what you don't know can hurt you
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-07-23

E2 2844 SQL Injection
Posted Jul 23, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

E2 version 2844 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-4736
SHA-256 | 63913ddb814634966361c1f31d81e76051565a5ad0dff9f9eb82add59af7c65f
LPAR2RRD 3.5 / 4.53 Command Injection
Posted Jul 23, 2014
Authored by Open Source CERT, Juergen Bilberger

Insufficient input sanitization on the parameters passed to the application web gui leads to arbitrary command injection on the LPAR2RRD application server. Versions 4.53 and below and 3.5 and below are affected.

tags | advisory, web, arbitrary
advisories | CVE-2014-4981, CVE-2014-4982
SHA-256 | 1a1002b04f4d303d72eb47b9c4e32b31388ec73b29abfea315a4fb3c871f89ea
HP Security Bulletin HPSBMU03073
Posted Jul 23, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03073 - A potential security vulnerability has been identified with HP Network Vitalization. The vulnerability could be exploited remotely to allow execution of code and disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-2625, CVE-2014-2626
SHA-256 | 317d2933e8c75481a45e48b6b953256ef0359b24b49d3bd039fe3998e19fa24a
Debian Security Advisory 2984-1
Posted Jul 23, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2984-1 - CESG discovered a root escalation flaw in the acpi-support package. An unprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment variable to run arbitrary commands as root user via the policy-funcs script.

tags | advisory, arbitrary, root
systems | linux, debian
advisories | CVE-2014-1419
SHA-256 | adaf1b772581837925185b0f8fb07ac5691d61ada127b8bcdfcadbfe95eb3291
Red Hat Security Advisory 2014-0921-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0921-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-4352, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
SHA-256 | 5f6342d6a0ba942fed1212f30532f2a6f06b9ce40839eb606fcaa582d6020ed3
Red Hat Security Advisory 2014-0920-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0920-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
SHA-256 | 7a830cef22aa2d0447ea727c0b8c19ebb2b6de8d903602bcceaa93477c2004d8
Red Hat Security Advisory 2014-0922-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0922-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-4352, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
SHA-256 | e474b0462ddaef58ac68027aa2da2ff235007fd49f59f3fd341b94b4a0cbdbb9
Ubuntu Security Notice USN-2299-1
Posted Jul 23, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2299-1 - Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
SHA-256 | 52c1adb5bf8f07e13c58b7beb3414522ce15e2686f455949248cc1c2d9b6f33f
Ubuntu Security Notice USN-2298-1
Posted Jul 23, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2298-1 - A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. A type confusion bug was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1730, CVE-2014-1731, CVE-2014-1735, CVE-2014-1740, CVE-2014-1741, CVE-2014-1742, CVE-2014-1743, CVE-2014-1744, CVE-2014-1746, CVE-2014-1748, CVE-2014-3152, CVE-2014-3154, CVE-2014-3155, CVE-2014-3157, CVE-2014-3160, CVE-2014-3162, CVE-2014-3803
SHA-256 | f04f0d08eabf376cf8df89a6160d58cebda3d1bf4b781e0b5974197ae1cc96ab
Red Hat Security Advisory 2014-0926-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0926-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets. A local, unprivileged user could use this flaw to crash the system. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-2678, CVE-2014-4021
SHA-256 | 64df96cc59f1efde805ebd934314dcedc8fb19134e675f87b2c0c455237419de
Red Hat Security Advisory 2014-0925-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0925-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
SHA-256 | 7a4b98cc6162c0bbcf1ed682d4479d010efef9351b16d2d8aaec4c5b5754f6b5
Red Hat Security Advisory 2014-0927-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0927-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461
SHA-256 | 43a93a5808a3210c405d552f4a7fb770b717bc2bfc530c0db6443987ead11ed8
Red Hat Security Advisory 2014-0923-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0923-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
SHA-256 | 4d9fa3565ece76fb9ea52e62fb528ffab94970fb7731beb9d410ef7eee5e04f9
Red Hat Security Advisory 2014-0924-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-4699, CVE-2014-4943
SHA-256 | c438375570283d51bded0b1728d4f457f686151478e25dac149c079f49e029f5
Debian Security Advisory 2985-1
Posted Jul 23, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2985-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.38.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260
SHA-256 | 3b51d1398c465f42e11fcde6139c0e15f394f85cee7636d461f42beaa1c45591
Red Hat Security Advisory 2014-0919-01
Posted Jul 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0919-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
SHA-256 | 49a62946225e595f8af013ca9c7361ee2703b561dbf519e4fcdcfd7b43f3d480
SILC (Secure Internet Live Conferencing) Client 1.1.11
Posted Jul 23, 2014
Authored by priikone | Site silcnet.org

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet. It can be used to send any kind of messages, in addition to normal text messages. This includes multimedia messages like images, video, and audio stream. All messages in the SILC network are encrypted and authenticated, and messages can also be digitally signed. SILC protocol supports AES, SHA-1, PKCS#1, PKCS#3, X.509, OpenPGP, and is being developed in the IETF. This tarball holds all client related files.

Changes: This version adds plugin changes, performs better public key verification, and addresses various issues.
tags | tool, protocol
systems | unix
SHA-256 | 8cedf2f3c15322296afe094de60504bc27e349f1942713a2f322c7ef6ad5089e
CMS VIA-X SQL Injection
Posted Jul 23, 2014
Authored by Felipe Andrian Peixoto

CMS VIA-X suffers from a remote blind SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | c576b69c2407c32e44d916f75ae68e671126b59ddd77b7b21af755f15504f105
Ukora CMS Shell Upload
Posted Jul 23, 2014
Authored by Jagriti Sahu

Ukora CMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 4939be5f0624ca40f27c3c657fb7fdd215ccd01bc9e2bf573955798f67f0fd80
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close