what you don't know can hurt you
Showing 1 - 23 of 23 RSS Feed

Files Date: 2014-10-03

HP Security Bulletin HPSBMU02895 SSRT101253 3
Posted Oct 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02895 SSRT101253 3 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2013-2344, CVE-2013-2345, CVE-2013-2346, CVE-2013-2347, CVE-2013-2348, CVE-2013-2349, CVE-2013-2350, CVE-2013-6194, CVE-2013-6195
MD5 | 14a88d8c8f39b93b3f09787dec2eb83c
HP Security Bulletin HPSBMU03118
Posted Oct 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03118 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss
systems | linux, windows
advisories | CVE-2013-2644, CVE-2014-2643, CVE-2014-2644, CVE-2014-2645
MD5 | 355f0faf3518a224be2c44149f3452d0
Ultra Electronics SSL VPN 7.2.0.19 / 7.4.0.7 SQL Injection / Directory Creation
Posted Oct 3, 2014
Authored by Patrick Webster

Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | c14a5043b81312f347548efa8b574674
HP Security Bulletin HPSBHF03124
Posted Oct 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03124 - Potential security vulnerabilities have been identified with certain HP Thin Clients running bash. The vulnerabilities, known as shellshock could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-7169
MD5 | 0754796f002e67a22c307112713231b9
HP Security Bulletin HPSBHF03119 2
Posted Oct 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03119 2 - A potential security vulnerability has been identified with HP DreamColor Z27x Professional Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: Only the HP DreamColor Z27x model is vulnerable. Revision 2 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-6271, CVE-2014-7169
MD5 | fec01a28cde2d745e16691f3466cc403
Mandriva Linux Security Advisory 2014-193
Posted Oct 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-193 - A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-4002
MD5 | 9fef816de2870e5929c87d7e6d8631c3
Mandriva Linux Security Advisory 2014-192
Posted Oct 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-192 - The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via an empty quoted string in an RFC 2822 address. The Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service via vectors related to backtracking into the phrase.

tags | advisory, remote, denial of service, perl
systems | linux, mandriva
advisories | CVE-2014-0477, CVE-2014-4720
MD5 | a23dafdcbef4536016bec1dfd6dce173
Mandriva Linux Security Advisory 2014-195
Posted Oct 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-195 - An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. The updated libvirt packages have been upgraded to the 1.1.3.6 version and patched to resolve these security flaws.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-3633, CVE-2014-3657
MD5 | b7ef4ec6dc97bf0be109ef7af7928651
Mandriva Linux Security Advisory 2014-194
Posted Oct 3, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-194 - With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-7217
MD5 | 97fc1e4379152cb58896ac2e34f20213
Ubuntu Security Notice USN-2369-1
Posted Oct 3, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2369-1 - It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3587
MD5 | ba54454edc25727c2de7da3f01c53bcd
WordPress BulletProof Security 50.8 Script Insertion
Posted Oct 3, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WordPress BulletProof Security plugin version 50.8 suffers from a script insertion vulnerability.

tags | exploit
MD5 | 8fde812fee3099ff709f4bfba1076b60
Shellshock Bashed CGI RCE
Posted Oct 3, 2014
Authored by Fady Mohamed Osman, Stephane Chazelas | Site metasploit.com

This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.

tags | exploit, cgi
advisories | CVE-2014-6271
MD5 | 773d0a059a29f1fbe77093d1a3f5379a
HTTP Commander AJS 3.1.9 Exception Cross Site Scripting
Posted Oct 3, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

HTTP Commander AJS version 3.1.9 suffers from a cross site scripting vulnerability that can be exploited via exception handling.

tags | exploit, web, xss
MD5 | f151cc6200d6a66cdc6b9407d3f69cd7
Advanced Information Security Shellshock Scanner
Posted Oct 3, 2014
Authored by Nicholas Lemonias

AIS shellshock scanning tool that leverages the User-Agent header against a large list of possible targets. Written in C.

tags | exploit
MD5 | 74ab1fba2486673b18ce5c1a7900ba50
PayPal France Mail Encoding Script Insertion
Posted Oct 3, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal France suffered from a mail encoding script insertion vulnerability.

tags | exploit
MD5 | 435417f1e5f270951d4bef17ea2fe8af
Elasticsearch 1.3.x CORS Issue
Posted Oct 3, 2014
Authored by Jordan Sissel

Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user's browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise.

tags | advisory, local
advisories | CVE-2014-6439
MD5 | 0f8a57cde7567ce6ca8a60f8edb33116
ZyXEL SBG-3300 Security Gateway Cross Site Scripting
Posted Oct 3, 2014
Authored by Mirko Casadei

ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7277
MD5 | 1ba01cd0971e92d0eb7e4771d66c71cc
ZyXEL SBG-3300 Security Gateway Denial Of Service
Posted Oct 3, 2014
Authored by Mirko Casadei

ZyXEL SBG-3300 Security Gateway suffers from a malicious javascript denial of service vulnerability.

tags | exploit, denial of service, javascript
advisories | CVE-2014-7278
MD5 | 282b257bf5b5859ca0c24098bf1f14ef
ElfChat 5.2.0 Pro Cross Site Scripting
Posted Oct 3, 2014
Authored by indoushka

ElfChat version 5.2.0 Pro suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b3286d8ac49587ad62d6328987d3cc84
oclHashcat For NVidia 1.31
Posted Oct 3, 2014
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.

Changes: Added various new hash modes. Added support for NV CUDA 6.5. Various other updates
tags | tool, cracker
MD5 | b07045784ec7f4913293ea2cc6eac5ca
oclHashcat For AMD 1.31
Posted Oct 3, 2014
Authored by Kartan | Site hashcat.net

oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.

Changes: Added various new hash modes. Added support for AMD Catalyst 14.9. Various other updates
tags | tool, cracker
MD5 | 81f00b1f345a27e0edffae693707943c
Red Hat Security Advisory 2014-1354-01
Posted Oct 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1354-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, kernel, bash
systems | linux, redhat
advisories | CVE-2014-1568, CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | b5445223c3bf06729754cd306a178e13
Red Hat Security Advisory 2014-1317-01
Posted Oct 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1317-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that Red Hat CloudForms exposed default routes that were reachable via HTTP requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2014-0140, CVE-2014-3642
MD5 | 656a1f5ce8f882d87c399d70998524e1
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close