Twenty Year Anniversary
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-02

Ubuntu Security Notice USN-2368-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2368-1 - It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.

tags | advisory, remote, udp
systems | linux, ubuntu
advisories | CVE-2013-2061
MD5 | 5c4a720e31a6e269ecb95073fcebb84f
Ubuntu Security Notice USN-2367-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2367-1 - For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used that would truncate the cipher list. This would prevent certain ciphers from being selected, and would prevent secure renegotiations. This update removes the cipher list truncation workaround when forcing the use of TLSv1.2.

tags | advisory
systems | linux, ubuntu
MD5 | a2502cfa6f99866341ba9172f48404d4
RBS Change Complet Open Source Cross Site Request Forgery
Posted Oct 2, 2014
Authored by KrustyHack

RBS Change Complet Open Source suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | fe26e21ad8ecab53f9870efba2ae98a6
GNU Bash 4.3.11 dhclient Shellshocker
Posted Oct 2, 2014
Authored by @0x00string

GNU Bash version 4.3.11 environment variable dhclient shellshocker exploit.

tags | exploit, bash
advisories | CVE-2014-6277
MD5 | 1abd5b014bbab78f07b7c14f8cb320b4
HTTP File Server 2.3a / 2.3b / 2.3c Remote Command Execution
Posted Oct 2, 2014
Authored by Daniele Linguaglossa

HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability.

tags | exploit, remote, web
advisories | CVE-2014-7226
MD5 | 46245895abd3b61dd4adc44a1236b299
Kolibri Webserver 2.0 Buffer Overflow
Posted Oct 2, 2014
Authored by tekwizz123

Kolibri Webserver version 2.0 buffer overflow exploit with EMET 5.0 and EMET 4.1 partial bypass.

tags | exploit, overflow, bypass
advisories | CVE-2014-5289
MD5 | edcd92689dc9f5052b69f6f690f72fa2
CarolinaCon 2015 Call For Papers
Posted Oct 2, 2014
Site carolinacon.org

CarolinaCon is now accepting speaker/paper/demo submissions for its 11th annual conference. This event will be held March 20th through the 22nd, 2015 in Raleigh, NC, USA.

tags | paper, conference
MD5 | 2cbf6264a99d5067b21a201e9086e7fa
AllMyVisitors 0.5.0 SQL Injection
Posted Oct 2, 2014
Authored by indoushka

AllMyVisitors version 0.5.0 suffers from multiple remote blind SQL injection vulnerabilities related to authentication bypass during login, cookie handling, and header handling.

tags | exploit, remote, vulnerability, sql injection
MD5 | fbed2852fbe1fe51437ea47f410addf4
PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution
Posted Oct 2, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

PHPCompta/NOALYSS version 6.7.1 5638 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-6389
MD5 | d4225b7bed09d01bdc21bad434b13348
WordPress Content Audit 1.6 Blind SQL Injection
Posted Oct 2, 2014
Authored by Tom Adams

WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5389
MD5 | 227acafdb966f1eaf2fed7d163719953
PXE Exploit Server
Posted Oct 2, 2014
Authored by scriptjunkie | Site metasploit.com

This Metasploit module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing the payload on the hard drive of any Windows partition seen. Note: the displayed IP address of a target is the address this DHCP server handed out, not the "normal" IP address the host uses.

tags | exploit, kernel
systems | linux, windows
MD5 | d460fa9283cb3c389b17f5af2fdbe6c8
Pure-FTPd External Authentication Bash Environment Variable Code Injection
Posted Oct 2, 2014
Authored by Frank Denis, Spencer McIntyre, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.

tags | exploit, bash
advisories | CVE-2014-6271
MD5 | 1509d16ef5a69d2e95b0b3996782eef8
XShock 0.1
Posted Oct 2, 2014
Authored by Sector-X

XShock is a python script that exploits the recent bash vulnerability. It includes four reverse shells that can be used during the attack.

tags | exploit, shell, python, bash
systems | unix
advisories | CVE-2014-6271
MD5 | 792926406932e4a20936228b578fab08
Chatroom Client / Server With AES Encryption Support
Posted Oct 2, 2014
Authored by Juan J. Fernandez Lopez | Site tcpapplication.com

This is a chat system composed of a TCP/IP server daemon in C and its corresponding java client. You can chat with other peers in clear text or AES password based encryption on your own computer network. The AES password encryption and decryption functions is based on 128 bit key which is padded using SHA-256 applied to the provided password. Further details with instructions in README file.

tags | tool, java, tcp
systems | unix
MD5 | 110fc966ced185230e125656f3416ddb
Red Hat Security Advisory 2014-1351-01
Posted Oct 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1351-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0034, CVE-2014-0035, CVE-2014-0074, CVE-2014-0107, CVE-2014-0109, CVE-2014-0110, CVE-2014-0168, CVE-2014-0193, CVE-2014-0225
MD5 | 2cb7c95a13feefb84613d912885eae74
Red Hat Security Advisory 2014-1352-01
Posted Oct 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1352-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3633, CVE-2014-3657
MD5 | fbadcb17ec4b3d567c5deb0d15b66357
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close