the original cloud security
Showing 1 - 25 of 25 RSS Feed

Files Date: 2014-07-22

Ansible 1.6.6 Arbitrary Code Execution
Posted Jul 22, 2014
Authored by Open Source CERT

The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables. Versions 1.6.6 and below are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-4966, CVE-2014-4967
MD5 | 32424d10f6db1daafea5df4630bedab2
SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting
Posted Jul 22, 2014
Authored by William Costa

DELL SonicWALL GMS version 7.2 build 7221.1701 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9f9279671af6157aac260657d389b287
HP Security Bulletin HPSBMU03071
Posted Jul 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03071 - A potential security vulnerability has been identified with HP Autonomy IDOL. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows a Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-0224
MD5 | 96a2bd280ba3fb203695eb3520153efd
EventLog Analyzer 9.0 Build #9000 Cross Site Scripting
Posted Jul 22, 2014
Authored by Andrea Bodei, Sisco Barrera, A. Tsvetkov | Site A2secure.com

EventLog Analyzer version 9.0 build #9000 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ea3f91804598df761a9e7225d01fb7d5
Ubuntu Security Notice USN-2296-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2296-1 - Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1549, CVE-2014-1550, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560
MD5 | b91ce0b0228e39ddfc7d8cdc86868e60
Ubuntu Security Notice USN-2295-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2295-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560, CVE-2014-1561
MD5 | 32b701cc036eacbc756a150c23438748
Red Hat Security Advisory 2014-0918-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0918-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
MD5 | e3d50b6e5dcfab16838099153d0b6f6f
Red Hat Security Advisory 2014-0917-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545
MD5 | 125563ddbb4d52dd83f64bf8258af734
Red Hat Security Advisory 2014-0915-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0915-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
MD5 | 3fa6a5e508600473974feac200f6bbbe
Red Hat Security Advisory 2014-0916-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0916-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
MD5 | c8fdd0fb314749eab974d45d754a8e6a
Red Hat Security Advisory 2014-0914-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0914-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file; parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2014-0179
MD5 | 8b10cdf96cfa1e65dc0c3b442196fa12
Red Hat Security Advisory 2014-0913-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0913-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181, CVE-2014-0206, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153, CVE-2014-3917, CVE-2014-3940, CVE-2014-4027, CVE-2014-4667, CVE-2014-4699
MD5 | 0b79965eb0beab6d5643819677a1a532
Ubuntu Security Notice USN-2297-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2297-1 - CESG discovered that acpi-support incorrectly handled certain privileged operations when checking for power management daemons. A local attacker could use this flaw to execute arbitrary code and elevate privileges to root.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2014-1419
MD5 | 599ce013114c43843a130e79301f9a73
Ubuntu Security Notice USN-2294-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2294-1 - It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service. It was discovered that Libtasn1 incorrectly handled negative bit lengths. An attacker could exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 6eabf0eb3b4fb112f11533d8dd59f4d2
Linux Kernel ptrace/sysret Local Privilege Escalation
Posted Jul 22, 2014
Authored by Vitaly Nikolenko

Linux Kernel ptrace/sysret local privilege escalation proof of concept exploit.

tags | exploit, kernel, local, proof of concept
systems | linux
advisories | CVE-2014-4699
MD5 | 94c88567c610853f4926b687106afb46
SGMiner / CGMiner Denial Of Service
Posted Jul 22, 2014
Authored by Mick Ayzenberg

SGMiner versions prior to 4.2.2 and CGMiner versions 3.3.0 through 4.0.1 suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2014-4503
MD5 | 091ac4567e006cce1b35aaee26d7867c
SGMiner / CGMiner / BFGMiner Stack Overflow
Posted Jul 22, 2014
Authored by Mick Ayzenberg

SGMiner versions prior to 4.2.2, CGMiner versions prior to 4.3.5, and BFGMinter versions prior to 3.3.0 suffer from a stack overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2014-4501
MD5 | bef848937be88b954e600e6598497874
ISACA Ireland Call For Papers
Posted Jul 22, 2014

ISACA Ireland is seeking innovated session proposals that will engage an audience of information security, assurance. The conference will be held October 3rd, 2014 in Dublin, Ireland.

tags | paper, conference
MD5 | f8fd1caf7ae91df06d2c64d8191bb718
SGMiner / CGMiner / BFGMiner Heap Overflow
Posted Jul 22, 2014
Authored by Mick Ayzenberg

SGMiner versions prior to 4.2.2, CGMiner versions prior to 4.3.5, and BFGMinter versions prior to 3.3.0 suffer from a heap overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2014-4502
MD5 | 7d14c20d101f13e1a8db41497642f5ae
Symantec Endpoint Protection Manager 12.1.4023.4080 Login Bruteforce
Posted Jul 22, 2014
Authored by Andrea Bodei, Sisco Barrera, A. Tsvetkov | Site A2secure.com

Symantec Endpoint Protection Manager version 12.1.4023.4080 suffers from a login bruteforcing vulnerability.

tags | exploit, cracker
MD5 | ffbb04c68396f9de185c389bb97ce74e
Barracuda Networks Spam And Virus Firewall 6.0.2 XSS
Posted Jul 22, 2014
Authored by Ebrahim Hegazy | Site vulnerability-lab.com

Barracuda Networks Spam and Virus Firewall version 6.0.2 suffers from a client-side cross site scripting vulnerability.

tags | exploit, virus, xss
MD5 | 1a35e3fb01a71204fe3c6977d9a89a8d
Apache 2.4.x mod_proxy Denial Of Service
Posted Jul 22, 2014
Authored by Marek Kroemeke, AKAT-1, 22733db72ab3ed94b5f8a1ffcde850251fe6f466

Apache versions 2.4.x prior to 2.4.10 suffer from a denial of service condition when mod_proxy is in use.

tags | exploit, denial of service
advisories | CVE-2014-0117
MD5 | 8aebf78a323b896068a67bfc89f7a4a1
Sum Technologies SQL Injection
Posted Jul 22, 2014
Authored by th3rockst3r

Sites powered by Sum Technologies suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3237a3524b927423973d5590f79e19a6
DjVuLibre 3.5.25.3 Out Of Bounds Access Violation
Posted Jul 22, 2014
Authored by drone

DjVuLibre versions 3.5.25.3 and below suffer from an out of bounds access violation vulnerability.

tags | exploit
MD5 | 2fc2f05de190584d3fb754e225e0b64d
DBMS_XMLSTORE As An Auxiliary SQL Injection Function In Oracle 12c
Posted Jul 22, 2014
Authored by David Litchfield

The ability to execute arbitrary SQL on Oracle via a SQL injection flaw is hampered by the fact that the Oracle RDBMS will not batch multiple queries. Typically, a low privileged attacker with say only the CREATE SESSION privilege, must find a function they can inject that will allow them to execute a block of anonymous PL/SQL. These are known as auxiliary inject functions. Depending upon the version of Oracle and what components are installed auxiliary inject functions may be few and far between. For example, on Oracle 12c with the internal Java VM removed, there may be none. Indeed, during a recent client assessment the author of this paper was confronted with such a situation: a PL/SQL injection flaw but with no easy method for easy exploitation to gain full control of the database server. This paper presents a method around such a problem using DBMS_XMLSTORE and, co-incidentally, DBMS_XMLSAVE. This method can be used in web-based SQL injection attacks, as well.

tags | paper, java, web, arbitrary, sql injection
MD5 | d24504669a9cae4404a95a4af656e24a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close