exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files Date: 2014-08-21

Ubuntu Security Notice USN-2325-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2325-1 - Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3517
MD5 | 8d88a0a483ba594cb16387fd065d75ad
Ubuntu Security Notice USN-2324-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2324-1 - Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. Jamie Lennox discovered that OpenStack Keystone did not properly validate the project id. A remote authenticated attacker may be able to use this to access other projects. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3476, CVE-2014-3520, CVE-2014-5251, CVE-2014-5252, CVE-2014-5253
MD5 | f9f4a5e22585c1d4580dbb9e68f46bfc
Ubuntu Security Notice USN-2323-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594
MD5 | bb3227dbf7f68a36be5fa6ea06dbfed5
Ubuntu Security Notice USN-2322-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2322-1 - Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not properly honor the image_size_cap configuration option. A remote authenticated attacker could exploit this to cause a denial of service via disk consumption.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-5356
MD5 | f6567d8a16f66834b4e223268478f6b5
Ubuntu Security Notice USN-2321-1
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2321-1 - Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3555, CVE-2014-4615
MD5 | 0fc6436b22ed5f17ea00e93b502b4956
Ubuntu Security Notice USN-2311-2
Posted Aug 21, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2311-2 - USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-4615
MD5 | b925c4b78a4e82ea91e18ab20ad4a940
oclHashcat For AMD 1.30
Posted Aug 21, 2014
Authored by dropdead | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Various driver support added. Multiple algorithm support added.
tags | tool, cracker
MD5 | 4e6e77bbdb15df534348f7745dbc5d0a
oclHashcat For NVidia 1.30
Posted Aug 21, 2014
Authored by dropdead | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Various driver support added. Multiple algorithm support added.
tags | tool, cracker
MD5 | 1e17da4d927c6745c560af2c608337aa
ToorCon 16 Call For Papers
Posted Aug 21, 2014
Site sandiego.toorcon.net

ToorCon 16 has announced its call for papers. This conference will take place October 24th through the 26th, 2014 in San Diego, CA, USA.

tags | paper, conference
MD5 | 31fa1501e0ff80d4ceb3d08c711e7c16
ArcGIS For Server 10.1.1 XSS / Open Redirect
Posted Aug 21, 2014
Authored by CAaNES

ArcGIS for Server version 10.1.1 suffers from cross site scripting and open redirect vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-5121, CVE-2014-5122
MD5 | fd717c3fd58d276e1f4417403e69ca08
Red Hat Security Advisory 2014-1086-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1086-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0221, CVE-2014-0226, CVE-2014-0231
MD5 | e9d6923a0f27097c51866844e9b79404
Debian Security Advisory 2940-1
Posted Aug 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2940-1 - It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2014-0114
MD5 | 39cdf20b0014b76773979dfc0b02fa5e
Debian Security Advisory 3008-1
Posted Aug 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3008-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670
MD5 | c2df4e3a5b3dbc54373c9c10a9026788
Red Hat Security Advisory 2014-1087-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1087-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0226, CVE-2014-0231
MD5 | 2885f6de33135e5852248114a9797bb0
Red Hat Security Advisory 2014-1088-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1088-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0226, CVE-2014-0231
MD5 | a096eca3198e259162dd9371efcb9be3
Green Lights Forever: Analyzing The Security Of Traffic Infrastructure
Posted Aug 21, 2014
Authored by J. Alex Halderman, Branden Ghena, William Beyer, Jonathan Pevarnek, Allen Hillaker

The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. The authors investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. They leverage these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment in coordination with authorities. Their attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage. They make recommendations on how to improve existing systems and discuss the lessons learned for embedded systems security in general.

tags | paper
MD5 | bdd49ac25bcc2eb92f882e284a5245b7
MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection
Posted Aug 21, 2014
Authored by DemoLisH

MyBB version 1.8 Beta 3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6157b43e1cd03373f739216811361638
Dashing Times SQL Injection
Posted Aug 21, 2014
Authored by 3spi0n

Content management systems designed by Dashing Times appear susceptible to remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | f9814df3aaa74afbbd1ef5b4141b8805
Red Hat Security Advisory 2014-1084-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1084-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-0167, CVE-2014-3517
MD5 | 5d3eba1b511900f44aa08ad839798e1a
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close