the original cloud security
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-07-21

Red Hat Security Advisory 2014-0908-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0908-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265
MD5 | 6587a22aad5359e03607421dd0cdfb87
Red Hat Security Advisory 2014-0907-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0907-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
MD5 | ff8cc3b26f7445d52687f4dff8bc739a
Red Hat Security Advisory 2014-0910-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0910-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.2 release serves as a replacement for JBoss Operations Network 3.2.1, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-5855, CVE-2014-0058, CVE-2014-0193, CVE-2014-3530
MD5 | 62091fc0a99df4b44f0ec91aae223025
Apache Scoreboard / Status Race Condition
Posted Jul 21, 2014
Authored by AKAT-1, 22733db72ab3ed94b5f8a1ffcde850251fe6f466

A race condition between updating httpd's "scoreboard" and mod_status leads to scenarios where a heap buffer overflow can occur with a user supplied payload. It can also leak heap and critical memory such as htaccess credentials, SSL private keys, and more. Apache version 2.4.7 is affected.

tags | exploit, overflow
advisories | CVE-2014-0226
MD5 | c908d3bd143d05eba746430d3d372dc6
MyConnection Server (MCS) 9.7i Cross Site Scripting
Posted Jul 21, 2014
Authored by 1N3 | Site treadstonesecurity.blogspot.ca

MyConnection Server (MCS) version 9.7i suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d75c7468df3eba868a30c2b7defff1ac
IBM 1754 GCM KVM Code Execution / File Read / XSS
Posted Jul 21, 2014
Authored by Alejandro Alvarez Bravo

The IBM 1754 GCM KVM suffers from code execution, arbitrary file read, and cross site scripting vulnerabilities. Versions 1.20.0.22575 and below are vulnerable.

tags | exploit, arbitrary, vulnerability, code execution, xss
advisories | CVE-2014-2085, CVE-2014-3080, CVE-2014-3081
MD5 | 45362f1e1a43c79c45707dd9a29f1fdc
Ubuntu Security Notice USN-2293-1
Posted Jul 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2293-1 - Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2014-3537
MD5 | 2b8ae96326f8514bde88033e30bf2d08
Debian Security Advisory 2983-1
Posted Jul 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2983-1 - Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.

tags | advisory, denial of service, xss
systems | linux, debian
MD5 | 7d923bdcc090166b1830dcd3e85214f2
Debian Security Advisory 2982-1
Posted Jul 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.

tags | advisory, vulnerability, sql injection
systems | linux, debian
advisories | CVE-2014-3482, CVE-2014-3483
MD5 | e04a1f8fc5f1a08008f4b490c1340374
Otori 0.3
Posted Jul 21, 2014
Authored by Ben Lincoln | Site beneaththewaves.net

This is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or automatically walk the directory structure if the vulnerable system is based on Java.

Changes: Includes a pair of generic XXE modules for copy/pasting from e.g. Burp Suite and then walking the target system's directory structure. Also included are some example files for doing blind reads of interesting files from the target if it does not support walking the filesystem.
tags | tool, java, scanner
systems | unix
MD5 | 17cdfcaed2134b3fdfb02d599e5c9abb
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Posted Jul 21, 2014
Authored by Matthew Bergin

A vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft MQ Access Control version 5.1.0.1110 on XP SP3 is affected.

tags | exploit, arbitrary
advisories | CVE-2014-4971
MD5 | ce86a2f27525ca3f4db06ec497115163
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Posted Jul 21, 2014
Authored by Matthew Bergin

A vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft Bluetooth Personal Area Networking version 5.1.2600.5512 on XP SP3 is affected.

tags | exploit, arbitrary
advisories | CVE-2014-4971
MD5 | ed26d81edaf1517ff53bc15972ae9514
Elasticsearch Logstash 1.4.1 Command Execution
Posted Jul 21, 2014
Authored by Jordan Sissel

Elasticsearch Logstash versions 1.0.14 through 1.4.1 suffer from a remote command execution vulnerability.

tags | advisory, remote
advisories | CVE-2014-4326
MD5 | 7ea84e46a39541957bfba50c5c330638
Tenable Nessus 5.2.7 Parameter Tampering / Authentication Bypass
Posted Jul 21, 2014
Authored by Robert Gilbert

Tenable Nessus versions 5.2.3 through 5.2.7 suffer from authentication bypass vulnerabilities via parameter tampering.

tags | exploit, vulnerability, bypass
advisories | CVE-2014-4980
MD5 | 46912f28ccb14f9367fbd47370fd80de
MTS MBlaze 3G Wi-Fi Modem Data Theft / Modification
Posted Jul 21, 2014
Authored by Ajin Abraham

Proof of concept code for the MTS MBlaze 3G Wi-Fi Modem that suffers from credential theft, login bypass, password reset, and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, proof of concept, csrf
MD5 | d329974bc22ef14d1d065b73714ce556
vBulletin 5.1.2 SQL Injection
Posted Jul 21, 2014
Authored by Nytro

vBulletin version 5.1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d9b677434bf4017a8fb77abad7268539
World Of Warcraft 3.3.5a Stack Overflow
Posted Jul 21, 2014
Authored by Alireza Chegini

World Of Warcraft version 3.3.5a suffers from a stack overflow vulnerability.

tags | exploit, overflow
MD5 | 885d11c08a998eab691d5f25c9d5abf6
WordPress Gallery Objects 0.4 SQL Injection
Posted Jul 21, 2014
Authored by Claudio Viviani

WordPress Gallery Objects plugin version 0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | df061d890c1d254c3005d5dd51e5d69e
Design Foundry Cross Site Scripting / SQL Injection
Posted Jul 21, 2014
Authored by Hekt0r

Sites designed by the Design Foundry suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 66926c6bc23f0a1ca03dedfff9c709e8
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close