exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-05-29

AuraCMS 3.0 Cross Site Scripting / Local File Inclusion
Posted May 29, 2014
Authored by Mustafa ALTINKAYNAK

AuraCMS version 3.0 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
MD5 | 555b6dc66fc9b5b7c679b90999ccedec
Check_MK Arbitrary File Disclosure
Posted May 29, 2014
Authored by Markus Vervier, Sascha Kettler | Site lsexperts.de

Check_MK suffers from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary
advisories | CVE-2014-0243
MD5 | e15f15a0ae3651e777086ddbeb456725
Apache Tomcat Information Disclosure
Posted May 29, 2014
Authored by Mark Thomas | Site tomcat.apache.org

The code used to parse the request content length header did not check for overflow in the result. This exposed a request smuggling vulnerability when Tomcat was located behind a reverse proxy that correctly processed the content length header. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.3, Apache Tomcat 7.0.0 to 7.0.52, and Apache Tomcat 6.0.0 to 6.0.39.

tags | advisory, overflow
advisories | CVE-2014-0099
MD5 | 5111e908ad08ae8ebd18c203b6493da1
Apache Tomcat Denial Of Service
Posted May 29, 2014
Authored by Mark Thomas | Site tomcat.apache.org

It was possible to craft a malformed chunk size as part of a chucked request that enabled an unlimited amount of data to be streamed to the server, bypassing the various size limits enforced on a request. This enabled a denial of service attack. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.3, Apache Tomcat 7.0.0 to 7.0.52, and Apache Tomcat 6.0.0 to 6.0.39.

tags | advisory, denial of service
advisories | CVE-2014-0075
MD5 | 58481d1d8cde56b09ee7b37ef3cc2cf1
Red Hat Security Advisory 2014-0581-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0581-01 - OpenStack Dashboard provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The dashboard allows cloud administrators to get an overall view of the size and state of the cloud and it provides end-users a self-service portal to provision their own resources within the limits set by administrators. A flaw was discovered in OpenStack Dashboard that could allow a remote attacker to conduct cross-site scripting attacks if they were able to trick a horizon user into using a malicious heat template. Note that only setups exposing the orchestration dashboard in OpenStack Dashboard were affected.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2014-0157
MD5 | e330fbc232a685189b4d359e72562993
Red Hat Security Advisory 2014-0580-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0580-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication including user name and password credentials, token-based systems, and AWS-style logins. The openstack-keystone packages have been upgraded to upstream version 2013.2.3, which provides a number of bug fixes over the previous version. The following security issue is also fixed with this release: It was found that the memcached token back end of OpenStack Identity did not correctly invalidate a revoked trust token, allowing users with revoked tokens to retain access to services they should no longer be able to access. Note that only OpenStack Identity setups using the memcached back end for tokens were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-2237
MD5 | d3f3643c979223af16b6b0d862d9770e
Red Hat Security Advisory 2014-0578-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0578-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that overwriting the disk inside of an instance with a malicious image, and then switching the instance to rescue mode, could potentially allow an authenticated user to access arbitrary files on the compute host depending on the file permissions and SELinux constraints of those files. Only setups that used libvirt to spawn instances and which had the use of cow images disabled were affected.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-0134
MD5 | c961d7733af86ece5abefa1b729783ba
Red Hat Security Advisory 2014-0517-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0517-01 - The openstack-foreman-installer package provides facilities for rapidly deploying Red Hat Enterprise Linux OpenStack Platform 4. It was discovered that the Qpid configuration created by openstack-foreman-installer did not have authentication enabled when run with default settings in standalone mode. An attacker able to establish a TCP connection to Qpid could access any OpenStack back end using Qpid without any authentication. This update also fixes several bugs and adds enhancements.

tags | advisory, tcp
systems | linux, redhat
advisories | CVE-2013-6470
MD5 | 60a02f9ed6e8a58bda983aafefa068ef
Red Hat Security Advisory 2014-0582-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0582-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.

tags | advisory, java, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-4517
MD5 | 721402bebdb448bcd567130b4a44fe6d
Red Hat Security Advisory 2014-0516-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0516-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A flaw was found in the way OpenStack Networking performed authorization checks on created ports. An authenticated user could potentially use this flaw to create ports on a router belonging to a different tenant, allowing unauthorized access to the network of other tenants. Note that only OpenStack Networking setups using plug-ins that rely on the l3-agent were affected.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-6433, CVE-2014-0056
MD5 | 70ed45002aaab545368f7bd5162d0696
Red Hat Security Advisory 2014-0579-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0579-01 - OpenStack Orchestration is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. It can also be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Orchestration can also be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The openstack-heat-templates package provides heat example templates and image building elements for the openstack-heat package. It was discovered that certain heat templates used HTTP to insecurely download packages and signing keys via Yum. An attacker could use this flaw to conduct man-in-the-middle attacks to prevent essential security updates from being installed on the system.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-0040, CVE-2014-0041, CVE-2014-0042
MD5 | a990c535046c4233cc344171274998ef
Red Hat Security Advisory 2014-0573-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0573-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.3 will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.3 EUS after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.3 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux 6 release.

tags | advisory
systems | linux, redhat
MD5 | 4c5e2f2e7f25053258fb8a0a04f743cb
Red Hat Security Advisory 2014-0575-01
Posted May 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0575-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.

tags | advisory
systems | linux, redhat
MD5 | 3d8838fe55a07900e0ced1be1927a415
Apache Tomcat Denial Of Service
Posted May 29, 2014
Authored by Mark Thomas | Site tomcat.apache.org

A regression was introduced in revision 1519838 that caused AJP requests to hang if an explicit content length of zero was set on the request. The hanging request consumed a request processing thread which could lead to a denial of service. Versions affected include Apache Tomcat 8.0.0-RC2 to 8.0.3.

tags | advisory, denial of service
advisories | CVE-2014-0095
MD5 | a5c4c65f29ed8306dcd76c7893ccc1dc
HandsomeWeb SOS Webpages 1.1.11 Backup / Hash Disclosure
Posted May 29, 2014
Authored by Freakyclown | Site portcullis-security.com

HandsomeWeb SOS Webpages versions 1.1.11 and below suffer from backup and password hash disclosure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2014-3445
MD5 | fd8cd8f15a81a745ed992423fe484425
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    22 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close