what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-10-06

VIGOR 2130 Command Injection / Cross Site Request Forgery
Posted Oct 6, 2014
Authored by Erik-Paul Dittmer, Victor van der Veen

VIGOR 2130 suffers from command injection and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 158da6869360c34440401b7d762e6ad0e7bc58128556d9bb4750ab4cd08a562e
Mandos Encrypted File System Unattended Reboot Utility 1.6.9
Posted Oct 6, 2014
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Changed to emit standard D-Bus signal when D-Bus properties change.
tags | tool, remote, root
systems | linux, unix
SHA-256 | bf04b7786c5c29409ca48454de25aa3e70f2bbd3428a393d3424069f89e3a40e
Apache mod_cgi Remote Command Execution
Posted Oct 6, 2014
Authored by Federico Galatolo

Apache mod_cgi remote command execution exploit that leverages shellshock.

tags | exploit, remote
advisories | CVE-2014-6271
SHA-256 | aa65be966107716b7bbf1adb14837e5908955fc01c55881d0c81e03aed890e9c
Postfix SMTP Shellshock
Posted Oct 6, 2014
Authored by fattymcwopr

Postfix SMTP with procmail shellshock exploit that affects versions 4.2.x up through 4.2.48.

tags | exploit
advisories | CVE-2014-6271
SHA-256 | 2defb18f0a8b00ec8fed37883f8a633b4382c93a3edfdbab3f7778291f08879a
Red Hat Security Advisory 2014-1359-01
Posted Oct 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1359-01 - Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent, which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2014-5033
SHA-256 | 0fee47ca432cafc7ca8247b552b997a272c16bd14b4202c52afa29007073c237
CA Technologies GNU Bash Shellshock
Posted Oct 6, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.

tags | advisory, remote, arbitrary, local, vulnerability, bash
advisories | CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
SHA-256 | 3db7713d504c91a2a12a2610e9cd8a98e74b36f790d1df3c77d0e4b33c6098c5
Gentoo Linux Security Advisory 201410-01
Posted Oct 6, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201410-1 - Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Versions less than 4.2_p52 are affected.

tags | advisory, remote, denial of service, bash
systems | linux, gentoo
advisories | CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, CVE-2014-7187
SHA-256 | 97311eeb89e6cca85680a723ad6c691b7e5512cffffb554a2af1e30435ca6ef6
Debian Security Advisory 3046-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3046-1 - It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.

tags | advisory, javascript
systems | linux, debian
advisories | CVE-2014-7295
SHA-256 | a8c028bd8f5b773c2db161c0427d597f71d4ffad2009685a807ddd29f797ca7b
Debian Security Advisory 3045-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3045-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640
SHA-256 | 70386335468c79a9bd2bd25b77c7a646092311f40b2f6b2d2f8c4b641e26f40f
Debian Security Advisory 3044-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3044-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640
SHA-256 | e8599a5674fc1ceb3a5eeb1f77badb3c647eb985a9f21338ab517290856e4b31
Debian Security Advisory 3042-1
Posted Oct 6, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3042-1 - Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-7204
SHA-256 | 43df66ca231a1e10d06ae38318336afbff48e864d01026eb0f490e50624f4e13
Ultra Electronics 7.2.0.19 / 7.4.0.7 SQL Injection / Direction Creation
Posted Oct 6, 2014
Site osisecurity.com

Ultra Electronics versions 7.2.0.19 and 7.4.0.7 suffers from directory creation and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 2cb3e712f11a6279888f18aee5eaa0b8a3c583bc84ae88e70b4594bc9877d20a
Asx To MP3 2.7.5 Stack Buffer Overflow
Posted Oct 6, 2014
Authored by Amir Reza Tavakolian

Asx To MP3 version 2.7.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | bef28d8b1c7084a05d5cc8583507b55c91b58580a99283830469ba36a799ccf2
PayPal Inc GP+ Cross Site Scripting
Posted Oct 6, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The PayPal Inc GP+ online service web application suffered from cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 50c0dae176ef91f6e6e660139b18ce37e3a4639a510c409d420554ceb0da093f
PayPal Here Cross Site Scripting
Posted Oct 6, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The PayPal Here mobile notify me online service web application suffered from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 2b11836909e30915503c7ee6c890fa917b33517dde5f9c9619d253b76cc1e341
TeamSpeak Client 3.0.14 Buffer Overflow
Posted Oct 6, 2014
Authored by Christian Galeone, SpyEye

TeamSpeak Client version 3.0.14 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2014-7221, CVE-2014-7222
SHA-256 | 295b37f295776501806fbc213aa99959eb696a5c44acb220c32bbb53d6a614b2
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close