exploit the possibilities
Showing 1 - 25 of 31 RSS Feed

Files Date: 2014-10-15

OpenSSL Toolkit 1.0.1j
Posted Oct 15, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Multiple memory leaks fixed. SSLV3 Fallback and various other security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
MD5 | f7175c9cd3c39bb1907ac8bba9df8ed3
Oracle Database Java VM Security Vulnerabilities
Posted Oct 15, 2014
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 824d0169d4241aa782b44f5cbcc7e361
Red Hat Security Advisory 2014-1648-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1648-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-22, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
MD5 | 80d9902705b770d46c3521c0a167a0cb
Red Hat Security Advisory 2014-1647-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1647-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

tags | advisory, remote, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2014-1574, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581
MD5 | c24c5964a0ae870d38ad24408749517f
Ubuntu Security Notice USN-2384-1
Posted Oct 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2384-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
MD5 | a2a1e334e0864e5cb11869ab907434a9
Firefox / MSIE Memory Disclosure Bugs
Posted Oct 15, 2014
Authored by Michal Zalewski

Firefox versions prior to 33 leak bits of uninitialized memory when rendering certain types of truncated images onto canvas tags. Secondly, MSRC case #19611cz is a seemingly similar issue with Internet Explorer apparently using bits of uninitialized stack data when handling JPEG files with an oddball DHT.

tags | exploit, info disclosure
systems | linux
advisories | CVE-2014-1580
MD5 | a6fd1b857406db9ee6fa15a5da2c9a8b
ADF Faces 12.1.2.0 Cross Site Scripting
Posted Oct 15, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

ADF Faces version 12.1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 92cfe913c70c05fd20b854dbac5bf753
WordPress WP Google Maps 6.0.26 Cross Site Scripting
Posted Oct 15, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress WP Google Maps plugin version 6.0.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7182
MD5 | 5a0b72d92fde4f1cbd2d0fba607de425
WordPress MaxButtons 1.26.0 Cross Site Scripting
Posted Oct 15, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress MaxButtons plugin version 1.26.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7181
MD5 | 842620ae4b70808fa46bca3845047be6
HP Security Bulletin HPSBUX03139 SSRT101608
Posted Oct 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03139 SSRT101608 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for HP-UX. The vulnerability could be exploited remotely to allow cross-site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
systems | hpux
advisories | CVE-2014-7874
MD5 | 4d10a805371865cbe5bfb8af2dd8c8f3
Microsoft Security Bulletin Revision Increment For October, 2014
Posted Oct 15, 2014
Site microsoft.com

This bulletin summary notes that MS14-042 has undergone a major revision increment as of October 14, 2014.

tags | advisory
MD5 | d60b06f1496d71554cfecbbc146c97be
Microsoft Security Bulletin Re-Release For October, 2014
Posted Oct 15, 2014
Site microsoft.com

This bulletin summary lists eight re-released Microsoft security bulletins for October, 2014.

tags | advisory
MD5 | 8158fdf9c2abc5986360ece2ebd5bfac
Ubuntu Security Notice USN-2373-1
Posted Oct 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2373-1 - Bobby Holley, Christian Holler, David Bolter, Byron Campen and Jon Coppeard discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during CSS manipulation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1585, CVE-2014-1586
MD5 | 2eb36a7b94792c32944cc9faacc22b85
Debian Security Advisory 3049-1
Posted Oct 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3049-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
MD5 | 95e00d14bd538f3dbc6e2ffb3e07ea37
Red Hat Security Advisory 2014-1636-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1636-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6468, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558, CVE-2014-6562
MD5 | 7b1dd1bbaa2162f2d2dad771feb3077f
Red Hat Security Advisory 2014-1634-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1634-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | 4f81088b4eb5d1d1a88aca60a59c8d60
Red Hat Security Advisory 2014-1620-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1620-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | ba2fab0e61b33d502abe87b02e101e84
Red Hat Security Advisory 2014-1633-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1633-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
MD5 | b896fa0e47cdf7fa09b98a953d656b19
Red Hat Security Advisory 2014-1635-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1635-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583
MD5 | 26f12d173073625c05682337300af5bf
Indeed Job Search 2.5 Cross Site Scripting
Posted Oct 15, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Indeed Job Search version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 38d47294a46a9305b248d3a7e56fd37f
PayPal Inc iOS Mobile Application - Banking 4.6.0 Bypass
Posted Oct 15, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal Inc iOS Mobile Application - Banking version 4.6.0 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
systems | ios
MD5 | 5e0b01bd2dd235105852837416bdc423
PayPal Inc MultiOrderShipping API Filter Bypass / Persistent XML
Posted Oct 15, 2014
Authored by Ateeq ur Rehman Khan | Site vulnerability-lab.com

The PayPal Inc MultiOrderShipping API suffered from filter bypass and persistent XML vulnerabilities.

tags | exploit, vulnerability
MD5 | 52be64fd67033178402826d3d81d8f55
PayPal Inc Shipping Cross Site Scripting
Posted Oct 15, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

The PayPal Inc shipping application suffered form a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 513a51cdebc5732e43d85b93b5189224
Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
Posted Oct 15, 2014
Authored by Matt Bergin, Jay Smith | Site metasploit.com

A vulnerability within Microsoft Bluetooth Personal Area Networking module, BthPan.sys, can allow an attacker to inject memory controlled by the attacker into an arbitrary location. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile.

tags | exploit, arbitrary
advisories | CVE-2014-4971
MD5 | 035cf8c93123fb58d0f2fc4a5ffc401b
Lynis Auditing Tool 1.6.3
Posted Oct 15, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added tests for Shellshock bash vulnerability. Added test to determine if Snoopy is used. New test for qdaemon configuration file. Various other changes and improvements.
tags | tool, scanner
systems | unix
MD5 | c0021b55fb54106faec039105944872d
Page 1 of 2
Back12Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    1 Files
  • 27
    Sep 27th
    1 Files
  • 28
    Sep 28th
    20 Files
  • 29
    Sep 29th
    15 Files
  • 30
    Sep 30th
    91 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close