what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files Date: 2014-10-21

TOR Virtual Network Tunneling Tool 0.2.4.25
Posted Oct 21, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 454744ebff5033ae353f2dd6b1bc425e
Red Hat Security Advisory 2014-1677-01
Posted Oct 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1677-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
MD5 | e140a4f568404fb4abf8b17106549893
Red Hat Security Advisory 2014-1676-01
Posted Oct 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1676-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432
MD5 | 2881d608325aeb5e2ad1c295e117ee2c
FileBug 1.5.1 Directory Traversal
Posted Oct 21, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

FileBug version 1.5.1 suffers from a directory traversal vulnerability.

tags | exploit
MD5 | 8670025f6010f6f08e39b3f13b5758a9
Files Document And PDF 2.0.2 Command Execution / Local File Inclusion
Posted Oct 21, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Files Document and PDF version 2.0.2 suffers from a local file inclusion and multiple command execution vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
MD5 | b476750dbdb0780ce014e93da8b6c1c7
WordPress Database Manager 2.7.1 Command Injection / Credential Leak
Posted Oct 21, 2014
Authored by Larry W. Cashdollar

WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2014-8334, CVE-2014-8335
MD5 | 1799959145bdbf7533d5e556922207ee
Incredible PBX 11 2.0.6.5.0 Remote Command Execution
Posted Oct 21, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Incredible PBX 11 version 2.0.6.5.0 suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 23599f72a7f029812aa594e8a86d37b5
HP Security Bulletin HPSBUX03150 SSRT101681
Posted Oct 21, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03150 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
systems | hpux
advisories | CVE-2013-4248, CVE-2013-4286, CVE-2013-6438, CVE-2014-0075, CVE-2014-0098, CVE-2014-0099, CVE-2014-3981
MD5 | 629793f0062e5ffce71d639497825420
Mandriva Linux Security Advisory 2014-199
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-199 - Updated perl and perl-Data-Dumper packages fixes security The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. The Data::Dumper module bundled with perl and the perl-Data-Dumper packages has been updated to fix this issue.

tags | advisory, denial of service, perl
systems | linux, mandriva
advisories | CVE-2014-4330
MD5 | 7378f2ab1a911ae12fb18612b875a533
Mandriva Linux Security Advisory 2014-198
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-198 - MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specificed CSS in certain special pages.

tags | advisory, javascript, xss
systems | linux, mandriva
advisories | CVE-2014-7199, CVE-2014-7295
MD5 | d2e374028142e4024b2a82786253e5cf
Mandriva Linux Security Advisory 2014-197
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-197 - Python before 2.7.8 is vulnerable to an integer overflow in the buffer type.

tags | advisory, overflow, python
systems | linux, mandriva
advisories | CVE-2014-7185
MD5 | 7986f6703dd61ef027d40fc9ba44940c
Mandriva Linux Security Advisory 2014-196
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-196 - Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3634, CVE-2014-3683
MD5 | bc71ee977c31c21f1dda2e7cadd4a18b
Slackware Security Advisory - openssh Updates
Posted Oct 21, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-2653
MD5 | 73da44b563871c7248ad81c46fd35e9a
Mandriva Linux Security Advisory 2014-201
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-201 - Multiple vulnerabilities has been found and corrected in the Linux kernel. These include stack-based buffer overflows and denial of service issues.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2014-3122, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3534, CVE-2014-3601, CVE-2014-5077, CVE-2014-5206, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-7975
MD5 | e2c8be1ff54f319695bb141c8d45d659
Mandriva Linux Security Advisory 2014-200
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-200 - If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group. An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting. During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information.

tags | advisory, xss
systems | linux, mandriva
advisories | CVE-2014-1571, CVE-2014-1572, CVE-2014-1573
MD5 | 63ed1d6f3442998d5f4aec149ef68340
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
Posted Oct 21, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

tags | exploit, web, arbitrary, root, code execution, asp, file upload
advisories | CVE-2014-4872
MD5 | 406dc97f0e83abf8ccd024baffb6b4d8
Joomla Akeeba Kickstart Unserialize Remote Code Execution
Posted Oct 21, 2014
Authored by Johannes Dahse | Site metasploit.com

This Metasploit module exploits a vulnerability found in Joomla! through 2.5.25, 3.2.5 and earlier 3.x versions and 3.3.0 through 3.3.4 versions. The vulnerability affects the Akeeba component, which is responsible for Joomla! updates. Nevertheless it is worth to note that this vulnerability is only exploitable during the update of the Joomla! CMS.

tags | exploit
advisories | CVE-2014-7228
MD5 | 5f228707a898ef7eeb598bb3c11f583c
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
Posted Oct 21, 2014
Authored by Aniway, juan vazquez | Site metasploit.com

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

tags | exploit, arbitrary, perl, tcp
systems | linux, windows, centos
MD5 | 97b7fba08bd2896683e6299d64a0465b
Windows OLE Package Manager SandWorm Exploit
Posted Oct 21, 2014
Authored by Vlad Ovtchinikov

Proof of concept exploit builder for the OLE flaw in packager.dll.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2014-4114
MD5 | d1816b02b94180506d6c877603529cd0
Asterisk Project Security Advisory - AST-2014-011
Posted Oct 21, 2014
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffered from the SSL POODLE vulnerability.

tags | advisory
advisories | CVE-2014-3566
MD5 | a170a03fa9b649c31b8476187a9185fb
Apple Security Advisory 2014-10-20-2
Posted Oct 21, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-20-2 - Apple TV 7.0.1 is now available and addresses bluetooth and SSL 3.0 related security vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-3566, CVE-2014-4428
MD5 | b0bf0e202e347e5831ab3bdbb0750f61
Apple Security Advisory 2014-10-20-1
Posted Oct 21, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-10-20-1 - iOS 8.1 is now available and addresses bluetooth, insufficient cryptographic protection, and various other vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-3566, CVE-2014-4428, CVE-2014-4448, CVE-2014-4449, CVE-2014-4450
MD5 | a612f2f6ae0bdada003c58add73b5b0f
LiteCart 1.1.2.1 Cross Site Scripting
Posted Oct 21, 2014
Authored by Onur YILMAZ | Site netsparker.com

LiteCart version 1.1.2.1 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-7183
MD5 | 58235304878df1dc903c1bdc833cd172
Debian Security Advisory 3054-1
Posted Oct 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3054-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
MD5 | b2183423facfcd0ce27bcc8b4722abe8
Red Hat Security Advisory 2014-1671-01
Posted Oct 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1671-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon.

tags | advisory, remote, local, tcp
systems | linux, redhat
advisories | CVE-2014-3634
MD5 | 4272aebd398d91e2df683975dd97d381
Page 1 of 2
Back12Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close