ignore security and it'll go away
Showing 1 - 25 of 343 RSS Feed

Files Date: 2014-08-01 to 2014-08-31

STI-CS Cross Site Scripting
Posted Aug 30, 2014
Authored by IeDb

Sites powered by STI-CS appear to suffer from a reflective cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 8266ca03c5192d79ee8fe25d278bf8a6
Paranoic Scan 1.7
Posted Aug 30, 2014
Authored by Doddy Hackman

Paranoic is a simple vulnerability scanner written in Perl.

tags | tool, scanner, perl
systems | unix
MD5 | 6490730a15625806288c8b231a836ba5
MX-SmartTimer 13.18.5.11 SQL Injection
Posted Aug 30, 2014
Authored by Juan Seybold

MX-SmartTimer version 13.18.5.11 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5440
MD5 | 2f9e6853e43395d2a0de57e255121a54
EhsanWeb Cross Site Scripting
Posted Aug 30, 2014
Authored by IeDb

EhsanWeb suffers from a reflective cross site scripting vulnerability in the forgot password flow. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 5c13b0ebe959a64a0446bf656677454e
Spiped 1.4.0
Posted Aug 29, 2014
Authored by Colin Percival, Sean Kelly | Site tarsnap.com

Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. Spiped uses strong and well-understood cryptographic components: The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14"; following the completion of key negotiation, packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256.

Changes: Added automatic detection of compiler support. Added support for -g option, which makes {spiped, spipe} require perfect forward secrecy by dropping connections if the peer endpoint is detected to be running using the -f option.
tags | tool
systems | linux, unix
MD5 | 8252e1bc2b35da8a274b907b8c604bf4
Sierra Library Services Platform 1.2_3 XSS / Enumeration
Posted Aug 29, 2014
Authored by CAaNES

Sierra Library Services Platform version 1.2_3 suffers from cross site scripting, user enumeration, and HTTP parameter pollution vulnerabilities.

tags | advisory, web, vulnerability, xss
advisories | CVE-2014-5136, CVE-2014-5137, CVE-2014-5138
MD5 | ebc19844db449e43589f1b4ab31f2008
Gentoo Linux Security Advisory 201408-12
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6438, CVE-2014-0098, CVE-2014-0226
MD5 | 90b789d73e0b343df10f39025867cbfc
Gentoo Linux Security Advisory 201408-11
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4718, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-2110, CVE-2013-3735, CVE-2013-4113, CVE-2013-4248, CVE-2013-4635, CVE-2013-4636, CVE-2013-6420, CVE-2013-6712, CVE-2013-7226, CVE-2013-7327, CVE-2013-7345, CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3597, CVE-2014-3981, CVE-2014-4049, CVE-2014-4670, CVE-2014-5120
MD5 | 9fc05cd1682ef7aee444653346de8eae
Gentoo Linux Security Advisory 201408-10
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-5270
MD5 | 0690da9d71007e8aefe9f21221cca72f
Gentoo Linux Security Advisory 201408-09
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-9 - Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3467, CVE-2014-3468, CVE-2014-3469
MD5 | 83ceca25a5a017c52a6e0fe384018509
Gentoo Linux Security Advisory 201408-08
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-8 - A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-7345
MD5 | 1f0060016b49cefa4a91e136bae0cb89
Wing FTP Server Authenticated Command Execution
Posted Aug 29, 2014
Authored by Nicholas Nam | Site metasploit.com

This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

tags | exploit, web, arbitrary
MD5 | 21df48639ac98acdd1f24e97cb91eb26
Ubuntu Security Notice USN-2328-1
Posted Aug 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-5119
MD5 | c3b70a29dc019a5a7000c068b0e38d4f
Red Hat Security Advisory 2014-1110-01
Posted Aug 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0475, CVE-2014-5119
MD5 | e1a981440e7e82e521660ed92023f615
Gentoo Linux Security Advisory 201408-14
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-14 - A vulnerability in stunnel might allow remote attackers to gain access to private key information. Versions less than 5.02 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-0016
MD5 | eabb0425739127271c22f9405048c411
Gentoo Linux Security Advisory 201408-13
Posted Aug 29, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-13 - Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0012, CVE-2014-1402
MD5 | 3b76799dce6247a427d2aa3d2649e9c9
Microsoft Internet Explorer MS14-029 Memory Corruption
Posted Aug 29, 2014
Authored by PhysicalDrive0

Microsoft Internet Explorer memory corruption proof of concept exploit that leverages the vulnerability noted in MS14-029.

tags | exploit, proof of concept
advisories | CVE-2014-1815
MD5 | 6b443ab31438092898630626b781717f
HTML Help Workshop 1.4 Buffer Overflow
Posted Aug 29, 2014
Authored by Moroccan Kingdom

HTML Help Workshop version 1.4 SEH buffer overflow exploit.

tags | exploit, overflow
MD5 | a820da9b22d7d49b0249dc2f9767e87d
F5 Unauthenticated rsync Access To Remote Root Code Execution
Posted Aug 29, 2014
Authored by Thomas Hibbert | Site security-assessment.com

When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, Enterprise Manager 3.x versions before 3.1.1 HF2.

tags | exploit, remote, root
MD5 | 868726aed8a7161145314346c69c2e08
In Lieu Of Swap: Analyzing Compressed RAM In Mac OS X And Linux
Posted Aug 28, 2014
Authored by Andrew Case, Golden G. Richard III

Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.

tags | paper, forensics
systems | linux, apple, osx
MD5 | fac4b2bf6db6bfdea8da11c5c3607f7d
NRPE 2.15 Remote Command Execution
Posted Aug 28, 2014
Authored by Dawid Golunski, Claudio Viviani

NRPE version 2.15 remote command execution exploit written in Python.

tags | exploit, remote, python
advisories | CVE-2014-2913
MD5 | 4b0b57ab99b65f8ef2ab1855d3a61cbd
DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS
Posted Aug 28, 2014
Authored by Haider Mahmood

DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 7327c89ee1f75ee1b3df7335da2449a5
Jappix Cross Site Scripting
Posted Aug 28, 2014
Authored by Provensec

Jappix suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 93fbb0ecd176a2ff77362057c52b9bba
Lynis Auditing Tool 1.6.0
Posted Aug 28, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added several new plugins to default profile. HostID detection for AIX added. Improvements for log file added and the GetHostID function improved. Various other updates.
tags | tool, scanner
systems | unix
MD5 | 8cc7325f7f4e8cc1f4e1396fca428124
F5 BIG-IP 11.5.1 Cross Site Scripting
Posted Aug 28, 2014
Authored by S. Viehbock | Site sec-consult.com

F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-4023
MD5 | 1edf12bed5c1cdadc32d85e80675f569
Page 1 of 14
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close