what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-05-28

sb0x Project 2.0.1rc3
Posted May 28, 2014
Authored by levi0x0 | Site github.com

sb0x Project is a lightweight framework for penetration testing. Written in Python.

tags | tool, scanner, python
systems | unix
MD5 | 8531580c440c93bc383b1a8cb996bf2a
Red Hat Security Advisory 2014-0559-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0559-01 - The Red Hat Enterprise Virtualization Manager data warehouse package provides the Extract-Transform-Load process and database scripts to create a historic database API. It also provides SQL BI reports creation for management and monitoring. It was found that the ovirt-engine-dwh setup script logged the history database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0202
MD5 | 1037169105032ad1a8519da83577d58c
Red Hat Security Advisory 2014-0558-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0558-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. It was found that the ovirt-engine-reports setup script logged the reports database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-0199, CVE-2014-0200, CVE-2014-0201
MD5 | 7bbe48219dba010ee348c07d8aa8479f
Red Hat Security Advisory 2014-0561-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0561-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP with NTLM authentication, LDAP, SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials.

tags | advisory, remote, web, protocol
systems | linux, redhat
advisories | CVE-2014-0015, CVE-2014-0138
MD5 | ca75f8603c28da55ec239f5a7f9effdb
Red Hat Security Advisory 2014-0557-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0557-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system.

tags | advisory, remote, kernel, tcp, protocol
systems | linux, redhat
advisories | CVE-2014-0100, CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3122
MD5 | 92ffb61f18bc3e90b948a3bb43daf85e
Red Hat Security Advisory 2014-0560-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0560-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-0179
MD5 | fa1203b64bdda86041465ee92958f9eb
Debian Security Advisory 2938-1
Posted May 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2938-1 - The initial organization and setup of Squeeze LTS has now happened and it is ready for taking over security support once the standard security support ends at the end of the month.

tags | advisory
systems | linux, debian
MD5 | 7a720b011898194b93f67cfa3c9ff124
Debian Security Advisory 2937-1
Posted May 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2937-1 - Two security issues have been found in the Python WSGI adapter module for Apache.

tags | advisory, python
systems | linux, debian
advisories | CVE-2014-0240, CVE-2014-0242
MD5 | 60bc6088825335037777d7744751ddb2
Gentoo Linux Security Advisory 201405-28
Posted May 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-28 - A remote command injection vulnerability has been discovered in xmonad-contrib. Versions less than 0.11.2 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2013-1436
MD5 | 9f9c5f7df3105612cc6380c0a0056345
Red Hat Security Advisory 2014-0565-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0565-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0059
MD5 | 1438511c0cb162d487331a602981b830
Red Hat Security Advisory 2014-0564-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0564-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0059
MD5 | 9cfff27083254bee12c7c38033fb4083
Red Hat Security Advisory 2014-0563-01
Posted May 28, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0563-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0059
MD5 | fa45f8adf659dfc1a765d5133de418ac
info.vmware.com Cross Site Scripting
Posted May 28, 2014
Authored by Robert Garcia

info.vmware.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2fbab1e442f01211073dfcd2a6d13f1c
WebBoard CMS Cross Site Scripting
Posted May 28, 2014
Authored by IeDb

WebBoard CMS suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f680979cab6d2ad9ead86490bab7665
Lua Web Application Security Vulnerabilities
Posted May 28, 2014
Authored by Felipe Daragon | Site syhunt.com

This paper highlights risks associated with unvalidated input in Lua-based applications.

tags | paper
MD5 | d007ecb8cfe7ea4438f1da5e40631ac9
Sandcat Browser 5.0-beta.1
Posted May 28, 2014
Authored by Felipe Daragon

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications.

tags | tool, web
systems | unix
MD5 | 02ff45999b2e36e35838d1882d84e80c
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close