what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-02

Ubuntu Security Notice USN-2368-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2368-1 - It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could possibly be used to perform a plaintext recovery attack.

tags | advisory, remote, udp
systems | linux, ubuntu
advisories | CVE-2013-2061
SHA-256 | d23623be892ad4e3082d9de02d10de4f885746f733ac9a7916528d54aa86b3b6
Ubuntu Security Notice USN-2367-1
Posted Oct 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2367-1 - For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used that would truncate the cipher list. This would prevent certain ciphers from being selected, and would prevent secure renegotiations. This update removes the cipher list truncation workaround when forcing the use of TLSv1.2.

tags | advisory
systems | linux, ubuntu
SHA-256 | c7bc1e2bc55522dff021711ec7896b1f0c97c415a19f52063c7354fbcf3c3bc5
RBS Change Complet Open Source Cross Site Request Forgery
Posted Oct 2, 2014
Authored by KrustyHack

RBS Change Complet Open Source suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | d43040fd7032e2ecb3e882ad775ad21c302409504829f119ffc7016979f2dfff
GNU Bash 4.3.11 dhclient Shellshocker
Posted Oct 2, 2014
Authored by @0x00string

GNU Bash version 4.3.11 environment variable dhclient shellshocker exploit.

tags | exploit, bash
advisories | CVE-2014-6277
SHA-256 | 0a0a25be13735fb37391eb0c2dcea9b3ca159ae100cf4ca70c8f452cd9a34b16
HTTP File Server 2.3a / 2.3b / 2.3c Remote Command Execution
Posted Oct 2, 2014
Authored by Daniele Linguaglossa

HTTP File Server versions 2.3a, 2.3b, and 2.3c suffer from a remote command execution vulnerability.

tags | exploit, remote, web
advisories | CVE-2014-7226
SHA-256 | 719b732e5e72911d054b6ed18ca5b6c8966afb541239db03bc1b69bb8709be8d
Kolibri Webserver 2.0 Buffer Overflow
Posted Oct 2, 2014
Authored by tekwizz123

Kolibri Webserver version 2.0 buffer overflow exploit with EMET 5.0 and EMET 4.1 partial bypass.

tags | exploit, overflow, bypass
advisories | CVE-2014-5289
SHA-256 | ed20a7e13c0f3d161d5a027baacc2e3b5ba210b5711b12193b08d2d80ae17434
CarolinaCon 2015 Call For Papers
Posted Oct 2, 2014
Site carolinacon.org

CarolinaCon is now accepting speaker/paper/demo submissions for its 11th annual conference. This event will be held March 20th through the 22nd, 2015 in Raleigh, NC, USA.

tags | paper, conference
SHA-256 | da014c647f7df6dd455bac1fc78570689cdba3cecad42f10ab38476209cc6514
AllMyVisitors 0.5.0 SQL Injection
Posted Oct 2, 2014
Authored by indoushka

AllMyVisitors version 0.5.0 suffers from multiple remote blind SQL injection vulnerabilities related to authentication bypass during login, cookie handling, and header handling.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 352c44152e3fc4d8542ed9a4dae4f7fd788f7572a22248f0a2ced71ce2342ba6
PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution
Posted Oct 2, 2014
Authored by Jerzy Kramarz | Site portcullis-security.com

PHPCompta/NOALYSS version 6.7.1 5638 suffers from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2014-6389
SHA-256 | e5dadc97a8bfeed94c0f053016901c520e21d4b7c1fe8bc95edda9f788efe878
WordPress Content Audit 1.6 Blind SQL Injection
Posted Oct 2, 2014
Authored by Tom Adams

WordPress Content Audit plugin version 1.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-5389
SHA-256 | 6d1bb6dd85f2116cd4554ec0396d40bab0f7320fa84b6159add034a733189115
PXE Exploit Server
Posted Oct 2, 2014
Authored by scriptjunkie | Site metasploit.com

This Metasploit module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing the payload on the hard drive of any Windows partition seen. Note: the displayed IP address of a target is the address this DHCP server handed out, not the "normal" IP address the host uses.

tags | exploit, kernel
systems | linux, windows
SHA-256 | eccfe4bccc8cc819b0c0b0ed3f9685768bdbfd924bcd34807ff51c586f845e6a
Pure-FTPd External Authentication Bash Environment Variable Code Injection
Posted Oct 2, 2014
Authored by Frank Denis, Spencer McIntyre, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.

tags | exploit, bash
advisories | CVE-2014-6271
SHA-256 | d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ec
XShock 0.1
Posted Oct 2, 2014
Authored by Sector-X

XShock is a python script that exploits the recent bash vulnerability. It includes four reverse shells that can be used during the attack.

tags | exploit, shell, python, bash
systems | unix
advisories | CVE-2014-6271
SHA-256 | 1a8bd993f5c64870806410d5fe62dac2cabbf441a4227dac519d0b5a72ebef22
Chatroom Client / Server With AES Encryption Support
Posted Oct 2, 2014
Authored by Juan J. Fernandez Lopez | Site tcpapplication.com

This is a chat system composed of a TCP/IP server daemon in C and its corresponding java client. You can chat with other peers in clear text or AES password based encryption on your own computer network. The AES password encryption and decryption functions is based on 128 bit key which is padded using SHA-256 applied to the provided password. Further details with instructions in README file.

tags | tool, java, tcp
systems | unix
SHA-256 | e1e3759df7fa1d7a5f9c56b174462e9d9ee500fa34e49a29f464a71d82647c56
Red Hat Security Advisory 2014-1351-01
Posted Oct 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1351-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was discovered that Apache Shiro authenticated users without specifying a user name or a password when used in conjunction with an LDAP back end that allowed unauthenticated binds.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0034, CVE-2014-0035, CVE-2014-0074, CVE-2014-0107, CVE-2014-0109, CVE-2014-0110, CVE-2014-0168, CVE-2014-0193, CVE-2014-0225
SHA-256 | 0a41b2ae2b2a8bba9d00bf851faa35848af9eabb7c40a1c1a02ef02e737b9677
Red Hat Security Advisory 2014-1352-01
Posted Oct 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1352-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3633, CVE-2014-3657
SHA-256 | 3227a2789c9b0ba77b00e40c13fdd0d7741d09b78e22e4b49b90b0b7944aaf8a
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By