what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-07

F5 iControl Remote Command Execution
Posted May 7, 2014
Authored by Brandon Perry

F5 iControl systems suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-2928
MD5 | c26b6e3dc728b578bd618a0c075406aa
Cisco Security Advisory 20140507-webex
Posted May 7, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.

tags | advisory, remote, overflow, arbitrary, vulnerability
systems | cisco
MD5 | 3a4de149aecee654df2f782c2b94ec9c
HP Security Bulletin HPSBMU03018 3
Posted May 7, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03018 3 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 3 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
MD5 | a4ab5fb4081a9d93cd1758033933e54d
Fortiweb 5.1.x Cross Site Request Forgery
Posted May 7, 2014
Authored by William Costa, Enrique Nissim | Site fortiguard.com

FortiWeb versions 5.1.x and below suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2014-3115
MD5 | 505b2bc42aee94dbb0fb3a798d2b7379
Offiria 2.1.0 Cross Site Scripting
Posted May 7, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Offiria version 2.1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2689
MD5 | 0df0608b9b3f2e84c6d666fe2ea80591
NIELD (Network Interface Events Logging Daemon) 0.5.1
Posted May 7, 2014
Authored by t2mune | Site github.com

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.

Changes: This release includes a security update and adds support for systemd.
tags | tool, kernel, system logging
systems | unix
MD5 | 2c2aa7eacad6e6888f74b65c0d26fbdf
Breakpoint 2014 Call For Papers
Posted May 7, 2014
Authored by bpx | Site ruxconbreakpoint.com

The Breakpoint 2014 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 8th through the 9th, 2014. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.

tags | paper, conference
MD5 | b53c5e4134995395e589b84dc1c02ef2
SQL Injection In Insert, Update, And Delete
Posted May 7, 2014
Authored by Osanda Malith

This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.

tags | paper, sql injection
MD5 | 5cbd0e55c570992f600f2d3c243a4f20
HP Security Bulletin HPSBMU02994 4
Posted May 7, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02994 4 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 48b563a90dec8a7aa67ef6a314e52f37
Red Hat Security Advisory 2014-0474-01
Posted May 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0474-01 - Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.

tags | advisory, java, remote, web, code execution
systems | linux, redhat
advisories | CVE-2014-0114
MD5 | 0d9c56e31b76c78781e0212da36dd794
Ubuntu Security Notice USN-2208-2
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-2 - USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-6491
MD5 | 9b335bf94b7f725f277832e730fb0c1b
Ubuntu Security Notice USN-2208-1
Posted May 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2208-1 - JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-6491
MD5 | eecc306977efc6b54b6bbbbfbf233228
Terminal IP Lookup Tool (TILT) 0.6
Posted May 7, 2014
Authored by AeonDave | Site github.com

Tilt, aka Terminal ip lookup tool, is an easy and simple open source tool implemented in Python for ip/host passive reconnaissance. It is very handy for first reconnaissance approach and for host data retrieval.

Changes: Many Improvements and updates.
tags | tool, python
systems | unix
MD5 | 55bf5a7a33927057e76ee51d1e0078ac
WordPress Photo-Gallery Cross Site Request Forgery
Posted May 7, 2014
Authored by Felipe Andrian Peixoto

WordPress Photo-Gallery plugin suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.

tags | exploit, csrf
MD5 | 7d350dd532d2b3d6e3154074640c203a
Global Domains International Cross Site Scripting / Traversal
Posted May 7, 2014
Authored by indoushka

Sites by Global Domains International, Inc suffer from cross site scripting and directory traversal vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 8093f1ab2c378fe3085183d7a5393c02
InvisionPower CMS Links To Titles 3.0 Cross Site Scripting
Posted May 7, 2014
Authored by UmPire

InvisionPower CMS Links to Titles utility version 3.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2297d13949d95bb1fe11a7b56973f58c
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    13 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close