the original cloud security
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-07-11

Lynis Auditing Tool 1.5.7
Posted Jul 11, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Implementation of SafePerms function. Added notification when exceptions are found. Fix for error_log handling in nginx.
tags | tool, scanner
systems | unix
MD5 | 8e7e5169fea188e4e431db2f1b32d581
OpenVPN Private Tunnel Privilege Escalation
Posted Jul 11, 2014
Authored by LiquidWorm | Site zeroscience.mk

The Private Tunnel application suffers from an unquoted search path issue impacting the Core Service 'ptservice' service for Windows deployed as part of PrivateTunnel bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application. OpenVPN version 2.1.28.0 (PrivateTunnel 2.3.8) is affected.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | 0c3a2475d1bd6ef8a595075c5db6e9e4
WAGO-I/O-SYSTEM CODESYS 2.3 WebVisu Password Extraction
Posted Jul 11, 2014
Authored by Christian Kudera, Stefan Riegler | Site sec-consult.com

WAGO-I/O-SYSTEM with CODESYS version 2.3 WebVisu suffers from a password extraction vulnerability that allows for privilege escalation.

tags | advisory
MD5 | db119f10f20dd4da1991c999aa3dcc1f
Schrack MICROCONTROL XSS / Disclosure / Weak Default Password
Posted Jul 11, 2014
Authored by Christian Kudera | Site sec-consult.com

Schrack MICROCONTROL versions prior to 1.7.0 (937) suffer from cross site scripting, weak default password, and data disclosure vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 348fe98bde9e3762bbd56ee34614fb83
Shopizer 1.1.5 Authorization Bypass / Hardcoded Key
Posted Jul 11, 2014
Authored by Kestutis Gudinavicius | Site sec-consult.com

Shopizer version 1.1.5 suffers from authentication and authorization bypass vulnerabilities and also has a hardcoded default encryption key.

tags | exploit, vulnerability
MD5 | d28c395e22d437d4686c1988c6798896
Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation
Posted Jul 11, 2014
Authored by Johannes Greil, Johannes Dahse | Site sec-consult.com

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
MD5 | 3af209e37aec448f8096ab7aeed1123d
D-Link info.cgi POST Request Buffer Overflow
Posted Jul 11, 2014
Authored by Craig Heffner | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the my_cgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasploit module has been successfully tested on D-Link DSP-W215 in an emulated environment.

tags | exploit, remote, web, overflow, cgi, code execution
MD5 | 6536bc2c5fe1aa932ecb74dca292aac3
D-Link HNAP Request Remote Buffer Overflow
Posted Jul 11, 2014
Authored by Craig Heffner | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is due to an stack based buffer overflow while handling malicious HTTP POST requests addressed to the HNAP handler. This Metasploit module has been successfully tested on D-Link DIR-505 in an emulated environment.

tags | exploit, remote, web, overflow, code execution
advisories | CVE-2014-3936
MD5 | 27690b7b0e20b8d8e44f2d6a42ccbd96
D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection
Posted Jul 11, 2014
Authored by Zachary Cutlip | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via UPnP Multicast requests. This Metasploit module has been tested on DIR-300 and DIR-645 devices. Zacharia Cutlip has initially reported the DIR-815 vulnerable. Probably there are other devices also affected.

tags | exploit
MD5 | 7953e3fae4169172e65063c0b959a9c9
HP Security Bulletin HPSBMU03070
Posted Jul 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03070 - A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 85e3815549d59d52289d1f046ad5d90d
HP Security Bulletin HPSBMU03069
Posted Jul 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03069 - Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. This OpenSSL vulnerabilities were detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability, code execution
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-3470
MD5 | b47184e2ce447b660468952f7046e151
Debian Security Advisory 2975-1
Posted Jul 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2975-1 - Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-4995, CVE-2013-4996, CVE-2013-5002, CVE-2013-5003, CVE-2014-1879
MD5 | b1d3fd087e65d68df19c64ade556d71c
Debian Security Advisory 2976-1
Posted Jul 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2976-1 - Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0475
MD5 | fe20a39ddf3f412e5eda2760d03fef6d
Mandriva Linux Security Advisory 2014-135
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-135 - Updated python and python-simplejson packages fix security vulnerability. Python is susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. This issue also affected the python-simplejson package, which has been patched to fix the bug.

tags | advisory, arbitrary, python
systems | linux, mandriva
advisories | CVE-2014-4616
MD5 | 87de04ff0f681579ef65205e4258b1ca
Mandriva Linux Security Advisory 2014-134
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-134 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
MD5 | 57409aaad1d7e8be9c051f4830a9d9c2
Mandriva Linux Security Advisory 2014-133
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-133 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-2497
MD5 | 8bb8172b2a659a7ac87d97f4d375ee70
FoeCMS 1.6.6 SQL Injection
Posted Jul 11, 2014
Authored by Jagriti Sahu

FoeCMS version 1.6.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | be7a40d1f5fcf7caba55b79ae26311c1
Yahoo! Mail Cross Site Scripting
Posted Jul 11, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Yahoo! Mail suffered from a cross site scripting vulnerability via the file attachment upload functionality.

tags | exploit, xss
MD5 | 63742f3bece90416c40a523110b93ef5
Yahoo! Messenger 11.5.0.228 Cross Site Scripting
Posted Jul 11, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

Yahoo! Messenger version 11.5.0.228 suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1783f8ff4794ffe5297460f224b1fe1d
WordPress Download Manager 2.6.8 Shell Upload
Posted Jul 11, 2014
Authored by Claudio Viviani

WordPress Download Manager plugin version 2.6.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 463032c55c7d2981cbc65b28d50c9e9e
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close