what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-05-29

AuraCMS 3.0 Cross Site Scripting / Local File Inclusion
Posted May 29, 2014
Authored by Mustafa ALTINKAYNAK

AuraCMS version 3.0 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | 5a35bc77f37b80e3b6ae5d1eaf892a6a012cf4c579dda292eeb102b6f33561da
Check_MK Arbitrary File Disclosure
Posted May 29, 2014
Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

Check_MK suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-0243
SHA-256 | 29ea17ad8196b8ca5a593382f3d744479bd2f4a883b8f7db788780575f11978e
Apache Tomcat Information Disclosure
Posted May 29, 2014
Authored by Mark Thomas | Site tomcat.apache.org

The code used to parse the request content length header did not check for overflow in the result. This exposed a request smuggling vulnerability when Tomcat was located behind a reverse proxy that correctly processed the content length header. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.3, Apache Tomcat 7.0.0 to 7.0.52, and Apache Tomcat 6.0.0 to 6.0.39.

tags | advisory, overflow
advisories | CVE-2014-0099
SHA-256 | efe876f026d805aec0ae402905d0f399166b1e85133b042ab6011a6439d5095f
Apache Tomcat Denial Of Service
Posted May 29, 2014
Authored by Mark Thomas | Site tomcat.apache.org

It was possible to craft a malformed chunk size as part of a chucked request that enabled an unlimited amount of data to be streamed to the server, bypassing the various size limits enforced on a request. This enabled a denial of service attack. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.3, Apache Tomcat 7.0.0 to 7.0.52, and Apache Tomcat 6.0.0 to 6.0.39.

tags | advisory, denial of service
advisories | CVE-2014-0075
SHA-256 | 14014726ae194fcbd52254b00f5e7e99823908207f8227e73309d1f9549f50e1
Red Hat Security Advisory 2014-0581-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0581-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was discovered in OpenStack Dashboard that could allow a remote attacker to conduct cross-site scripting attacks if they were able to trick a horizon user into using a malicious heat template. Note that only setups exposing the orchestration dashboard in OpenStack Dashboard were affected.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2014-0157
SHA-256 | 3cf9b2341558bbe8305cde1cdbe8f36482a30e22137a9d73e93d3f39be026b5e
Red Hat Security Advisory 2014-0580-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0580-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins. The openstack-keystone packages have been upgraded to upstream version 2013.2.3, which provides a number of bug fixes over the previous version. The following security issue is also fixed with this release: It was found that the memcached token back end of OpenStack Identity did not correctly invalidate a revoked trust token, allowing users with revoked tokens to retain access to services they should no longer be able to access. Note that only OpenStack Identity setups using the memcached back end for tokens were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-2237
SHA-256 | cbbf882a59e7a04c181ef09556964cf1dbb16484778d505b0c2a9c16a7da6974
Red Hat Security Advisory 2014-0578-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0578-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that overwriting the disk inside of an instance with a malicious image, and then switching the instance to rescue mode, could potentially allow an authenticated user to access arbitrary files on the compute host depending on the file permissions and SELinux constraints of those files. Only setups that used libvirt to spawn instances and which had the use of cow images disabled were affected.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-0134
SHA-256 | 63b3fb8b016547bd70086401213819f350561fb27cbc25c07899d9a76fa6e893
Red Hat Security Advisory 2014-0517-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0517-01 - The openstack-foreman-installer package provides facilities for rapidly deploying Red Hat Enterprise Linux OpenStack Platform 4. It was discovered that the Qpid configuration created by openstack-foreman-installer did not have authentication enabled when run with default settings in standalone mode. An attacker able to establish a TCP connection to Qpid could access any OpenStack back end using Qpid without any authentication. This update also fixes several bugs and adds enhancements.

tags | advisory, tcp
systems | linux, redhat
advisories | CVE-2013-6470
SHA-256 | 0c5878fb3ca39f4bfc286dcd8a1b7c27424d3484ba4a69d122cb5e3b11cf8a28
Red Hat Security Advisory 2014-0582-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0582-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
SHA-256 | b8593d70dd43aadb30773782fde079796ce4e875ae531e2e5e5e45c520c7f18d
Red Hat Security Advisory 2014-0516-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0516-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A flaw was found in the way OpenStack Networking performed authorization checks on created ports. An authenticated user could potentially use this flaw to create ports on a router belonging to a different tenant, allowing unauthorized access to the network of other tenants. Note that only OpenStack Networking setups using plug-ins that rely on the l3-agent were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6433, CVE-2014-0056
SHA-256 | c0588230b69d9979c0b5ff1a318a4d0d3c47c4b2e44dde5b16954df8d2d433c8
Red Hat Security Advisory 2014-0579-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0579-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The openstack-heat-templates package provides heat example templates and image building elements for the openstack-heat package. It was discovered that certain heat templates used HTTP to insecurely download packages and signing keys via Yum. An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-0040, CVE-2014-0041, CVE-2014-0042
SHA-256 | ca06ea7eab4f54b7a387adbdef2d7be82b8761ba25ef9e19be26524fc94c5aff
Red Hat Security Advisory 2014-0573-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0573-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.3 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release.

tags | advisory
systems | linux, redhat
SHA-256 | 84add74bf4934fa3246c88972d5837845c5ad62f8afe71ced2c17006b0030dd8
Red Hat Security Advisory 2014-0575-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0575-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.

tags | advisory
systems | linux, redhat
SHA-256 | 8f642504c1f6988e2155666984c9463204d4155f4e20cc5bdfc8dfd7360d8f32
Apache Tomcat Denial Of Service
Posted May 29, 2014
Authored by Mark Thomas | Site tomcat.apache.org

A regression was introduced in revision 1519838 that caused AJP requests to hang if an explicit content length of zero was set on the request. The hanging request consumed a request processing thread which could lead to a denial of service. Versions affected include Apache Tomcat 8.0.0-RC2 to 8.0.3.

tags | advisory, denial of service
advisories | CVE-2014-0095
SHA-256 | 28c61c41ea4c82aebf18e1389e65f0ee95408b53ccd619f2378c0bef49785f6a
HandsomeWeb SOS Webpages 1.1.11 Backup / Hash Disclosure
Posted May 29, 2014
Authored by Freakyclown | Site portcullis-security.com

HandsomeWeb SOS Webpages versions 1.1.11 and below suffer from backup and password hash disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2014-3445
SHA-256 | 95fa3a37604887c4a9477550b3793f175517c90416e587a425c76050ebc648db
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close