what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-08-12

VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
Posted Aug 12, 2014
Authored by Matt Bergin, Jay Smith | Site metasploit.com

A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2014-2477
SHA-256 | ed08fc54fb11f75fb8240f00e12ad3f0eb15c9ef81cff67a88e74e2b8793b557
Ubuntu Security Notice USN-2312-1
Posted Aug 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2312-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266, CVE-2014-4268
SHA-256 | e3816f8c04ea2d8938354eb2bf7c96769ee3acaa5a8f4537d6a799ae59eeb90d
CS-Cart 4.2.0 Session Hijacking
Posted Aug 12, 2014
Authored by Nik Cubrilovic

CS-Cart version 4.2.0 suffers from a session hijacking vulnerability due to weakly minted session identifiers.

tags | exploit
SHA-256 | 75b089cb05c7acd3308c73cf9aed379821ea108918fd45c8a1f4b82e65e09695
GEL CMS 4.0 SQL Injection
Posted Aug 12, 2014
Authored by Guillermo Garcia Marcos

GEL CMS version 4.0 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection
SHA-256 | adce38f0b73c10b3b1fe34d367682cfe754530c4e55c16152797c3df8149dc48
Opendaylight 1.0 Local File Inclusion / Remote File Inclusion
Posted Aug 12, 2014
Authored by Gregory Pickett | Site hellfiresecurity.com

Opendaylight version 1.0 suffers from local file inclusion and remote file inclusion vulnerabilities in the Netconf (TCP) service.

tags | advisory, remote, local, tcp, vulnerability, code execution, file inclusion
advisories | CVE-2014-5035
SHA-256 | b4c4f777d826b243c739648f5e37ec62fdf64c8901732abd6398dcdb787c830e
Apache Cordova 3.5.0 Data Leak
Posted Aug 12, 2014
Authored by Roee Hay, David Kaplan

Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.

tags | advisory, arbitrary, javascript
advisories | CVE-2014-3502
SHA-256 | 4e0dda886cea833a687c664d12a4435708cfcce65b89f11c91f68124746cc7f1
HP Security Bulletin HPSBMU03089
Posted Aug 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
SHA-256 | d854fc6c01d15af293b74d065d3d1747b841e3cac51232655a55481b5756ce47
Debian Security Advisory 2984-2
Posted Aug 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2984-2 - It was discovered that the acpi-support update for DSA-2984-1 would make a laptop's power button forcibly shut the system down, instead of triggering the configured action (usually suspend to RAM). This only affects systems using the gnome-settings-daemon.

tags | advisory
systems | linux, debian
SHA-256 | 42557260d34d50a66f6fe09569e56e789759c32e94fdb6750ae406e5165eec71
Gentoo Linux Security Advisory 201408-03
Posted Aug 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-3 - A vulnerability in LibSSH can result in leakage of private key information. Versions less than 0.6.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2014-0017
SHA-256 | 8352f547da7a3cf848b8e227033600ae1aeea647697809d94f542b731d45e45a
WordPress Disqus 2.7.5 CSRF / Cross Site Scripting
Posted Aug 12, 2014
Authored by Nik Cubrilovic

WordPress Disqus versions 2.7.5 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 2df5dbf30ee565d7f622d21cfbcd0f06f378ce8494ab640f6e97b5154395387e
Flawfinder 1.31
Posted Aug 12, 2014
Authored by David A. Wheeler | Site sourceforge.net

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | bca7256fdf71d778eb59c9d61fc22b95792b997cc632b222baf79cfc04887c30
WordPress CK-And-SyntaxHighLighter Arbitrary File Upload
Posted Aug 12, 2014
Authored by Hekt0r

WordPress CK-And-SyntaxHighLighter plugin suffers from a remote file upload vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, file upload
SHA-256 | a56aed0703be5e8db85ed29cbd4c7ce15f30b85c42d4cc83cb27dde53df32e8c
Posted Aug 12, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Fixed i2psnark add torrent form, iptunnel custom options form, and update download buttons. Various other additions.
tags | tool
systems | unix
SHA-256 | 2216969ee7cb611f7fef701d5db08f6f40e9825e09684ad1a94dd08b031b6d5a
Suricata IDPE 2.0.3
Posted Aug 12, 2014
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Various bug fixes.
tags | tool, intrusion detection
systems | unix
SHA-256 | b6e554cbacb925bbcf88dd4554c9222b51b21796c39e198cdf5b0b9cdc1ed383
Page 1 of 1

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By