what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2014-08-08

Easy FTP Pro 4.2 Command Injection
Posted Aug 8, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Easy FTP Pro version 4.2 suffers from a local command injection vulnerability.

tags | exploit, local
SHA-256 | 2178256b7259da6d78d1b13ad9aa6f3fe662260ca4fbc583ae68c77f00a7b952
Cisco Security Advisory 20140806-energywise
Posted Aug 8, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted EnergyWise packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote
systems | cisco, osx
SHA-256 | 430dbd9de9dded0ac140b94a4055dcfac1af2a1aaa425a4dc841405ab0e5ae09
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 30ec904a6c5c9b83f25c8416bbe55a4e98f45470d07086d87abb9523fa9c1f14
HP Security Bulletin HPSBUX03087 SSRT101413
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03087 SSRT101413 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2012-6150, CVE-2013-4124, CVE-2013-4408
SHA-256 | 1299cc2ae31937153cba3aee6893facc0a9857094409153f01cd2e09689e173b
HP Security Bulletin HPSBMU03086
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03086 - A potential security vulnerability has been identified with HP Operations Agent running Glance. The vulnerability could be exploited locally resulting in elevation of privilege. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-2630
SHA-256 | 0cf1cbf3b16ad9fd0a88aa77283dd7c9500a919d5916810876309bc59c44bdde
HP Security Bulletin HPSBHF03084
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03084 - Potential security vulnerabilities have been identified with certain HP PCs with UEFI Firmware. The vulnerabilities could be exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2014-4859, CVE-2014-4860
SHA-256 | a94581306701dcefe204f5404e4ddee6e10f3547928db03c798f84ff69d2b1e2
Debian Security Advisory 2998-1
Posted Aug 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2998-1 - Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).

tags | advisory, denial of service, overflow, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | 4b5ba9dfa84b23a549dccdd763c181521186cfd1c85de543dddad5497811bba9
Mandriva Linux Security Advisory 2014-152
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-152 - Updated glibc packages fix various security issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0475, CVE-2014-4043
SHA-256 | 1af4dd0481b68704f9834dcaded267af850671c47554214e2e8525fd040b7ae3
Mandriva Linux Security Advisory 2014-154
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-154 - Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-2524
SHA-256 | c4bd4fe482bbb7c5ccb04b70fea9089926839667f7031e53dc607a03df3e976e
Mandriva Linux Security Advisory 2014-153
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-153 - MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash, XSS in mediawiki.page.image.pagination.js, and clickjacking between OutputPage and ParserOutput. This update provides MediaWiki 1.23.2, fixing these and other issues.

tags | advisory
systems | linux, mandriva
SHA-256 | 513361c65ef5d99f22a6620ffae991735d389fc7a0080d6d37d97c6015739699
Mandriva Linux Security Advisory 2014-158
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-158 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510
SHA-256 | 0c47d350a43e9ef06283b3a0d86eb7459ba8b68df64c0a7b9834987b823bc450
Mandriva Linux Security Advisory 2014-159
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-159 - Multiple vulnerabilities have been discovered and corrected in wireshark. The updated packages have been upgraded to the 1.10.9 version where these security flaws have been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-5161, CVE-2014-5162, CVE-2014-5163, CVE-2014-5164, CVE-2014-5165
SHA-256 | c90e1f87859e1c81db16e96f93eb20e4d652cdff2453f047056b9eb8c33ca978
Mandriva Linux Security Advisory 2014-151
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-151 - In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.

tags | advisory, web, arbitrary, local
systems | linux, mandriva
advisories | CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031
SHA-256 | 7d4d6b6d830e0e917745ad8442f7a68ed02759bd672d8f5b73f660cc5ce1b6f0
Mandriva Linux Security Advisory 2014-157
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-157 - In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page.

tags | advisory, arbitrary, kernel
systems | linux, mandriva
advisories | CVE-2014-3429
SHA-256 | fc80b7b18d7e41be36ad38f07de86d6a805c1e245779095aa82725a259172c3d
Mandriva Linux Security Advisory 2014-156
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-156 - Multiple cross-site scripting vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2014-4722
SHA-256 | 5c357971e36c14c0414e50fb1b84990b5389afeb16fc2aa44da5c440edfa7d75
Red Hat Security Advisory 2014-1036-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1036-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263
SHA-256 | b59a81b51c4dbe9fb7a6532643acd29ff1751eb119129dc989543b7f2841ca3a
Red Hat Security Advisory 2014-1034-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1034-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors, and tag plug-in configuration files. The injected XML parser could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance.

tags | advisory, java, web, xxe
systems | linux, redhat
advisories | CVE-2014-0119
SHA-256 | 3e502c379842f949aa84688ae16c32c5acda8edbb9f220f665768110cbd1d22b
Red Hat Security Advisory 2014-1033-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1033-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-4209, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265
SHA-256 | 11b122597204cf67083aa35572399e4f5652d58b214ee7bce749f1045d4e96ed
Red Hat Security Advisory 2014-1032-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1032-01 - The redhat-ds-base packages provide Red Hat Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in Red Hat Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-3562
SHA-256 | 506872f34ed2175877a921d0343c8c22b79f293d6c52209cde0c6c8f19aeda8b
Ubuntu Security Notice USN-2308-1
Posted Aug 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2308-1 - Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | 03bad2c5caba72992e90e3884ed995a197ef58b33d81447b1b69e27d4faf9d73
Red Hat Security Advisory 2014-1031-01
Posted Aug 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1031-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. This issue was discovered by Ludwig Krispenz of Red Hat.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-3562
SHA-256 | 232a3ab8bc09b5613a88e852edfa64a3b9381f1aabacba19be75ac5e3769f85c
Mandriva Linux Security Advisory 2014-155
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4514, CVE-2014-0131, CVE-2014-4027, CVE-2014-4608, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-4699, CVE-2014-4943
SHA-256 | 6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close