what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-12

HP Security Bulletin HPSBMU02931 6
Posted May 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02931 6 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Revision 6 of this advisory.

tags | advisory, remote, arbitrary, vulnerability, xss
advisories | CVE-2013-4830, CVE-2013-4831, CVE-2013-4832, CVE-2013-4833
MD5 | 1bc8245520cecce97f77f16812169c8b
Skybox 6.x Authentication Bypass / Information Disclosure
Posted May 12, 2014
Authored by Luigi Vezzoso

Skybox versions 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 suffer from an authentication bypass that allows for information disclosure.

tags | exploit, info disclosure
advisories | CVE-2014-2084
MD5 | 442d0b8bb441f889ae1532b08a5ac0fa
Gentoo Linux Security Advisory 201405-06
Posted May 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 6.6_p1-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5161, CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE-2011-5000, CVE-2012-0814, CVE-2014-2532
MD5 | 867f6beb5f3c209a3b73933db4c67529
Red Hat Security Advisory 2014-0469-01
Posted May 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0469-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. A flaw was found in the way Ruby on Rails' actionpack rubygem performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2013-6417, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0078, CVE-2014-0137, CVE-2014-2669
MD5 | cdc4d0cfe60c1de3ac3fa143db9a99e5
Debian Security Advisory 2926-1
Posted May 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2926-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2851, CVE-2014-3122
MD5 | 836873067313a312340f5083aaf5efb0
Mandriva Linux Security Advisory 2014-086
Posted May 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-086 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-0191
MD5 | 663979e3bf3ce30b53f4e89b5d55ee62
Mandriva Linux Security Advisory 2014-085
Posted May 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-085 - ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3209
MD5 | 73aa0a8e4906bd2002ade20a87461dfa
Mandriva Linux Security Advisory 2014-084
Posted May 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-084 - An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-7353, CVE-2013-7354
MD5 | df2135e23d5f5c2f218569a6467313ec
Slackware Security Advisory - seamonkey Updates
Posted May 12, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | b11a2deb392896d7109fa983a9ac2076
Netgrafio 0.1
Posted May 12, 2014
Authored by Cyneox | Site nullsecurity.net

Netgrafio is a tool aimed at visualizing network data. It provides tool and libraries to visual datasets to more easily represent the information.

tags | tool
systems | unix
MD5 | a23e307197d4750908703b5e47540d00
Skybox 6.x Denial Of Service
Posted May 12, 2014
Authored by Luigi Vezzoso

Skybox versions 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 suffer from multiple denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2014-2085
MD5 | 41322d1b38fe21473e143d14961a042f
AlienVault 4.6.1 SQL Injection
Posted May 12, 2014
Authored by Chris Hebert | Site metasploit.com

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.

tags | exploit, arbitrary, php, sql injection
MD5 | d1735e5cf20476892a9a1079fd25c89b
Easy Chat Server 3.1 Stack Buffer Overflow
Posted May 12, 2014
Authored by superkojiman

Easy Chat Server version 3.1 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
MD5 | b1530c2998054d47b6eee7b97dcf4963
Metafang2 .NET Generator
Posted May 12, 2014
Authored by Brandon Perry

metafang2 interfaces with a Metasploit RPC instance to generate .NET executables that run x86/x64 shell code in a platform-agnostic way. One binary to rule them all. Also provides an encryption mechanism that will bruteforce the payload's key at run time.

tags | tool, shell, x86
systems | unix
MD5 | 65d67173eb317f99aeeba8e76a73a601
Xshop Cross Site Scripting
Posted May 12, 2014
Authored by Medrik

Xshop suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | a683853b50db1eaa710d2cb27c27a1a9
WordPress Bonuspressx Cross Site Scripting
Posted May 12, 2014
Authored by Ashiyane Digital Security Team

WordPress Bonuspressx plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 9ba020031590a6f1f9ead5c1975cc334
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close