exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-08-20

Ubuntu Security Notice USN-2320-1
Posted Aug 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2320-1 - A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. An issue was discovered in the Public Key Pinning implementation in Chromium. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3165, CVE-2014-3166, CVE-2014-3167
MD5 | 93c49d012faa940f14f0db705315e3a6
Delphi And C++ Builder VCL Library Buffer Overflow
Posted Aug 20, 2014
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Core Security Technologies Advisory - Applications developed with Delphi and C++ Builder that use the specific integrated graphic library detailed below are prone to a security vulnerability when processing malformed BMP files. The aforementioned vulnerability has been found in the VCL (Visual Component Library) allowing an attacker to use a specially crafted BMP file that produces a buffer overflow and potentially allows him to execute arbitrary code by performing a "client side" attack.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-0993
MD5 | e31b6c4fc728ea3768583d13537af78f
WordPress Mobile Pack 2.0.1 Information Disclosure
Posted Aug 20, 2014
Authored by Tom Adams

WordPress Mobile Pack version 2.0.1 suffers from an information disclosure vulnerability that allows anybody the ability to read password protected posts.

tags | advisory, info disclosure
MD5 | 3d22a2718d6133b06541ec754cf21b59
Panda Security 2014 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.

tags | advisory, overflow
advisories | CVE-2014-5307
MD5 | 93162c683df784e9a518eecbe43310d6
ESET Windows Products 7.0 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.

tags | advisory
systems | windows
advisories | CVE-2014-4973
MD5 | 8086a470c366dafba90bdbe66a6a7f3d
RiseCON 2014 Call For Papers
Posted Aug 20, 2014

RiseCON 2014 has announced its call for papers. It will take place in Rosario, Santa Fe, Argentina November 6th through the 7th, 2014.

tags | paper, conference
MD5 | dfa088c27945acf5a3a93396fcfe22b6
WordPress All In One SEO Pack 2.2.2 Cross Site Scripting
Posted Aug 20, 2014
Authored by 1N3

WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | e2cfe88f1579aa270a6920462281fb49
ArticleFR 3.0.4 SQL Injection
Posted Aug 20, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5097
MD5 | 15fcfca1e4f3884901c727c8d878f564
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
Posted Aug 20, 2014
Authored by Pedro Ribeiro

ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-3996, CVE-2014-3997
MD5 | 2b55591ff1b35216aed8697a4939503b
Deutsche Telekom CERT Advisory DTC-A-20140820-001
Posted Aug 20, 2014
Authored by Deutsche Telekom CERT

check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2014-5338, CVE-2014-5339, CVE-2014-5340
MD5 | f487fac3d5883e87a7feeb0840190d3c
HP Security Bulletin HPSBUX03095 SSRT101674
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
MD5 | d5980f849246d85103419509a93377d5
HP Security Bulletin HPSBUX03092 SSRT101668
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03092 SSRT101668 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218
MD5 | 4ace2616444764975980008a50664633
HP Security Bulletin HPSBUX03091 SSRT101667
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03091 SSRT101667 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421
MD5 | 9e3039e5269e59958b8383e44b20a9fb
HP Security Bulletin HPSBMU03101
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03101 - A potential security vulnerability has been identified with HP Asset Manager and CloudSystem Chargeback running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
MD5 | 0a545b1a67f268b63203b04c44fc100e
HP Security Bulletin HPSBMU03094
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03094 - A potential security vulnerability has been identified with HP Connect-IT running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
MD5 | fb78053a11e948dcbf72445f275285e4
Red Hat Security Advisory 2014-1078-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1078-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
MD5 | b200e4978fbb26cfac884579bba1fd9d
Ubuntu Security Notice USN-2319-1
Posted Aug 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2319-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4266, CVE-2014-4268
MD5 | 165e0ff8b92916d5d18a4bde4aab375e
Red Hat Security Advisory 2014-1082-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1082-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. The httpcomponents-client package provides an HTTP agent implementation that is used by Thermostat to visualize collected data in an HTTP-aware client application. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, java, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 6d8db24d48f5782785ea8ff167a2ae79
Debian Security Advisory 3007-1
Posted Aug 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3007-1 - Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, xss, sql injection
systems | linux, debian
advisories | CVE-2014-5025, CVE-2014-5026, CVE-2014-5027, CVE-2014-5261, CVE-2014-5262
MD5 | eaa5786563743cbdff4cab2dd5bf6063
Red Hat Security Advisory 2014-1083-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1083-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. Multiple use-after-free flaws and an integer overflow flaw were found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use either of these flaws to crash the system.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5077
MD5 | b735bada094171cf4bf6231b655ddce1
HybridAuth install.php PHP Code Execution
Posted Aug 20, 2014
Authored by Pichaya Morimoto | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.

tags | exploit, php, code execution
MD5 | aee28f6089b3d5d557b8022ff8250c0b
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close