exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files Date: 2014-10-15

OpenSSL Toolkit 1.0.1j
Posted Oct 15, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Multiple memory leaks fixed. SSLV3 Fallback and various other security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3
Oracle Database Java VM Security Vulnerabilities
Posted Oct 15, 2014
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.

tags | exploit, java, vulnerability, proof of concept
systems | linux
SHA-256 | ecf11e83b5525ba9d476e4539ffb04359d6e5d4f9b76b0703665010c38864b7f
Red Hat Security Advisory 2014-1648-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1648-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-22, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
SHA-256 | 1518474dc019ece2e0dd6b35b8b736b5243ad5a094aae9c840ef5cacfa3d77cf
Red Hat Security Advisory 2014-1647-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1647-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.

tags | advisory, remote, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2014-1574, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581
SHA-256 | c935120444dd42549c6490a4443329554888cc0698eabaca9ff54d6ec2b1dd87
Ubuntu Security Notice USN-2384-1
Posted Oct 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2384-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
SHA-256 | edd8c0da1c9990ed9375968220e771edd1443af9b3d426ba28039844540ffaf4
Firefox / MSIE Memory Disclosure Bugs
Posted Oct 15, 2014
Authored by Michal Zalewski

Firefox versions prior to 33 leak bits of uninitialized memory when rendering certain types of truncated images onto canvas tags. Secondly, MSRC case #19611cz is a seemingly similar issue with Internet Explorer apparently using bits of uninitialized stack data when handling JPEG files with an oddball DHT.

tags | exploit, info disclosure
systems | linux
advisories | CVE-2014-1580
SHA-256 | 8b9a6d35010ff886448c6426873326338f84f0a0385c80c92c4b6d3104a7d64c
ADF Faces 12.1.2.0 Cross Site Scripting
Posted Oct 15, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

ADF Faces version 12.1.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1133f9915da8a3cc4eb0ab104e7646e7507625c906b4f85e176f18b9f5a8961c
WordPress WP Google Maps 6.0.26 Cross Site Scripting
Posted Oct 15, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress WP Google Maps plugin version 6.0.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7182
SHA-256 | 52fb61bbb26041254dbeba3e3e018728f75f897f2ffef1a5c26f1bab37fff08e
WordPress MaxButtons 1.26.0 Cross Site Scripting
Posted Oct 15, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress MaxButtons plugin version 1.26.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7181
SHA-256 | 6c85df93e5f41cf643cf32021c2ed932c062bed98447ffc4fda3cdc81e2905af
HP Security Bulletin HPSBUX03139 SSRT101608
Posted Oct 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03139 SSRT101608 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for HP-UX. The vulnerability could be exploited remotely to allow cross-site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
systems | hpux
advisories | CVE-2014-7874
SHA-256 | 07c4253e079338f4909292838d423e212343724eba67e286ae33423a104c1c27
Microsoft Security Bulletin Revision Increment For October, 2014
Posted Oct 15, 2014
Site microsoft.com

This bulletin summary notes that MS14-042 has undergone a major revision increment as of October 14, 2014.

tags | advisory
SHA-256 | 3df56daae8792f81697e00b2e7604f390a145d3b0ec99e76b830a66fce040575
Microsoft Security Bulletin Re-Release For October, 2014
Posted Oct 15, 2014
Site microsoft.com

This bulletin summary lists eight re-released Microsoft security bulletins for October, 2014.

tags | advisory
SHA-256 | d37289ed9aa6a4a4c4a4fccd36a8f90d0fe34ab212b1d44e83249b013b6d720a
Ubuntu Security Notice USN-2373-1
Posted Oct 15, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2373-1 - Bobby Holley, Christian Holler, David Bolter, Byron Campen and Jon Coppeard discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during CSS manipulation. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1585, CVE-2014-1586
SHA-256 | 1a350165d76673a03f43f670144161d532b675d1fd852188e57c0dfa762c9fbc
Debian Security Advisory 3049-1
Posted Oct 15, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3049-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for RTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
SHA-256 | 3d3c45389342bb51a66b6ba545f85ca4301ebde8c2bce45522bd931a463732d5
Red Hat Security Advisory 2014-1636-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1636-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6468, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558, CVE-2014-6562
SHA-256 | 0e4e99699e8366da4b4ef5c7f4a8d7d98e03c00aff69d7ac28b7fec1c3a3e2a0
Red Hat Security Advisory 2014-1634-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1634-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
SHA-256 | ff889b003b294350056f06337bcc49df675acd480cfe9adebf5926206260a7cc
Red Hat Security Advisory 2014-1620-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1620-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
SHA-256 | e42b953beb5349a59d8789d82e00888eadc63967a980ca64c3607073df9c6497
Red Hat Security Advisory 2014-1633-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1633-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity attack against applications using the StAX parser to parse untrusted XML documents.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558
SHA-256 | dbe571c9220e78db49cf806a2546d176a1421fbc369806f3d7a8123e1702ca85
Red Hat Security Advisory 2014-1635-01
Posted Oct 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1635-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583
SHA-256 | 21dd7290d876ef9b6fe753fb1ff1eb5a68116a8fdfeeab3d2622fe8e98771f5a
Indeed Job Search 2.5 Cross Site Scripting
Posted Oct 15, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Indeed Job Search version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3f86932dee76c57b86ada962d3468e644f81549233eb0606159d2edec616535c
PayPal Inc iOS Mobile Application - Banking 4.6.0 Bypass
Posted Oct 15, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

PayPal Inc iOS Mobile Application - Banking version 4.6.0 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
systems | ios
SHA-256 | c3031f6f89c06eb2f3525e774bc37b045042bff0b2d4f2f770c9e5130bd49cb4
PayPal Inc MultiOrderShipping API Filter Bypass / Persistent XML
Posted Oct 15, 2014
Authored by Ateeq ur Rehman Khan, Vulnerability Laboratory | Site vulnerability-lab.com

The PayPal Inc MultiOrderShipping API suffered from filter bypass and persistent XML vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 521c296aa1cb313e3553e81917c43918b8a2f5714e9d191e67ccc9cd8d4daaa8
PayPal Inc Shipping Cross Site Scripting
Posted Oct 15, 2014
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

The PayPal Inc shipping application suffered form a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 62cf9c78f72465c8b7709c86ba0886380d7deec9d88dc5c1ae4870b5dd12d0d4
OpenSSL Security Advisory 20141015
Posted Oct 15, 2014
Site openssl.org

OpenSSL Security Advisory 20141015 - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected. Other issues were also addressed.

tags | advisory, denial of service, memory leak
advisories | CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 7f813dab43819360edd0f61d0861444f45d4c41b0e985a636961e64207acbf57
Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
Posted Oct 15, 2014
Authored by Matt Bergin, Jay Smith | Site metasploit.com

A vulnerability within Microsoft Bluetooth Personal Area Networking module, BthPan.sys, can allow an attacker to inject memory controlled by the attacker into an arbitrary location. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile.

tags | exploit, arbitrary
advisories | CVE-2014-4971
SHA-256 | d94d249bed8485ab2ccc4e373683d6802502b4edd5262cd0b25082323dcef9a7
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close