what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-05-20

HP Security Bulletin HPSBGN03007
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03007 - A potential security vulnerability has been identified with HP IceWall MCRP and HP IceWall SSO. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2014-2604
MD5 | dc59402729b4a1bb90d9934660c094a4
HP Security Bulletin HPSBMU03022 3
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 3 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
MD5 | 948d62c4fc39496f442f36a2152d1d65
Perseus' Java Hopper Cross Site Scripting
Posted May 20, 2014
Authored by Renzi

Perseus' Java Hopper suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, java, xss
MD5 | d6ce04a75c32aaa3a08d4fc80b89910c
Lynis Auditing Tool 1.5.3
Posted May 20, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds additional auditing support for SuSE and others. It includes support for the Zypper package manager, including package gathering and checking for vulnerable packages. Several others tests related to AIDE, NTP, and the kernel have been improved.
tags | tool, scanner
systems | unix
MD5 | 255d8c29cbfc1988a07d574103c21c1c
Symantec Workspace Streaming Arbitrary File Upload
Posted May 20, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.

tags | exploit, remote, arbitrary, root, code execution
systems | windows
advisories | CVE-2014-1649
MD5 | 3fd8e8cacb6bdc783c86fc4797d7f2f5
AoA MP4 Converter 4.1.2 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
MD5 | 7382e2fb12e216f1d7d47cf3f9c15633
SafeNet Sentinel Directory Traversal
Posted May 20, 2014
Authored by Matt Schmidt

SafeNet Sentinel Protection Server versions 7.0 through 7.4 and Keys Server versions 1.0.3 through 1.0.4 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2007-6483, OSVDB-42402
MD5 | a846bc7d4cba017afce1052407ba85f9
Oracle JavaMail SMTP Header Injection
Posted May 20, 2014
Authored by Alexandre Herzog

JavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Versions 1.4.5 and 1.5.1 were found vulnerable.

tags | exploit, arbitrary
MD5 | 8b1be1492f43eb361d7b215f3e3ca150
Apple Security Advisory 2014-05-16-1
Posted May 20, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-05-16-1 - iTunes 11.2.1 is now available and addresses a security issue. Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.

tags | advisory
systems | apple
advisories | CVE-2014-1347
MD5 | f508022f3b22065aeffcc6b30d19c4e4
t2'14 Call For Papers
Posted May 20, 2014
Site t2.fi

The t2'14 Call For Papers has been announced. It will take place October 23rd through the 24th, 2014 in Helsinki, Finland.

tags | paper, conference
MD5 | 5b9bf15109fa9e83cf8bb54788b81775
Clipperz Password Manager Code Execution
Posted May 20, 2014
Authored by Manish Tanwar

Clipperz Password Manager suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 568f0f961624aa0dc2dafb7dd7e44c6d
Hook Analyser Malware Tool 3.1
Posted May 20, 2014
Authored by Beenu Arora | Site hookanalyser.blogspot.com

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.

Changes: In this build, significant changes have been made to static malware analysis (option #3) and Cyber threat intelligence (option #6) modules, along with addition of a new module - batch analysis (option #7).
tags | tool
MD5 | 2e517814bd63d4092712d91fa00f0597
AoA Audio Extractor 2.3.7 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
MD5 | 022a89884a71b14c768452227995b902
Bypassing SSL Pinning On Android Via Reverse Engineering
Posted May 20, 2014
Authored by Denis Andzakovic | Site security-assessment.com

This whitepaper details the steps taken to unpack an application, locate the pinning handler, patch and repack. The techniques detailed in this whitepaper may also be used to achieve other goals when hacking Android applications.

tags | paper
MD5 | fe5043c5929d8eb6f2bfe05df024b2bc
CyberLink Power2Go Essential 9.0.1002.0 Overflow
Posted May 20, 2014
Authored by Mike Czumak

CyberLink Power2Go Essential version 9.0.1002.0 suffers from a registry SEH/unicode buffer overflow vulnerability.

tags | exploit, overflow, registry
MD5 | 56ae6f7e275cf3ff5e9e36db52692df7
AoA DVD Creator 2.6.2 Active-X Overflow
Posted May 20, 2014
Authored by metacom

AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.

tags | exploit, overflow, activex
MD5 | d995ac92e0f6e833f7cb4a29967dfc02
HP Security Bulletin HPSBHF02946 2
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02946 2 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2013-5987
MD5 | f1c9adfd1adad00dbde16b585a279799
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    2 Files
  • 23
    Oct 23rd
    10 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close