exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

Files Date: 2014-09-18

WatchGuard XTM 11.8.3 Cross Site Scripting
Posted Sep 18, 2014
Authored by William Costa

WatchGuard XTM version 11.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 035e645db8b8b46a4427209488566486
Apple Foundation NSXMLParser XML eXternal Entity (XXE)
Posted Sep 18, 2014
Authored by George D. Gal | Site vsecurity.com

In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.

tags | advisory, remote, denial of service, info disclosure, xxe
systems | apple, osx
advisories | CVE-2014-4374
MD5 | 0c9f3ececdf22fb201e7df1d53e7c95e
Netgear Download Center Cross Site Scripting / Open Redirect
Posted Sep 18, 2014
Authored by Claudio Viviani

downloadcenter.netgear.com suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 868aabc15ded0f91bc2957b792a87c9b
Asterisk Project Security Advisory - AST-2014-010
Posted Sep 18, 2014
Authored by Matt Jordan, Philippe Lindheimer | Site asterisk.org

Asterisk Project Security Advisory - When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module. Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.

tags | advisory
MD5 | 1bf9a3407b5481e77edf775e3ccb0912
Asterisk Project Security Advisory - AST-2014-009
Posted Sep 18, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to trigger a crash in Asterisk by sending a SIP SUBSCRIBE request with unexpected mixes of headers for a given event package. The crash occurs because Asterisk allocates data of one type at one layer and then interprets the data as a separate type at a different layer. The crash requires that the SUBSCRIBE be sent from a configured endpoint, and the SUBSCRIBE must pass any authentication that has been configured. Note that this crash is Asterisk's PJSIP-based res_pjsip_pubsub module and not in the old chan_sip module.

tags | advisory
MD5 | 7ce4cdb7ad305b8527772e29666abf3a
Oracle MyOracle Filter Bypass
Posted Sep 18, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Oracle's MyOracle allows for malicious script code insertion into outbound emails.

tags | exploit
MD5 | 630ac2781b4cc8bb1856b41eb598c1ae
Red Hat Security Advisory 2014-1265-01
Posted Sep 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1265-01 - In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date.

tags | advisory
systems | linux, redhat
MD5 | 168cb79e971678b327944b1b0d868b17
Red Hat Security Advisory 2014-1263-01
Posted Sep 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1263-01 - Red Hat Storage is software-only, scale-out storage that provides flexible and affordable unstructured data storage for an enterprise. GlusterFS, a key building block of Red Hat Storage, is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

tags | advisory, remote, denial of service, python
systems | linux, redhat
advisories | CVE-2013-2099
MD5 | 4670c4aa83b192f032647146bf5fbc5d
Page 1 of 1

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    8 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By