what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-07-21

Red Hat Security Advisory 2014-0908-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0908-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265
SHA-256 | ffbd23e1ffa92495eb815c4ce9fe146ac8dbf2ad7faab7a36f44fbff8b6e6656
Red Hat Security Advisory 2014-0907-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0907-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
SHA-256 | 5d4dc327b258590b3b361bd36345fb85de08449993e8a79dc78af5a20677802d
Red Hat Security Advisory 2014-0910-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0910-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.2 release serves as a replacement for JBoss Operations Network 3.2.1, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-5855, CVE-2014-0058, CVE-2014-0193, CVE-2014-3530
SHA-256 | 7af56d5dc9c292b2a0044d35f62a3d98324ab1a497e7002967f712beb2148fa0
Apache Scoreboard / Status Race Condition
Posted Jul 21, 2014
Authored by AKAT-1, 22733db72ab3ed94b5f8a1ffcde850251fe6f466

A race condition between updating httpd's "scoreboard" and mod_status leads to scenarios where a heap buffer overflow can occur with a user supplied payload. It can also leak heap and critical memory such as htaccess credentials, SSL private keys, and more. Apache version 2.4.7 is affected.

tags | exploit, overflow
advisories | CVE-2014-0226
SHA-256 | ee93437fdd7a87a46f45a1de0aa1d92409e430a87df1e246e818c6f4f25fa1ec
MyConnection Server (MCS) 9.7i Cross Site Scripting
Posted Jul 21, 2014
Authored by 1N3 | Site treadstonesecurity.blogspot.ca

MyConnection Server (MCS) version 9.7i suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5a16d17c8e73a4dfbe43b4d1e8e6c805b4f1e52f5f10b58566b5e4aa143981ce
IBM 1754 GCM KVM Code Execution / File Read / XSS
Posted Jul 21, 2014
Authored by Alejandro Alvarez Bravo

The IBM 1754 GCM KVM suffers from code execution, arbitrary file read, and cross site scripting vulnerabilities. Versions 1.20.0.22575 and below are vulnerable.

tags | exploit, arbitrary, vulnerability, code execution, xss
advisories | CVE-2014-2085, CVE-2014-3080, CVE-2014-3081
SHA-256 | 34b46f6efc7a6f5be6994d9dd9ba60ffa5ba29218e6a3823dedc1b4384fc4d64
Ubuntu Security Notice USN-2293-1
Posted Jul 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2293-1 - Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2014-3537
SHA-256 | d0afde3f652695a582f8f83010eff7e3e04b687512bd57083978cd1bcf5e8994
Debian Security Advisory 2983-1
Posted Jul 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2983-1 - Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.

tags | advisory, denial of service, xss
systems | linux, debian
SHA-256 | 938dadbb8de11e8c9f694b1d0aa220d43066d093cbf3007b9fcf5251f03c8315
Debian Security Advisory 2982-1
Posted Jul 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.

tags | advisory, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2014-3482, CVE-2014-3483
SHA-256 | 331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7b
Otori 0.3
Posted Jul 21, 2014
Authored by Ben Lincoln | Site beneaththewaves.net

This is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or automatically walk the directory structure if the vulnerable system is based on Java.

Changes: Includes a pair of generic XXE modules for copy/pasting from e.g. Burp Suite and then walking the target system's directory structure. Also included are some example files for doing blind reads of interesting files from the target if it does not support walking the filesystem.
tags | tool, java, scanner, xxe
systems | unix
SHA-256 | 2a7816d21a64e47351a2d07b9a62e0b2608e025ddb24e5a5ec4f745d5b82bbfb
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Posted Jul 21, 2014
Authored by Matthew Bergin

A vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft MQ Access Control version 5.1.0.1110 on XP SP3 is affected.

tags | exploit, arbitrary
advisories | CVE-2014-4971
SHA-256 | ac6de6f3a8cc010f9936f8753463cdbb1d352b1255340abf3d899a75f1c67f7b
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Posted Jul 21, 2014
Authored by Matthew Bergin

A vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft Bluetooth Personal Area Networking version 5.1.2600.5512 on XP SP3 is affected.

tags | exploit, arbitrary
advisories | CVE-2014-4971
SHA-256 | 9520a3d17643c7ebf1130b867b4f899c083ee1d3103c9e343a9e895529ec8545
Elasticsearch Logstash 1.4.1 Command Execution
Posted Jul 21, 2014
Authored by Jordan Sissel

Elasticsearch Logstash versions 1.0.14 through 1.4.1 suffer from a remote command execution vulnerability.

tags | advisory, remote
advisories | CVE-2014-4326
SHA-256 | af4c8c7dd3bc0722d099ec0c672298ee3ab08240c306a42f89bf7e33cf00c9e4
Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass
Posted Jul 21, 2014
Authored by Robert Gilbert

Tenable Nessus versions 5.2.3 through 5.2.7 suffer from authentication bypass vulnerabilities via parameter tampering.

tags | exploit, vulnerability, bypass
advisories | CVE-2014-4980
SHA-256 | 33337334a513e4df4458a963f3444bbb96eb239bd1c02b33d1f2ff8080064786
MTS MBlaze 3G Wi-Fi Modem Data Theft / Modification
Posted Jul 21, 2014
Authored by Ajin Abraham

Proof of concept code for the MTS MBlaze 3G Wi-Fi Modem that suffers from credential theft, login bypass, password reset, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, proof of concept, csrf
SHA-256 | c237b06e1b37e1e0e5a7bab3e3cb3740e9813d5c396e49c2dd6218c589c8f199
vBulletin 5.1.2 SQL Injection
Posted Jul 21, 2014
Authored by Nytro

vBulletin version 5.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | db8cf150020eef4c1a00944e82999c0b883bc572da700d8850068754842585aa
World Of Warcraft 3.3.5a Stack Overflow
Posted Jul 21, 2014
Authored by Alireza Chegini

World Of Warcraft version 3.3.5a suffers from a stack overflow vulnerability.

tags | exploit, overflow
SHA-256 | 6c348ae053fb80af888cc9d1fe45f3ae586846d8bf805794fc5cc1a77e195153
WordPress Gallery Objects 0.4 SQL Injection
Posted Jul 21, 2014
Authored by Claudio Viviani

WordPress Gallery Objects plugin version 0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 303e8fce5b978c0a5f0a4342187a24f0b8a25adc008fa5057ac61f3fb16e685d
Design Foundry Cross Site Scripting / SQL Injection
Posted Jul 21, 2014
Authored by Hekt0r

Sites designed by the Design Foundry suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | ac285e3041cdfdf4907dccb955ca1807933b3c910d7fea8386914ba076c0b995
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close