what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-09-04

ProjectDox 8.1 XSS / User Enumeration / Ciphertext Reuse
Posted Sep 4, 2014
Authored by CAaNES

ProjectDox version 8.1 suffers from cross site scripting, insecure direct object reference, ciphertext reuse, and user enumeration vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-5129, CVE-2014-5130, CVE-2014-5131, CVE-2014-5132
MD5 | 71cabf038d5fc22257e0337c93e0d33f
HP Security Bulletin HPSBMU03083 2
Posted Sep 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 2 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 166130a9f876e6eba35a28fde5e597b8
Gentoo Linux Security Advisory 201409-04
Posted Sep 4, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-4 - Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges. Versions less than 5.5.39 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1861, CVE-2013-2134, CVE-2013-3839, CVE-2013-5767, CVE-2013-5770, CVE-2013-5786, CVE-2013-5793, CVE-2013-5807, CVE-2013-5860, CVE-2013-5881, CVE-2013-5882, CVE-2013-5891, CVE-2013-5894, CVE-2013-5908, CVE-2014-0001, CVE-2014-0384, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0427, CVE-2014-0430, CVE-2014-0431, CVE-2014-0433, CVE-2014-0437, CVE-2014-2419
MD5 | 98b0c3c82cc82dc24943025d9221f14d
Red Hat Security Advisory 2014-1147-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1147-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2014-3609
MD5 | 5aca0c445a29a49137e7b4979b487801
Red Hat Security Advisory 2014-1145-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1145-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1562, CVE-2014-1567
MD5 | 45974be3cbd33c9b3e304b9643269fa0
Red Hat Security Advisory 2014-1146-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1146-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2014-3577
MD5 | 0bdd673a31346a291a0501f8634ce59e
Red Hat Security Advisory 2014-1148-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1148-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.

tags | advisory, remote, web, overflow
systems | linux, redhat
advisories | CVE-2013-4115, CVE-2014-3609
MD5 | 277bbbcc62150badea47a6f5d04a70e7
Red Hat Security Advisory 2014-1144-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1144-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1562, CVE-2014-1567
MD5 | 3e2aac02d25b8397b3bb50a66dc12c61
Red Hat Security Advisory 2014-1149-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1149-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.3 release serves as a replacement for JBoss Operations Network 3.2.2, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0075, CVE-2014-0099
MD5 | 1d160a108e2337404980ff7389e53704
Red Hat Security Advisory 2014-1163-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1163-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | aa40477fbff174de77851b796b8c916a
Ubuntu Security Notice USN-2340-1
Posted Sep 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2340-1 - Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3618
MD5 | 7ddd57f807a0786a7a9a1ccd54c5c914
Red Hat Security Advisory 2014-1162-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1162-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 855dc4e43f626c65b48c9df4c9a6ba23
Mandriva Linux Security Advisory 2014-174
Posted Sep 4, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-174 - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such. The updated packages have been upgraded to the latest 2.2.29 version which is not vulnerable to this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2013-5704
MD5 | 8590a5436136039efe6f090a7fd52c08
Red Hat Security Advisory 2014-1161-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1161-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2014-3573
MD5 | a3371dd248f0490fdaf7d2a4234e5dc1
Red Hat Security Advisory 2014-1143-01
Posted Sep 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1143-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-3917
MD5 | 699c5cc46d4232ebdb4b869904bbaf3f
Xshopsaz CMS Cross Site Scripting / SQL Injection
Posted Sep 4, 2014
Authored by IeDb

Xshopsaz CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 6ff07bee4c82854a8b6134282cef4336
Impress CMS 1.3.7 Open Redirect
Posted Sep 4, 2014
Authored by Vadodil Joel Varghese

Impress CMS version 1.3.7 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 88b950017f294e7c593b709e387a3f16
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close