all things security
Showing 1 - 18 of 18 RSS Feed

Files Date: 2014-07-24

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation
Posted Jul 24, 2014
Authored by pws

Lian Li NAS suffers from hard-coded cookies, authentication bypass, backdoor accounts, privilege escalation, and various other vulnerabilities.

tags | exploit, vulnerability, bypass
MD5 | f019d935beddae72b60018bd1c22e43f
Omeka 2.2.1 Remote Code Execution
Posted Jul 24, 2014
Authored by LiquidWorm | Site zeroscience.mk

Omeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file[0]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension. Versions 2.2.1 and 2.2 are affected.

tags | exploit, arbitrary, php, code execution
MD5 | a24ec27a5367c4a3ae2037d837bdc329
UniFi / mFi / AirVision Cross Site Request Forgery
Posted Jul 24, 2014
Authored by Seth Art

Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-2225
MD5 | 18c3d9a50db349c8315704e7c2aafc95
HP Security Bulletin HPSBMU03076
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 78abb553bb8284ca617ee022596963bb
HP Security Bulletin HPSBMU03074
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 89c6a01d103437d13c08d2549cf36f2a
Ubuntu Security Notice USN-2300-1
Posted Jul 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2300-1 - Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-4607
MD5 | 2f8bb91bcf4f6cfc3550923eefe1a66a
Ubuntu Security Notice USN-2301-1
Posted Jul 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2301-1 - It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-0012, CVE-2014-1402
MD5 | 7c5d7326de0426d21e99cb55fe8d804f
Red Hat Security Advisory 2014-0888-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0888-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.

tags | advisory, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-2894, CVE-2014-3461
MD5 | 87ef74f23056ce8e973a491b87a30a64
Red Hat Security Advisory 2014-0941-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0941-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks if a user were tricked into clicking on a malicious URL.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2014-3497
MD5 | 0afc7bd33b5292a859aea3ee5157a619
Red Hat Security Advisory 2014-0940-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0940-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3517
MD5 | 0acc6392ccaa24607a940dcd1ea6e971
Red Hat Security Advisory 2014-0939-01
Posted Jul 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475
MD5 | 7a2843fed8c76ef1046b9ef511954244
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 6fcdf5ded007deba7dca4c9fe5d5d8e8
Slackware Security Advisory - mozilla-firefox Updates
Posted Jul 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 2db22bc6aaa4231be12df33019b1db5d
Slackware Security Advisory - httpd Updates
Posted Jul 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | c3241a76e9c27bd7a54be60419aa88aa
Debian Security Advisory 2987-1
Posted Jul 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2987-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4266, CVE-2014-4268
MD5 | 00170788c6261f5d7efcdc1c3d59ae80
Debian Security Advisory 2986-1
Posted Jul 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2986-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
MD5 | f380b7726ce9ef820860dfc549d333db
WordPress Video Gallery 2.5 Cross Site Scripting / SQL Injection
Posted Jul 24, 2014
Authored by Claudio Viviani

WordPress Video Gallery plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 39c1d604cef2adf349da2baac675e10e
Windows Mail Rogue Program.exe Execution
Posted Jul 24, 2014
Authored by Stefan Kanthak

Windows Mail will execute a rogue program if it is sitting at C:\Program.exe.

tags | exploit
systems | windows
MD5 | 67a48613528b9a35157225343f552dee
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close