the original cloud security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-07-30

Fwknop Port Knocking Utility 2.6.3
Posted Jul 30, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: External IP resolution now over SSL by default. Integrated a python fuzzer. Various other updates and additions.
tags | tool, scanner, vulnerability
systems | unix
MD5 | 7a1e5d078346069f9f33b40dfe983d01
SkaDate Lite 2.0 Remote Code Execution
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from an authenticated arbitrary PHP code execution vulnerability. This is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.

tags | exploit, arbitrary, php, code execution
MD5 | 1baa02c457ab98b7a957246da3838b05
SkaDate Lite 2.0 CSRF / Cross Site Scripting
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6c8a25ba7ff26e22fb1156d3223f33d2
Elastic Search 1.1.1 Arbitrary File Read
Posted Jul 30, 2014
Authored by Larry W. Cashdollar, Bouke van der Bijl

Remote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.

tags | exploit, remote
advisories | CVE-2014-3120
MD5 | 46bbc696d7e77f5de563ed93d3f5e166
HP Security Bulletin HPSBMU03078
Posted Jul 30, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03078 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 20307df7adabaf648a78f5e88fb13677
Facebook For Android Information Disclosure / Open Proxy
Posted Jul 30, 2014
Authored by Joaquin Manuel Rinaudo

Both Facebook for Android and Facebook Messenger for Android suffered from issues such as being an open proxy, disclosure of private video content, disclosure of audio recordings in chat messages, and use of various vulnerable packages.

tags | exploit
MD5 | 1ea945ab78d07176e5358b35f001d9e8
D-Link DWR-113 Cross Site Request Forgery
Posted Jul 30, 2014
Authored by Blessen Thomas

D-Link DWR-113 revision Ax suffers from cross site request forgery vulnerability that can cause a denial of service.

tags | exploit, denial of service, csrf
advisories | CVE-2014-3136
MD5 | be2af923172566152dd25f149f1b58ca
D-Link AP 3200 Missing Authentication / Cleartext Secret Storage
Posted Jul 30, 2014
Authored by pws

D-Link AP 3200 fails to authenticate requests to wireless settings, stores credentials in plaintext, and uses a weak cookie value.

tags | exploit, bypass, info disclosure
MD5 | 7d9047200b9cca205e9095fa5df013ca
Joomla Kunena Forum 3.0.5 Cross Site Scripting
Posted Jul 30, 2014
Authored by Dionach

Joomla Kunena Forum extension version 3.0.5 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 9e0c7dbb10bbd35dcff9281c87ebad14
Joomla Kunena Forum 3.0.5 SQL Injection
Posted Jul 30, 2014
Authored by Dionach

Joomla Kunena Forum extension version 3.0.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 9474027a2232f868aee327b307f2da0b
Debian Security Advisory 2992-1
Posted Jul 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-3534, CVE-2014-4667, CVE-2014-4943
MD5 | 8cfcafb5069537f151c8f844aee120be
Ubuntu Security Notice USN-2302-1
Posted Jul 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2302-1 - David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099
MD5 | 05af30ffbefed15ed814ca9effb18377
Mandriva Linux Security Advisory 2014-140
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-140 - Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs.

tags | advisory
systems | linux, mandriva
MD5 | facd2f4eff487fb5cf98ee9707333a2b
Mandriva Linux Security Advisory 2014-141
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-141 - It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions ,. Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. The Diffie-Hellman key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. This update is based on IcedTea version 2.5.1, which fixes these issues, as well as several others.

tags | advisory, java, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266
MD5 | 9f3a0a0629308fe4407de93cce2bb1d2
Mandriva Linux Security Advisory 2014-139
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1544
MD5 | 11c65906439dc440e2a153e689daa5bd
I2P 0.9.14
Posted Jul 30, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: 0.9.14 includes critical fixes for XSS and remote execution vulnerabilities.
tags | tool
systems | unix
MD5 | abea36fb65697f9dada68aad94519818
OpenDNSSEC 1.4.6
Posted Jul 30, 2014
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Various updates.
tags | tool
systems | unix
MD5 | d241a6e4660aad92044f61568d32d4dd
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close