accept no compromises
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-07-15

HP Security Bulletin HPSBGN03068
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03068 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
MD5 | 020dfc302035534805fff20f04f6f518
HP Security Bulletin HPSBHF02913
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02913 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS). The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-2618, CVE-2014-2619, CVE-2014-2620, CVE-2014-2621, CVE-2014-2622
MD5 | ffc59ee1daa726341f6126753004c76d
HP Security Bulletin HPSBST03039
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03039 - Potential security vulnerabilities have been identified with HP StoreVirtual 4000 Storage and StoreVirtual VSA. The vulnerabilities could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-2605, CVE-2014-2606
MD5 | 151f1606f019921f03aac0318e20d631
Red Hat Security Advisory 2014-0886-00
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0886-00 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3530
MD5 | 6770791aeb66221afefd7c7750956665
Red Hat Security Advisory 2014-0885-01
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0885-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3530
MD5 | d84f0804efcbb13b93b0d5bed096f2b9
Red Hat Security Advisory 2014-0884-00
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0884-00 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3530
MD5 | 1aa7e848b68e213f20a1c2c84b128f20
Red Hat Security Advisory 2014-0883-01
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0883-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3530
MD5 | c6f053e4fc0562c69509359196280d95
Ubuntu Security Notice USN-2277-1
Posted Jul 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2277-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
MD5 | 93a8c87925f25ea9d27b0c302d31d56e
Ubuntu Security Notice USN-2278-1
Posted Jul 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2278-1 - Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. An attacker could use this issue to cause file to consume resources, resulting in a denial of service. Francisco Alonso discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-7345, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538
MD5 | fb81851d21704a02b5d77a9791591e3f
Wordpress WPTouch Authenticated File Upload
Posted Jul 15, 2014
Authored by Christian Mehlmauer, Marc-Alexandre Montpas | Site metasploit.com

The Wordpress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to the upload folder. Because the plugin also uses it's own file upload mechanism instead of the wordpress api it's possible to upload any file type. The user provided does not need special rights. Also users with "Contributer" role can be abused.

tags | exploit, arbitrary, file upload
MD5 | 35755c96aa5b2a55e7f53da4d7dbff2a
Browserify 4.2.0 Remote Command Execution
Posted Jul 15, 2014
Authored by Cal Leeming

Browserify versions 4.2.0 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 012986b97a18a2df5ebd507f14d4c46d
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Posted Jul 15, 2014
Authored by Matthew Bergin

A vulnerability within VBoxGuest module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 through 4.3.10 are affected.

tags | exploit, arbitrary
advisories | CVE-2014-2477
MD5 | d12111eab153b465d4f38ec3cf15cee4
OctavoCMS Admin Panel Cross Site Scripting
Posted Jul 15, 2014
Authored by Hadi Arjmand

OctavoCMS suffers from cross site scripting vulnerabilities in its administrative panel functionality.

tags | exploit, vulnerability, xss
MD5 | 2f61e95516b2508bf86037006854f9ca
HP Data Protection Manager 8.10 Remote Command Execution
Posted Jul 15, 2014
Authored by Polunchis

HP Data Protection manager version 8.10 suffers from a remote command execution.

tags | exploit, remote
MD5 | 9156ee6da7056e2c2e6c5fa6c036f07b
Elipse E3 Scada PLC Denial Of Service
Posted Jul 15, 2014
Authored by Firebits

HTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition.

tags | exploit, web, denial of service
advisories | CVE-2011-4899
MD5 | 0f66207ba5d50aa96c61917db6e8b852
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close