae5f3c5b1ef4405095a278cbfc466311b6f4472b5a7888947e5ba4d8310305bc
Red Hat Security Advisory 2014-0456-01
Posted May 1, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0456-01 - The Django web framework is used by horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A flaw was found in the way Django's reverse() URL resolver function constructed certain URLs. A remote attacker able to request a specially crafted view from a Django application could use this flaw to import and execute arbitrary Python modules on the system under the privileges of the user running the application. It was found that Django's caching framework reused Cross-Site Request Forgery nonces for all requests from unauthenticated clients. A remote attacker could use this flaw to acquire the CSRF token of a different user and bypass intended CSRF protections in a Django application.

tags | advisory, remote, web, arbitrary, python, csrf
systems | linux, redhat
advisories | CVE-2014-0472, CVE-2014-0473, CVE-2014-0474
SHA-256 | 7d3d6cad65001a8d8ce3aed0cdd68bb6511642305037b7f18a9d175c24eaa539
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close