what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-07-11

Lynis Auditing Tool 1.5.7
Posted Jul 11, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Implementation of SafePerms function. Added notification when exceptions are found. Fix for error_log handling in nginx.
tags | tool, scanner
systems | unix
SHA-256 | ef72f8cf95e036c9e25ca2cbbb15eb95e3313d299510f0c4a7e30bb25127fdc8
OpenVPN Private Tunnel Privilege Escalation
Posted Jul 11, 2014
Authored by LiquidWorm | Site zeroscience.mk

The Private Tunnel application suffers from an unquoted search path issue impacting the Core Service 'ptservice' service for Windows deployed as part of PrivateTunnel bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application. OpenVPN version 2.1.28.0 (PrivateTunnel 2.3.8) is affected.

tags | exploit, arbitrary, local, root
systems | windows
SHA-256 | 1982811cca8c4967ad80bdbb680ede09b9ad33b3645539f9d125c817aa9bbe3a
WAGO-I/O-SYSTEM CODESYS 2.3 WebVisu Password Extraction
Posted Jul 11, 2014
Authored by Christian Kudera, Stefan Riegler | Site sec-consult.com

WAGO-I/O-SYSTEM with CODESYS version 2.3 WebVisu suffers from a password extraction vulnerability that allows for privilege escalation.

tags | advisory
SHA-256 | b4b37b094d65be35ac36e1dcb871c431cca2cb435ddcdc239b6d051e7de27c35
Schrack MICROCONTROL XSS / Disclosure / Weak Default Password
Posted Jul 11, 2014
Authored by Christian Kudera | Site sec-consult.com

Schrack MICROCONTROL versions prior to 1.7.0 (937) suffer from cross site scripting, weak default password, and data disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ac3daaa3ec1fea3bd206d4c88bfd45b9b0def76b61c4b06bde03b01f98f45c67
Shopizer 1.1.5 Authorization Bypass / Hardcoded Key
Posted Jul 11, 2014
Authored by Kestutis Gudinavicius | Site sec-consult.com

Shopizer version 1.1.5 suffers from authentication and authorization bypass vulnerabilities and also has a hardcoded default encryption key.

tags | exploit, vulnerability
SHA-256 | 3151b133fe3a990ab5b4430efd7f97f3a1ea24619f03afeb2acc81fee40ad78c
Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation
Posted Jul 11, 2014
Authored by Johannes Greil, Johannes Dahse | Site sec-consult.com

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf
SHA-256 | e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8d
D-Link info.cgi POST Request Buffer Overflow
Posted Jul 11, 2014
Authored by Craig Heffner | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the my_cgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasploit module has been successfully tested on D-Link DSP-W215 in an emulated environment.

tags | exploit, remote, web, overflow, cgi, code execution
SHA-256 | 43736a283718e26edea62c6eac8d7fee90f2153854e5ba828b05e5d93aada113
D-Link HNAP Request Remote Buffer Overflow
Posted Jul 11, 2014
Authored by Craig Heffner | Site metasploit.com

This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is due to an stack based buffer overflow while handling malicious HTTP POST requests addressed to the HNAP handler. This Metasploit module has been successfully tested on D-Link DIR-505 in an emulated environment.

tags | exploit, remote, web, overflow, code execution
advisories | CVE-2014-3936
SHA-256 | d5c1234114f0d3f1eea91c96527721cb48a9b2b6cddece427779fb9fdccd3e20
D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection
Posted Jul 11, 2014
Authored by Zachary Cutlip | Site metasploit.com

Different D-Link Routers are vulnerable to OS command injection via UPnP Multicast requests. This Metasploit module has been tested on DIR-300 and DIR-645 devices. Zacharia Cutlip has initially reported the DIR-815 vulnerable. Probably there are other devices also affected.

tags | exploit
SHA-256 | fa69b72b39331733dc17d58a1b790184d23e6c23fa2a9e676f656d47d0fcd96f
HP Security Bulletin HPSBMU03070
Posted Jul 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03070 - A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerability. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 1fafbd8fecbed0cec79bbf1a7c32ac6975fed0069dc7592805beeacca7c6f792
HP Security Bulletin HPSBMU03069
Posted Jul 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03069 - Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. This OpenSSL vulnerabilities were detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability, code execution
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-3470
SHA-256 | ef1f29ac5ba91c5848105e696dc6e7c2126999c14cf33cd9e5983d066a8dbd98
Debian Security Advisory 2975-1
Posted Jul 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2975-1 - Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-4995, CVE-2013-4996, CVE-2013-5002, CVE-2013-5003, CVE-2014-1879
SHA-256 | bfc5fc0210e27cc84c88de3c05372ca86215bab01f9987d8de50ef36e62142e9
Debian Security Advisory 2976-1
Posted Jul 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2976-1 - Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0475
SHA-256 | 94c9d56b614e336f0300c3fd5f848715f37c4785060190c3964e8ca986c48b52
Mandriva Linux Security Advisory 2014-135
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-135 - Updated python and python-simplejson packages fix security vulnerability. Python is susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. This issue also affected the python-simplejson package, which has been patched to fix the bug.

tags | advisory, arbitrary, python
systems | linux, mandriva
advisories | CVE-2014-4616
SHA-256 | 2e1ca44b3c7d0495fc892ad6c604a6c8751d93020484cf8a66712eb8e88b1b55
Mandriva Linux Security Advisory 2014-134
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-134 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 09f3697bd7c1262d63ac7bceb9874b1046533a6d16eef40e1a9088a4a91adca4
Mandriva Linux Security Advisory 2014-133
Posted Jul 11, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-133 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-2497
SHA-256 | d460aaf876807f15872b4b5bf6c5498b0747b4ec864db29789daf7a30e6ee5f0
FoeCMS 1.6.6 SQL Injection
Posted Jul 11, 2014
Authored by Jagriti Sahu

FoeCMS version 1.6.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7ee629cd6d58c6489b5b1ddf00e563510af28766ba079ea1ab9001ca41154f64
Yahoo! Mail Cross Site Scripting
Posted Jul 11, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Yahoo! Mail suffered from a cross site scripting vulnerability via the file attachment upload functionality.

tags | exploit, xss
SHA-256 | 8945f1f89b8ce25eda6550fcc02dc3e0f251dd0d613214792dc3867ab3a2b462
Yahoo! Messenger 11.5.0.228 Cross Site Scripting
Posted Jul 11, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

Yahoo! Messenger version 11.5.0.228 suffered from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7e8e628207f2117ebd6547af3d631e69042df4f345a5051befbc9558c8f5786d
WordPress Download Manager 2.6.8 Shell Upload
Posted Jul 11, 2014
Authored by Claudio Viviani

WordPress Download Manager plugin version 2.6.8 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 9a523713be98ae6895b4babac67e3d128a5811593a45e46b4784da404b6813a7
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close