what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2014-09-18

WatchGuard XTM 11.8.3 Cross Site Scripting
Posted Sep 18, 2014
Authored by William Costa

WatchGuard XTM version 11.8.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 28653a9ce5d4db57c8abb7dd1263d077616114f7796467876c715230ceaffa98
Apple Foundation NSXMLParser XML eXternal Entity (XXE)
Posted Sep 18, 2014
Authored by George D. Gal | Site vsecurity.com

In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.

tags | advisory, remote, denial of service, info disclosure, xxe
systems | apple, osx
advisories | CVE-2014-4374
SHA-256 | af1807dc188fc9b6e13cebb3ebe39700f51b071e81849be0f02375f2c6778418
Netgear Download Center Cross Site Scripting / Open Redirect
Posted Sep 18, 2014
Authored by Claudio Viviani

downloadcenter.netgear.com suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 60a82711956e8b58fd95979ae9a77382e6d217c936db9096da12b031ae315d28
Asterisk Project Security Advisory - AST-2014-010
Posted Sep 18, 2014
Authored by Matt Jordan, Philippe Lindheimer | Site asterisk.org

Asterisk Project Security Advisory - When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module. Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.

tags | advisory
SHA-256 | 83253f08b336ac5b6aac9462d511a7478d879722c5b915b26d3b93cf9082d978
Asterisk Project Security Advisory - AST-2014-009
Posted Sep 18, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to trigger a crash in Asterisk by sending a SIP SUBSCRIBE request with unexpected mixes of headers for a given event package. The crash occurs because Asterisk allocates data of one type at one layer and then interprets the data as a separate type at a different layer. The crash requires that the SUBSCRIBE be sent from a configured endpoint, and the SUBSCRIBE must pass any authentication that has been configured. Note that this crash is Asterisk's PJSIP-based res_pjsip_pubsub module and not in the old chan_sip module.

tags | advisory
SHA-256 | 1aa9c0ed7726161fa37c98a6ed477a60bbea2afc25657fb55981f7558fc19432
Oracle MyOracle Filter Bypass
Posted Sep 18, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Oracle's MyOracle allows for malicious script code insertion into outbound emails.

tags | exploit
SHA-256 | 2fcd6931ec20a2d7cf11ff686d410dc910c65f0bee51657c6a8291716070a75b
Red Hat Security Advisory 2014-1265-01
Posted Sep 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1265-01 - In accordance with the Red Hat OpenShift Enterprise Life Cycle Policy, the two-year life cycle of Production Support for version 1.2 will end on November 27, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date.

tags | advisory
systems | linux, redhat
SHA-256 | 3008650afd771d0fdaa861ecd563b5df2618358af3fa821f9b0b174ac9c4578e
Red Hat Security Advisory 2014-1263-01
Posted Sep 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1263-01 - Red Hat Storage is software-only, scale-out storage that provides flexible and affordable unstructured data storage for an enterprise. GlusterFS, a key building block of Red Hat Storage, is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU.

tags | advisory, remote, denial of service, python
systems | linux, redhat
advisories | CVE-2013-2099
SHA-256 | 07935517a1160d0ddf3e661cb88a20de2f6f667843baa9ea71638f4e8bdc0550
Page 1 of 1

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By