seeing is believing
Showing 1 - 25 of 52 RSS Feed

Files Date: 2014-05-19

Red Hat Security Advisory 2014-0512-01
Posted May 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0512-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2014-0196
MD5 | c0ac0e9bc452681d3e968b492c729ce4
Red Hat Security Advisory 2014-0513-01
Posted May 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0513-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-2877, CVE-2014-0191
MD5 | 00184b71ba54e6aeb48e6dd7dab2634f
Debian Security Advisory 2931-1
Posted May 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2931-1 - It was discovered that incorrect memory handling in OpenSSL's do_ssl3_write() function could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-0198
MD5 | c28420b844644061a6aeaef0523e8702
Debian Security Advisory 2930-1
Posted May 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2930-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2014-1740, CVE-2014-1741, CVE-2014-1742
MD5 | baf796c9d39093af26add3b4ebb729e3
Gentoo Linux Security Advisory 201405-26
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-26 - A local privilege escalation vulnerability has been discovered in X2Go Server. Versions greater than or equal to 4.0.1.12 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2013-7383
MD5 | 54599e527c6f9b4e3134fb8a40635d72
Debian Security Advisory 2932-1
Posted May 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2932-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-4344, CVE-2014-2894
MD5 | 52a08325554981273ff3dbcb5e58f0d7
Seo Panel 3.4.0 Cross Site Scripting
Posted May 19, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Seo Panel version 3.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1855
MD5 | 447f97776c8b2770082c5bae0de93792
CA Technologies OpenSSL Heartbleed Issue
Posted May 19, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.

tags | advisory
advisories | CVE-2014-0160
MD5 | 5453ebf6434f2580ae667067a9affb2e
ARRIS / Motorola SURFboard SBG6580 Password Disclosure
Posted May 19, 2014
Authored by Matthew Kienow | Site inokii.com

The ARRIS / Motorola SURFboard SBG6580 series wi-fi cable modem gateway disclosure username and password information for the user interface as well as wireless network keys via SNMP.

tags | advisory
MD5 | 30fc1dbde8a20438a03ba85a65d1a1e6
HP Release Control 9.20.0000 Build 395 XXE
Posted May 19, 2014
Authored by Brandon Perry | Site metasploit.com

This Metasploit module takes advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This Metasploit module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.

tags | exploit, web, arbitrary, vulnerability
MD5 | 9055c8ddb49e9888a4bed250c6072733
XOOPS Glossaire 1.0 SQL Injection
Posted May 19, 2014
Authored by AtT4CKxT3rR0r1ST

XOOPS module Glossaire version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 269b217dea65aff20023152fc87cf70f
Wiser 2.10 Backup Disclosure
Posted May 19, 2014
Authored by AtT4CKxT3rR0r1ST

Wiser version 2.10 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure
MD5 | e97d5a8d01995c012f47ee0474306ba7
SMART iPBX SQL injection
Posted May 19, 2014
Authored by AtT4CKxT3rR0r1ST

SMART iPBX suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 0fc04401b09fe54b4eefab58a6ee2e11
SIP Server By Kerne.org SQL Injection / Backup Disclosure
Posted May 19, 2014
Authored by AtT4CKxT3rR0r1ST

SIP Server by Kerne.org suffers from remote SQL injection and backup disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 6dda190d3e0e9a8d1d3e17b1b07257e4
PHP-Nuke Web Links SQL Injection
Posted May 19, 2014
Authored by AtT4CKxT3rR0r1ST

PHP-Nuke Web Links suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, php, sql injection
MD5 | c68160a381f71f5b79ec43272a687789
CRMAPP SQL Injection
Posted May 19, 2014
Authored by AtT4CKxT3rR0r1ST

CRMAPP suffers from a time-based remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 959e296d3d8faea6130152b2b5f90349
Web-Based Firewall Logging Tool 1.00
Posted May 19, 2014
Authored by Bob Hockney | Site webfwlog.sourceforge.net

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

Changes: This is a major feature update as well as a maintenance release. It has full IPv6 support for netfilter, ipfilter, and database logs, and supports additional log file formats including Cisco routers. There are numerous other improvements and bugfixes; all users are encouraged to update.
tags | tool, web, firewall
systems | linux, windows, unix, xp
MD5 | 3fb897cd70a023371f277c58dc6243f3
CodeCrypt 1.6.1
Posted May 19, 2014
Site github.com

codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.

Changes: This release adds a minor padding improvement and a possible known-plaintext message authenticity attack fix in symmetric encryption.
tags | tool, encryption
systems | unix
MD5 | 73597df11288c19203948228e5a67fdc
Mandriva Linux Security Advisory 2014-098
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-098 - Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-1438
MD5 | f69ad0423d8ec811e14779ca451c756a
Mandriva Linux Security Advisory 2014-095
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-095 - It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.

tags | advisory, remote, code execution
systems | linux, mandriva
advisories | CVE-2014-0114
MD5 | 4205d082436cdc97e0ada92408be1dfb
Mandriva Linux Security Advisory 2014-092
Posted May 19, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-092 - lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving.cups/client.conf. Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, arbitrary, local, xss
systems | linux, unix, mandriva
advisories | CVE-2013-6891, CVE-2014-2856
MD5 | 7ca0ef1d569a3f5da8af4ff6de13ed6f
Gentoo Linux Security Advisory 201405-25
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-25 - A vulnerability in Symfony may allow remote attackers to read arbitrary files. Versions less than 1.4.20 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2012-5574
MD5 | 0d53830a03c7c7ab229d741ed8313ce4
Gentoo Linux Security Advisory 201405-24
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-24 - Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Versions less than 1.4.8-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2010-1623, CVE-2011-0419, CVE-2011-1928, CVE-2012-0840
MD5 | fd0511db59c5374e37aadfc393ba5acc
Gentoo Linux Security Advisory 201405-23
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-23 - A vulnerability in lib3ds might allow a remote attacker to execute arbitrary code. Versions less than 2.0.0_rc1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0280
MD5 | 37c3245ea904a1e2d62f6957a125f2ec
Gentoo Linux Security Advisory 201405-22
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-22 - Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6152, CVE-2013-0271, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020
MD5 | 196a5a8a8c52f69aec58651f4e8923ac
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close