what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files Date: 2014-06-04

IPSwitch IMail 12.4 Cross Site Scripting
Posted Jun 4, 2014
Authored by Peru

IPSwitch IMail server web client versions 12.3 and 12.4 before 12.4.1.15 suffer from a persistent cross site scripting vulnerability.

tags | exploit, web, xss
advisories | CVE-2014-3878
SHA-256 | e9708dde34587f7954f8bbd7dc8a189e6644a211a4b0f6306d1057b08bd834d8
Download | Favorite | View
FreeBSD Security Advisory - ktrace Kernel Memory Disclosure
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-3873
SHA-256 | 003649f925e12510c88e6cb5a41c1ae0e254a9bab779cb2c50b388f051a929e6
Download | Favorite | View
FreeBSD Security Advisory - PAM Policy Parser
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure (handled by searching in the next location) while the presence of an invalid file is a hard failure (handled by returning an error to the caller). The policy parser returns the same error code (ENOENT) when a syntactically valid policy references a non-existent module as when the requested policy file does not exist. The search loop regards this as a soft failure and looks for the next similarly-named policy, without discarding the partially-loaded configuration. A similar issue can arise if a policy contains an include directive that refers to a non-existent policy.

tags | advisory
systems | freebsd
advisories | CVE-2014-3879
SHA-256 | c172f1629a0148dc04e340253e113146894af7408276fd65c6e6c6e3a50f19a6
Download | Favorite | View
FreeBSD Security Advisory - Sendmail
Posted Jun 4, 2014
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in sendmail(8) that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open.

tags | advisory
systems | freebsd
SHA-256 | 67eb06001085eef65797c58907ed0ff05690cedefd665a08e48f7f8b9ea16bf4
Download | Favorite | View
IBM DB2 Privilege Escalation
Posted Jun 4, 2014
Authored by Tim Brown | Site portcullis-security.com

setuid and setgid programs can escalate privileges via insecure RPATH use in IBM DB2 systems.

tags | advisory
advisories | CVE-2014-0907
SHA-256 | 40679a4e85d6d23356386f0877e57636c158e282cb759a60f37f439933615e4e
Download | Favorite | View
PHP 5.5.13 / Lynis 1.5.4 Insecure /tmp Use
Posted Jun 4, 2014
Authored by A B

PHP version 5.5.13 and Lynis version 1.5.4 use /tmp insecurely.

tags | advisory, php
SHA-256 | e8fd9a05110d214b1f51e304a9c367e55a2709149d4453dfa7eef7d72082bdfb
Download | Favorite | View
GoAgent SSL / TLS Issues
Posted Jun 4, 2014
Authored by David Fifield

GoAgent performs improper TLS validation and install a root CA certificate with a known private key.

tags | advisory, root
SHA-256 | a42aee19935e8c20d21fdb23e247e16af40644fb70df89c65537de10511e22be
Download | Favorite | View
BSI Advance Hotel Booking System 2.0 Cross Site Scripting
Posted Jun 4, 2014
Authored by Angelo Ruwantha

BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a63aae44e22e7b8503f7f8ed7f9a72ebf26200a47052caf46142200a81ea59f6
Download | Favorite | View
UltraVintage Cross Site Scripting / SQL Injection
Posted Jun 4, 2014
Authored by Hekt0r

UltraVintage suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | e27b919bab1f7594cbf897ddfd0c517cff37e620db2aa020e7c0afff7b66445b
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close