the original cloud security
Showing 1 - 10 of 10 RSS Feed

Files Date: 2014-07-31

Free Reprintables ArticleFR 11.06.2014 Improper Access Control
Posted Jul 31, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site.

tags | exploit, web, arbitrary
advisories | CVE-2014-4170
MD5 | 218c023d6ce8baed5447925d747bd730
TigerCom iFolder+ 1.2 LFI / File Upload
Posted Jul 31, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

TigerCom iFolder+ version 1.2 suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
MD5 | 04f7df753619bc98222a320c6d7b77c1
Red Hat Security Advisory 2014-0994-01
Posted Jul 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0994-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3476, CVE-2014-3520
MD5 | 01649077d1fa8219383380b445aa5633
Ubuntu Security Notice USN-2304-1
Posted Jul 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2304-1 - It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2014-5033
MD5 | 08002ecb2a4edfe73be10524aa0b5730
Ubuntu Security Notice USN-2303-1
Posted Jul 31, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2303-1 - It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session.

tags | advisory, local
systems | linux, ubuntu
MD5 | c2df63a474bf4a12c5742415962b38d9
Mandriva Linux Security Advisory 2014-144
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-144 - The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or server.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
MD5 | adfdbfb18a54ad4147b81aa421c51b88
Mandriva Linux Security Advisory 2014-143
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-143 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin. Cross-site scripting vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. Cross-site scripting vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Multiple cross-site scripting vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted column name that is improperly handled during construction of an AJAX confirmation message. server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2014-4954, CVE-2014-4955, CVE-2014-4986, CVE-2014-4987
MD5 | 5fd311dcfcb5147de412a41ea702f084
Mandriva Linux Security Advisory 2014-142
Posted Jul 31, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-142 - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.

tags | advisory, remote, denial of service, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2014-0118, CVE-2014-0226, CVE-2014-0231
MD5 | 5cc6454096e1740c662549e0e30c7831
Lynis Auditing Tool 1.5.9
Posted Jul 31, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Various updates.
tags | tool, scanner
systems | unix
MD5 | a9440caeac11b976648222a51d48e214
Chrome EXIF Viewer 2.4.2 Cross Site Scripting
Posted Jul 31, 2014
Authored by Fady Mohamed Osman

Chrome EXIF Viewer plugin version 2.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | linux
MD5 | b5545c3a3df8546a9015c23b8147a301
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close