what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-02

Ubuntu Security Notice USN-2368-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2368-1 - It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.

tags | advisory, remote, udp
systems | linux, ubuntu
advisories | CVE-2013-2061
SHA-256 | d23623be892ad4e3082d9de02d10de4f885746f733ac9a7916528d54aa86b3b6
Ubuntu Security Notice USN-2367-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2367-1 - For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used that would truncate the cipher list. This would prevent certain ciphers from being selected, and would prevent secure renegotiations. This update removes the cipher list truncation workaround when forcing the use of TLSv1.2.

tags | advisory
systems | linux, ubuntu
SHA-256 | c7bc1e2bc55522dff021711ec7896b1f0c97c415a19f52063c7354fbcf3c3bc5
RBS Change Complet Open Source Cross Site Request Forgery
Posted Oct 2, 2014
Authored by KrustyHack

RBS Change Complet Open Source suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d43040fd7032e2ecb3e882ad775ad21c302409504829f119ffc7016979f2dfff
GNU Bash 4.3.11 dhclient Shellshocker
Posted Oct 2, 2014
Authored by @0x00string

GNU Bash version 4.3.11 environment variable dhclient shellshocker exploit.

tags | exploit, bash
advisories | CVE-2014-6277
SHA-256 | 0a0a25be13735fb37391eb0c2dcea9b3ca159ae100cf4ca70c8f452cd9a34b16
HTTP File Server 2.3a / 2.3b / 2.3c Remote Command Execution
Posted Oct 2, 2014
Authored by Daniele Linguaglossa

HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability.

tags | exploit, remote, web
advisories | CVE-2014-7226
SHA-256 | 719b732e5e72911d054b6ed18ca5b6c8966afb541239db03bc1b69bb8709be8d
Kolibri Webserver 2.0 Buffer Overflow
Posted Oct 2, 2014
Authored by tekwizz123

Kolibri Webserver version 2.0 buffer overflow exploit with EMET 5.0 and EMET 4.1 partial bypass.

tags | exploit, overflow, bypass
advisories | CVE-2014-5289
SHA-256 | ed20a7e13c0f3d161d5a027baacc2e3b5ba210b5711b12193b08d2d80ae17434
CarolinaCon 2015 Call For Papers
Posted Oct 2, 2014
Site carolinacon.org

CarolinaCon is now accepting speaker/paper/demo submissions for its 11th annual conference. This event will be held March 20th through the 22nd, 2015 in Raleigh, NC, USA.

tags | paper, conference
SHA-256 | da014c647f7df6dd455bac1fc78570689cdba3cecad42f10ab38476209cc6514
AllMyVisitors 0.5.0 SQL Injection
Posted Oct 2, 2014
Authored by indoushka

AllMyVisitors version 0.5.0 suffers from multiple remote blind SQL injection vulnerabilities related to authentication bypass during login, cookie handling, and header handling.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 352c44152e3fc4d8542ed9a4dae4f7fd788f7572a22248f0a2ced71ce2342ba6
PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution
Posted Oct 2, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

PHPCompta/NOALYSS version 6.7.1 5638 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-6389
SHA-256 | e5dadc97a8bfeed94c0f053016901c520e21d4b7c1fe8bc95edda9f788efe878
WordPress Content Audit 1.6 Blind SQL Injection
Posted Oct 2, 2014
Authored by Tom Adams

WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5389
SHA-256 | 6d1bb6dd85f2116cd4554ec0396d40bab0f7320fa84b6159add034a733189115
PXE Exploit Server
Posted Oct 2, 2014
Authored by scriptjunkie | Site metasploit.com

This Metasploit module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing the payload on the hard drive of any Windows partition seen. Note: the displayed IP address of a target is the address this DHCP server handed out, not the "normal" IP address the host uses.

tags | exploit, kernel
systems | linux, windows
SHA-256 | eccfe4bccc8cc819b0c0b0ed3f9685768bdbfd924bcd34807ff51c586f845e6a
Pure-FTPd External Authentication Bash Environment Variable Code Injection
Posted Oct 2, 2014
Authored by Frank Denis, Spencer McIntyre, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ec
XShock 0.1
Posted Oct 2, 2014
Authored by Sector-X

XShock is a python script that exploits the recent bash vulnerability. It includes four reverse shells that can be used during the attack.

tags | exploit, shell, python, bash
systems | unix
advisories | CVE-2014-6271
SHA-256 | 1a8bd993f5c64870806410d5fe62dac2cabbf441a4227dac519d0b5a72ebef22
Chatroom Client / Server With AES Encryption Support
Posted Oct 2, 2014
Authored by Juan J. Fernandez Lopez | Site tcpapplication.com

This is a chat system composed of a TCP/IP server daemon in C and its corresponding java client. You can chat with other peers in clear text or AES password based encryption on your own computer network. The AES password encryption and decryption functions is based on 128 bit key which is padded using SHA-256 applied to the provided password. Further details with instructions in README file.

tags | tool, java, tcp
systems | unix
SHA-256 | e1e3759df7fa1d7a5f9c56b174462e9d9ee500fa34e49a29f464a71d82647c56
Red Hat Security Advisory 2014-1351-01
Posted Oct 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1351-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0034, CVE-2014-0035, CVE-2014-0074, CVE-2014-0107, CVE-2014-0109, CVE-2014-0110, CVE-2014-0168, CVE-2014-0193, CVE-2014-0225
SHA-256 | 0a41b2ae2b2a8bba9d00bf851faa35848af9eabb7c40a1c1a02ef02e737b9677
Red Hat Security Advisory 2014-1352-01
Posted Oct 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1352-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3633, CVE-2014-3657
SHA-256 | 3227a2789c9b0ba77b00e40c13fdd0d7741d09b78e22e4b49b90b0b7944aaf8a
Page 1 of 1

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By