exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2014-08-20

Ubuntu Security Notice USN-2320-1
Posted Aug 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2320-1 - A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. An issue was discovered in the Public Key Pinning implementation in Chromium. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3165, CVE-2014-3166, CVE-2014-3167
SHA-256 | 803dcbfcc1350f593726e36e66951407044c506c9079c1e3816df02135c1d9b2
Delphi And C++ Builder VCL Library Buffer Overflow
Posted Aug 20, 2014
Authored by Core Security Technologies, Marcos Accossatto | Site coresecurity.com

Core Security Technologies Advisory - Applications developed with Delphi and C++ Builder that use the specific integrated graphic library detailed below are prone to a security vulnerability when processing malformed BMP files. The aforementioned vulnerability has been found in the VCL (Visual Component Library) allowing an attacker to use a specially crafted BMP file that produces a buffer overflow and potentially allows him to execute arbitrary code by performing a "client side" attack.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-0993
SHA-256 | 1ad46948219c57f4001f5e0e099b37c87d1b5e51f467c84cbd4bbd6735fbee14
WordPress Mobile Pack 2.0.1 Information Disclosure
Posted Aug 20, 2014
Authored by Tom Adams

WordPress Mobile Pack version 2.0.1 suffers from an information disclosure vulnerability that allows anybody the ability to read password protected posts.

tags | advisory, info disclosure
SHA-256 | dff0a420e3f4d47e4e4afa42f423edf9c2e1f5d2a86e892ebba2995540b9076f
Panda Security 2014 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.

tags | advisory, overflow
advisories | CVE-2014-5307
SHA-256 | ee7570db291ac19c2cacdd5efdcf59e3ad74d5faf572b58900607b82cf340cd4
ESET Windows Products 7.0 Privilege Escalation
Posted Aug 20, 2014
Authored by Kyriakos Economou

ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.

tags | advisory
systems | windows
advisories | CVE-2014-4973
SHA-256 | dece2baa665e8eaa6eefd41fcb60bffa50108ef2c1df166fbc98dc57cbe85529
RiseCON 2014 Call For Papers
Posted Aug 20, 2014

RiseCON 2014 has announced its call for papers. It will take place in Rosario, Santa Fe, Argentina November 6th through the 7th, 2014.

tags | paper, conference
SHA-256 | ff49138463eb4787dca54729b54b74573d46fab1ad58813a39f508e3ddaff01e
WordPress All In One SEO Pack 2.2.2 Cross Site Scripting
Posted Aug 20, 2014
Authored by 1N3

WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | fda7f45cc565a3147e5ba92c58662a487ff60f0478cb6e7f55ce73080ff1e02e
ArticleFR 3.0.4 SQL Injection
Posted Aug 20, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5097
SHA-256 | 7c5659fce0f2f013119ba1cb640fb4096e1cb15afb78f203f05a4d647b441c86
ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection
Posted Aug 20, 2014
Authored by Pedro Ribeiro

ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-3996, CVE-2014-3997
SHA-256 | 3de6153a54568339e66c97e4d4aaed785dc31350ed472c9d9041a12fbd2c4ec2
Deutsche Telekom CERT Advisory DTC-A-20140820-001
Posted Aug 20, 2014
Authored by Deutsche Telekom CERT

check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
advisories | CVE-2014-5338, CVE-2014-5339, CVE-2014-5340
SHA-256 | a00c8d0fe4e508233a535d46e84394410ce2c44a02229119c8b053b43de0f949
HP Security Bulletin HPSBUX03095 SSRT101674
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
SHA-256 | 35ea6546fb12c44295439a0781aa60fc6a8b2a36280244b7445e4c518ed728ff
HP Security Bulletin HPSBUX03092 SSRT101668
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03092 SSRT101668 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218
SHA-256 | c475e47d56e402b9414d3d4787a5237a281a3f776dad71a9c75166d6b88b3ce1
HP Security Bulletin HPSBUX03091 SSRT101667
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03091 SSRT101667 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2013-6629, CVE-2013-6954, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421
SHA-256 | a73ee293e490e0bc1321df066c53a0382b005d71d29f3d9b45085803e2a2f61c
HP Security Bulletin HPSBMU03101
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03101 - A potential security vulnerability has been identified with HP Asset Manager and CloudSystem Chargeback running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
SHA-256 | 5d131e19c74508e54a0fb0b1a8b26b636d5c559cc31f1fba60c84afc59abd798
HP Security Bulletin HPSBMU03094
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03094 - A potential security vulnerability has been identified with HP Connect-IT running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
SHA-256 | 156f676c821faa0780e9c47395871260abe84199c340cefaa2510d6f8b6742d1
Red Hat Security Advisory 2014-1078-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1078-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-3555
SHA-256 | 61eb55f7d058af9258b042448433e0cf6aa02fb99c11d532644292fb37b5765e
Ubuntu Security Notice USN-2319-1
Posted Aug 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2319-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4266, CVE-2014-4268
SHA-256 | 54f5da236016a9ec948c44fc37236d57d819e18c3273bea43ec3b53073de3efa
Red Hat Security Advisory 2014-1082-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1082-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. The httpcomponents-client package provides an HTTP agent implementation that is used by Thermostat to visualize collected data in an HTTP-aware client application. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, java, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | bfae5fc3bb60d3716504aa9437504ce45b829444527176b89c73d86eb3a68576
Debian Security Advisory 3007-1
Posted Aug 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3007-1 - Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

tags | advisory, web, xss, sql injection
systems | linux, debian
advisories | CVE-2014-5025, CVE-2014-5026, CVE-2014-5027, CVE-2014-5261, CVE-2014-5262
SHA-256 | 4f0e774ab42a6d70a94103e9e8f16df9a32a25d26c01b1a17ccf40a3b0bdc588
Red Hat Security Advisory 2014-1083-01
Posted Aug 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1083-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. Multiple use-after-free flaws and an integer overflow flaw were found in the way the Linux kernel's Advanced Linux Sound Architecture implementation handled user controls. A local, privileged user could use either of these flaws to crash the system.

tags | advisory, remote, overflow, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5077
SHA-256 | 25199bf469feb34a9e53eaf2a67aadf4f5d1928513f4233128fae0cbe57edc83
HybridAuth install.php PHP Code Execution
Posted Aug 20, 2014
Authored by Pichaya Morimoto | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.

tags | exploit, php, code execution
SHA-256 | d1dd2c445125a3aa376f980484e9db24bee803b7e9f5542cfd557664181fc723
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close