accept no compromises
Showing 1 - 25 of 412 RSS Feed

Files Date: 2014-10-01 to 2014-10-31

F5 Big-IP 11.3.0.39.0 XML External Entity Injection #2
Posted Oct 30, 2014
Authored by Oliver Gruskovnjak | Site portcullis-security.com

F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2014-6033
MD5 | 6982ddb9816c893aa70aa34750f3f3ea
F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1
Posted Oct 30, 2014
Authored by Oliver Gruskovnjak | Site portcullis-security.com

F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2014-6032
MD5 | 9f5e815449dbbfe8d1b5de6b4c756b6c
HP Security Bulletin HPSBUX03159 SSRT101785 2
Posted Oct 30, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03159 SSRT101785 2 - A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 2 of this advisory.

tags | advisory, denial of service, kernel, local
systems | hpux
advisories | CVE-2014-7877
MD5 | 8bf54e04fa36f6add2b4a4ec2dc0c18d
Red Hat Security Advisory 2014-1767-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1767-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
MD5 | 555943fd2ef6e007a4989fffd6c3f246
Red Hat Security Advisory 2014-1768-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1768-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
MD5 | 8e8a532cc1557d48fadcf41e632f111e
Red Hat Security Advisory 2014-1766-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1766-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
MD5 | 7fe38c5e0c8bfb3fe3e7d156b5d99a83
Red Hat Security Advisory 2014-1765-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1765-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function.

tags | advisory, web, overflow, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6712, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-4049, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-5120
MD5 | 8b153dfc0ddc7040e2e1c59c7eef20c3
Red Hat Security Advisory 2014-1764-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1764-01 - The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally.

tags | advisory, web, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-4877
MD5 | ebf725cc8c1e4ec9597f6aac38258b3a
Red Hat Security Advisory 2014-1762-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1762-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. Stored and reflected cross-site scripting flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2014-3654
MD5 | fa0ff553c7fabc0bd518bc20372518c3
Red Hat Security Advisory 2014-1763-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1763-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.

tags | advisory, remote, kernel, local, protocol
systems | linux, redhat
advisories | CVE-2014-0205, CVE-2014-5077
MD5 | ca07233fab2073aabf1d79398b6b0382
Ubuntu Security Notice USN-2395-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2395-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647, CVE-2014-7145
MD5 | 8fbbeaee5ee8e7aac9b434b91c4f9ff6
Ubuntu Security Notice USN-2394-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2394-1 - Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647, CVE-2014-7145
MD5 | 171efda9f71229fa71a1a6bc36f01bc8
Ubuntu Security Notice USN-2393-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2393-1 - HD Moore discovered that Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary files, possibly leading to arbitrary code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
advisories | CVE-2014-4877
MD5 | 4f83b14120590a69b9a21eae5507ed67
Slackware Security Advisory - wget Updates
Posted Oct 30, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-4877
MD5 | fa4b1de7b81c2c5eaa456152ab47d96d
Ubuntu Security Notice USN-2392-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2392-1 - It was discovered that systemd-shim incorrectly shipped with a debugging clause enabled. A local attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2014-8399
MD5 | 098e23d1c1f759ef0b22621db8ae4c53
Debian Security Advisory 3059-1
Posted Oct 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3059-1 - Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-8761, CVE-2014-8762, CVE-2014-8763, CVE-2014-8764
MD5 | 925fd4928e9c3052aa12582b866d1afe
Red Hat Security Advisory 2014-1744-01
Posted Oct 30, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1744-01 - V8 is Google's open source JavaScript engine. It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8. Multiple flaws were discovered in V8. Untrusted JavaScript code executed by V8 could use either of these flaws to crash V8 or, possibly, execute arbitrary code with the privileges of the user running V8.

tags | advisory, remote, overflow, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2013-6639, CVE-2013-6640, CVE-2013-6650, CVE-2013-6668, CVE-2014-1704, CVE-2014-5256
MD5 | f1af5e450e6fdc8f338c2df352090022
Ubuntu Security Notice USN-2391-1
Posted Oct 30, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2391-1 - Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnail function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710
MD5 | 0ba0cca792e56ff2dc76a485f423b2de
MAARCH 1.4 Arbitrary File Upload
Posted Oct 30, 2014
Authored by Adrien Thierry

MAARCH version 1.4 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | ca2b50876ac57a8ccc3e9fdf3042d614
MAARCH 1.4 SQL Injection
Posted Oct 30, 2014
Authored by Adrien Thierry

MAARCH version 1.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 647a4fc392499661bdba82106636557b
IBM Tivoli Monitoring 6.2.2 kbbacf1 Privilege Escalation
Posted Oct 30, 2014
Authored by Robert Jaroszuk

IBM Tivoli Monitoring version 6.2.2 kbbacf1 privilege escalation exploit.

tags | exploit
advisories | CVE-2013-5467
MD5 | 653f2bb6a7913408f4cc0ffc92081cf6
Konke Smart Plug Authentication Bypass
Posted Oct 30, 2014
Authored by zixian, gamehacker

Konke Smart Plug suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2014-7279
MD5 | f850baa81babc49cb3f2addc71c8e0e1
EspoCRM 2.5.2 XSS / LFI / Access Control
Posted Oct 29, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2014-7985, CVE-2014-7986, CVE-2014-7987
MD5 | 6d3526d415f07821621503e79ba586d0
Confluence RefinedWiki Original Theme Cross Site Scripting
Posted Oct 29, 2014
Authored by Manuel Hofer | Site sec-consult.com

Confluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 41ef09eddf4a336af9a4729f9a2db14b
Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection
Posted Oct 29, 2014
Authored by Alexander Antukh, A. Baranov | Site sec-consult.com

Vizensoft admin panel suffers from authentication bypass, cross site scripting, remote shell upload, source code disclosure, missing password policy, and remote SQL injection vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss, sql injection
MD5 | 3dab7cf90e72889148baffe86c7a36ff
Page 1 of 17
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close