accept no compromises
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-08-18

EMC Documentum Cross Site Scripting
Posted Aug 18, 2014
Site emc.com

EMC Documentum WebTop based products contain fixes for multiple cross-scripting vulnerabilities that could potentially be exploited by malicious users to inject arbitrary script via some query string parameters. This may lead to execution of malicious html requests or scripts in the context of an authenticated user. These issues are caused due to the vulnerable parameters ?startat? and ?entryId?.

tags | advisory, arbitrary, vulnerability
advisories | CVE-2014-2511
MD5 | 5f975ed8fe8e593f899c48c1bce93385
EMC Documentum Cross Site Request Forgery
Posted Aug 18, 2014
Site emc.com

Documentum WDK based clients may be vulnerable to multiple CSRF vulnerabilities. A malicious unauthenticated attacker can potentially leverage this vulnerability to trick authenticated users of the application to click on specially-crafted links that are embedded within an email, web page or other source and perform Docbase operations with that user privileges.

tags | advisory, web, vulnerability
advisories | CVE-2014-2518
MD5 | 3577246d4a0c51a7935e63e79ddc5444
Ubuntu Security Notice USN-2232-4
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-4 - USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 9d238865528a67ca94e99c7fd79ce21e
Gitlab-shell Code Execution
Posted Aug 18, 2014
Authored by Brandon Knight | Site metasploit.com

This Metasploit module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account valid credentials are required to exploit this vulnerability.

tags | exploit, shell
advisories | CVE-2013-4490
MD5 | d9ab8b0bfd80b350feaa2b3028092f92
Firefox toString console.time Privileged Javascript Injection
Posted Aug 18, 2014
Authored by moz_bug_r_a4, joev, Cody Crews | Site metasploit.com

This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

tags | exploit, remote, javascript, vulnerability, code execution
advisories | CVE-2013-1670, CVE-2013-1710
MD5 | 161163ea27bfe8bf6f13a8d33a2731a7
Debian Security Advisory 3006-1
Posted Aug 18, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3006-1 - Multiple security issues have been discovered in the Xen virtualisation solution which may result in information leaks or denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-1432, CVE-2013-1442, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-2211, CVE-2013-4329, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368, CVE-2013-4494, CVE-2013-4553, CVE-2014-1950, CVE-2014-2599, CVE-2014-3124, CVE-2014-4021
MD5 | bff70d9add42c57711b8ac10b35a50f9
Apache HttpComponents Man-In-The-Middle
Posted Aug 18, 2014
Authored by Subodh Iyengar

Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.

tags | advisory
advisories | CVE-2014-3577
MD5 | 271b9e1d8f7cde709c171523f839febf
Senkas Kolibri WebServer 2.0 Buffer Overflow
Posted Aug 18, 2014
Authored by tekwizz123

Senkas Kolibri WebServer version 2.0 is vulnerable to remote code execution via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the application's binary itself, which once executed, will allow the attacker to execute his/her payload located in the HOST field.

tags | exploit, remote, code execution
advisories | CVE-2010-5301, CVE-2014-4158, CVE-2014-5289
MD5 | fa56bc900cea66a637b797eb3aa7af56
Red Hat Security Advisory 2014-1073-01
Posted Aug 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1073-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-1492
MD5 | cbbb62ef5ca53909bb125d4a8cbdc5fb
Ubuntu Security Notice USN-2317-1
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2317-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-5206, CVE-2014-5207
MD5 | f837c6345567f0c54b12c936a488f567
Ubuntu Security Notice USN-2318-1
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2318-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-5206, CVE-2014-5207
MD5 | e2046546526681d893be6a952597977e
Outlook.com For Android Failed Validation
Posted Aug 18, 2014
Authored by Yorick Koster

Outlook.com for Android fails to properly validate SSL server certificates allowing for man-in-the-middle attacks. This issue was found in Outlook.com for Android version 7.8.2.12.49.2176 and version 7.8.2.12.49.6434.

tags | advisory, bypass
advisories | CVE-2014-5239
MD5 | aed3787eecae98047c77e09f367ac995
Tenda A5s Router Authentication Bypass
Posted Aug 18, 2014
Authored by zixian

Tenda A5s router suffers from an authentication bypass vulnerability due to improperly trusting cookies.

tags | exploit, bypass
advisories | CVE-2014-5246
MD5 | ab2e1c96e2667cbf84004bca9898e5d1
Viproy VoIP Penetration / Exploitation Kit 2.0
Posted Aug 18, 2014
Authored by Fatih Ozavci | Site viproy.com

Viproy Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.

Changes: Released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extensions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analyzers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyze modules.
tags | tool
systems | linux, unix
MD5 | 82dee8e3b84a388e0cf419630d57166a
VoIP Wars: Attack Of The Cisco Phones
Posted Aug 18, 2014
Authored by Fatih Ozavci

These are the slides from the presentation "VoIP Wars: Attack of the Cisco Phones" from the talk given at Defcon 22 and Blackhat USA 2014.

tags | paper
systems | cisco
MD5 | bb13aada0c6fd0247b93479a050ac5e4
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close