the original cloud security
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-05-08

AVG Remote Administration Bypass / Code Execution / Static Keys
Posted May 8, 2014
Authored by S. Viehbock | Site sec-consult.com

AVG Remote Administration version 13.0.0.2892 suffers from authentication bypass, remote code execution, missing entity authentication, and use of static encryption key vulnerabilities.

tags | exploit, remote, vulnerability, code execution
MD5 | 0ceb53d7421ba8d3afa0f52b91c0cb87
OrbiTeam BSCW 5.0.7 Metadata Information Disclosure
Posted May 8, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Versions 5.0.7 and below are affected.

tags | exploit, info disclosure
advisories | CVE-2014-2301
MD5 | cc8e8e147da3d9fa5fc2ca61ef9e5eb7
VM Turbo Operations Manager 4.5.x Directory Traversal
Posted May 8, 2014
Authored by Jamal Pecou

VM Turbo Operations Manager version 4.5.x suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | 76b81ac0b9e2babd307af0141de962cf
HP Security Bulletin HPSBMU02935 3
Posted May 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02935 3 - Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 3 of this advisory.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2013-4837, CVE-2013-4838, CVE-2013-4839, CVE-2013-6213
MD5 | c94114d29455b046a37188757a2c75b0
Red Hat Security Advisory 2014-0477-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0477-01 - Oracle Java SE development and runtime software packages will be removed from the Red Hat Enterprise Linux Supplementary media and RHN channels. These packages will be relocated to a new set of channels that are dedicated to delivering Oracle Java software. Customers are advised to reconfigure their systems to use the new channels to ensure that they are receiving the latest updates to Oracle Java software. Oracle Java software packages will be removed from Red Hat Enterprise Linux Supplementary media and RHN channels on May 8, 2014. Oracle Java will be available for online download via the new RHN channels.

tags | advisory, java
systems | linux, redhat
MD5 | 98516608dfca0dd4c7c7e6b00696c05f
Red Hat Security Advisory 2014-0476-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0476-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2013-6381, CVE-2013-6383
MD5 | afca738cc9d0acab82c84692a0f375a6
Red Hat Security Advisory 2014-0475-01
Posted May 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0475-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the Linux kernel's Adaptec RAID controller checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2013-6383, CVE-2014-0077, CVE-2014-2523
MD5 | 594f9e7581d35ce7ab3466cce3873dde
Ubuntu Security Notice USN-2209-1
Posted May 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2209-1 - It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. Marian Krcmarik discovered that libvirt incorrectly handled seamless SPICE migrations. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-6456, CVE-2013-7336
MD5 | 6f079192cd26f0b28b3c978735dfe28c
Debian Security Advisory 2925-1
Posted May 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2925-1 - Phillip Hallam-Baker discovered that window property values could be queried in rxvt-unicode, resulting in the potential execution of arbitrary commands.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2014-3121
MD5 | 298bb9de5fec78f3d8a5622228a26b03
Ubuntu Security Notice USN-2210-1
Posted May 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2210-1 - Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause it to accept browse packets from all hosts, contrary to intended configuration.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-2707
MD5 | fad550311f9d82d78a4f41f005363801
Mandriva Linux Security Advisory 2014-083
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-083 - Login CSRF issue in MediaWiki before 1.22.5 in Special:ChangePassword, whereby a user can be logged into an attackers account without being aware of it, allowing the attacker to track the user's activity. XSS vulnerability in MediaWiki before 1.22.6, where if the default sort key is set to a string containing a script, the script will be executed when the page is viewed using the info action. MediaWiki has been updated to version 1.22.6, fixing this and other issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-2665
MD5 | 12b710656b4e854482a467e30d71fc54
Mandriva Linux Security Advisory 2014-082
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-082 - Jakub Wilk discovered that temporary files were insecurely created (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py, and EpsImagePlugin.py files of Python Imaging Library. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library. Jakub Wilk discovered that temporary files created in the JpegImagePlugin.py and EpsImagePlugin.py files of the Python Imaging Library were passed to an external process. These could be viewed on the command line, allowing an attacker to obtain the name and possibly perform symbolic link attacks, allowing them to modify an arbitrary file accessible to the user running an application that uses the Python Imaging Library.

tags | advisory, arbitrary, local, python
systems | linux, mandriva
advisories | CVE-2014-1932, CVE-2014-1933
MD5 | 4424d1fd2b4bffc76965928aacd37bd2
Mandriva Linux Security Advisory 2014-080
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-080 - A null pointer dereference bug in OpenSSL 1.0.1g and earlier in so_ssl3_write() could possibly allow an attacker to cause generate an SSL alert which would cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-0198
MD5 | 9e7dc76b2143ab3765b4dfad52cbb02b
Mandriva Linux Security Advisory 2014-081
Posted May 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-081 - Martin Holst Swende discovered a flaw in the way mod_security handled chunked requests. A remote attacker could use this flaw to bypass intended mod_security restrictions, allowing them to send requests containing content that should have been removed by mod_security.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-5705
MD5 | 212661157bfd189f76e1f3a04b34f72c
Openfiler 2.99.1 Cross Site Scripting
Posted May 8, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b82e15f5a6c95e1e0c96e820b1bd1b32
Openfiler 2.99.1 Arbitrary Code Execution
Posted May 8, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a remote arbitrary code execution vulnerability.

tags | exploit, remote, arbitrary, code execution
MD5 | dc85831a845c70a35b1d8237d9aa642e
Collabtive 1.12 SQL Injection
Posted May 8, 2014
Authored by Deepak Rathore

Collabtive version 1.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3246
MD5 | e982fa6506ea1eeb58a33fbd8f99817c
GOM Player 2.2.57.5189 Memory Corruption
Posted May 8, 2014
Authored by Aryan Bayaninejad

GOM Player version 2.2.57.5189 suffers from a memory corruption vulnerability.

tags | exploit
advisories | CVE-2014-3216
MD5 | 6b5b8895bc614688f5654ac87103eb69
Cobbler Local File Inclusion
Posted May 8, 2014
Authored by Dolev Farhi

Cobbler versions 2.4.x through 2.6.x suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | bf114e43830cf3d041ad315cc75a031a
CMS Touch 2.01 Cross Site Scripting / SQL Injection
Posted May 8, 2014
Authored by indoushka

CMS Touch version 2.01 suffers from remote SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 2c2ee56b39c6ba2e96f67bdd29b34169
Enquete yS 1.0 SQL Injection
Posted May 8, 2014
Authored by Hugo Santiago dos Santos

Enquete yS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a37d83ca584b9b18fc646de9578340cf
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close