exploit the possibilities
Showing 1 - 25 of 29 RSS Feed

Files Date: 2014-07-16

Oracle Data Redaction Is Broken
Posted Jul 16, 2014
Authored by David Litchfield

Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.

tags | paper, web, sql injection
SHA-256 | 8cb488d94f0f24c541295b45894955646b915f06b2bd3f2038f2c4e7aac4422f
pyClamd 0.3.10
Posted Jul 16, 2014
Authored by Alexandre Norman | Site xael.org

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.

Changes: Various bug fixes.
tags | tool, virus, python
systems | unix
SHA-256 | ed77743c32298b151c881cc52a211e188bd24203ae402f2640def858c6a2bca7
Bitdefender GravityZone File Disclosure / Missing Authentication
Posted Jul 16, 2014
Authored by S. Viehbock | Site sec-consult.com

Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.

tags | exploit, local, vulnerability
SHA-256 | af619d5dbc0d5687b495f706bf14196eb93f0a0131142a9608bdc0bdfd57b826
Microsoft Windows DirectShow Privilege Escalation
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2014-2780
SHA-256 | 40f607f1e58adf819a7c42c06abb4eb9360e75d0caf490c0619a31a7fb069410
e107 2.0 alpha2 Cross Site Scripting
Posted Jul 16, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4734
SHA-256 | 56bd876fd3e9e58a94c3248fcca4128f67bd75df9310ba5fdddc5ae0a7a6879c
Citrix Netscaler Disclosure / Cross Site Scripting
Posted Jul 16, 2014
Authored by S. Viehbock | Site sec-consult.com

Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-4346, CVE-2014-4347
SHA-256 | d1476599affa41b884dec786579a526abb8aa5d7a7e7ce2a41d003a8d5c21aa6
Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.

tags | advisory, arbitrary, bypass
advisories | CVE-2014-2777
SHA-256 | 700a7758a2ea45f7d7adc64c38c0a1f3ef968cb15f258ae383dc779133000aca
OpenVPN Access Server Arbitrary Code Execution
Posted Jul 16, 2014
Authored by S. Viehbock | Site sec-consult.com

Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.

tags | advisory, remote, arbitrary
SHA-256 | 3f95a17f5a3e3e08e1e5b964c913a1f26f928b80824fd0094146709d8a80f674
Microsoft Internet Explorer Request Object Confusion Sandbox Bypass
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.

tags | advisory, code execution, bypass
advisories | CVE-2014-1764
SHA-256 | 7b2092a65c7957bd27e081adb9fb8fc46c778ffa0f86266785a00a12ab75e46f
Microsoft Internet Explorer CSS @import Memory Corruption
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.

tags | advisory, web, arbitrary
advisories | CVE-2014-1763
SHA-256 | cd96a783b0ba06438db8d155e68c36b5c423d9b3a31f74080fdd6447b9005d44
Alfresco Community Edition 4.2.f Server Side Request Forgery
Posted Jul 16, 2014
Authored by V. Paulikas | Site sec-consult.com

Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 19ce2a94ba7b3ac977579971c45cb86e989ade80fc0002971cfee5378a52f153
HP Security Bulletin HPSBMU03072 SSRT101644
Posted Jul 16, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-2623
SHA-256 | b2ab6e14584863667d15fb117618e07354ef9957457802c05b651e4fba71c1fe
Ubuntu Security Notice USN-2280-1
Posted Jul 16, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2280-1 - It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3985
SHA-256 | 5117542815fcf93452faef16813bce06800a6e938b6b81dd1edc398b7cd296c0
Ubuntu Security Notice USN-2279-1
Posted Jul 16, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-4909
SHA-256 | 102c3b451b291373563c086d75532664f1f5b37b475c6c040d5b1359c0209760
Red Hat Security Advisory 2014-0889-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0889-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
SHA-256 | d955c02b6fb6ac14d03885483e62d7eae4828a382f7ace3097c1309e2b00fc3a
Red Hat Security Advisory 2014-0898-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0898-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, web, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 18741ed083fd88bef12746d5d7cb90c7633e1bbdee424711f7b3da2352532b3c
Red Hat Security Advisory 2014-0897-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0897-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, web, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 80ff770a940677ba6ce6e5fd9f188c8b53262afdde5337e1bd2d8f9c30bc6b65
Red Hat Security Advisory 2014-0896-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0896-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.5.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-1624, CVE-2013-5855
SHA-256 | f3cb7fd4bf3ab53aa837fd1043fd374cbb2e9e4e0d0f3b86eac19d2b75a3056c
Red Hat Security Advisory 2014-0895-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0895-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for Red Hat JBoss Data Grid 6.2.1. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0058, CVE-2014-0059, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | aeb0b570938a9a6265d4028ddf3b4294b3853a5be7bb3907f9ec1aa0586df308
Gentoo Linux Security Advisory 201407-04
Posted Jul 16, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-4 - A vulnerability in GnuPG can lead to a Denial of Service condition. Versions less than 2.0.24 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-4617
SHA-256 | f7be745ceed87b9b64547f9e9de4ec5241c8f3295bfdc3031551291bb5a16ced
Red Hat Security Advisory 2014-0890-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0890-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
SHA-256 | b3aae823004ba1feeaae51546b3ea5b2573c2738250f2333c1900c5b9508acae
Gentoo Linux Security Advisory 201407-03
Posted Jul 16, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-3 - Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Versions less than 4.3.2-r4 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2013-1442, CVE-2013-4329, CVE-2013-4355, CVE-2013-4356, CVE-2013-4361, CVE-2013-4368, CVE-2013-4369, CVE-2013-4370, CVE-2013-4371, CVE-2013-4375, CVE-2013-4416, CVE-2013-4494, CVE-2013-4551, CVE-2013-4553, CVE-2013-4554, CVE-2013-6375, CVE-2013-6400, CVE-2013-6885, CVE-2014-1642, CVE-2014-1666, CVE-2014-1891, CVE-2014-1892, CVE-2014-1893, CVE-2014-1894, CVE-2014-1895, CVE-2014-1896, CVE-2014-2599, CVE-2014-3124
SHA-256 | 600ec9e94e030b36e7d0770eb003e8d183518912299983d949f22aba378524ac
Red Hat Security Advisory 2014-0887-02
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0887-02 - JBoss Remoting is a stand-alone project that provides an API for making remote invocations using pluggable transports and data marshallers. JBoss Application Server 5 and supported Red Hat JBoss 5.x products contain JBoss Remoting, which includes a partial implementation of the JMX remoting specification JSR 160. This implementation is provided in jmx-remoting.sar, which is deployed by default in unsupported community releases of JBoss Application Server 5.x. This implementation does not implement security as defined in JSR 160, and therefore does not apply any authentication or authorization constraints. A remote attacker could use this flaw to potentially execute arbitrary code on a vulnerable server. All of the supported Red Hat JBoss 5.x products are not affected by this issue in their default configuration. These products are only vulnerable if JMX remoting is enabled by manually deploying jmx-remoting.sar from the jboss-as/docs/examples directory. Unsupported community releases of JBoss Application Server 5.x are affected. All users of the standalone JBoss Remoting project are also affected.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-3518
SHA-256 | 135d5c4a321a8fbc578a3508486fc58852de448195dd8f13ec7114baf60130ff
Packet Fence 4.3.0
Posted Jul 16, 2014
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This release adds many bugfixes and enhancements.
tags | tool, remote
systems | unix
SHA-256 | ba825885413fc4d7679b701155a73856cd1ffdbf16a187bbb079a88d43c69956
Joomla Youtube Gallery 4.1.7 SQL Injection
Posted Jul 16, 2014
Authored by Pham Van Khanh

Joomla Youtube Gallery component version 4.1.7 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-4960
SHA-256 | 8eb97c488001bd59478d014e3535c51b5f47ba324ae8929abe3595af874685f8
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close