what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-11-04

Ubuntu Security Notice USN-2397-1
Posted Nov 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2397-1 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2014-4975, CVE-2014-8080
SHA-256 | c6836488ba9b315c0acc9539519ca430c5a9d0acf813d465e7842be1b16a917a
Red Hat Security Advisory 2014-1801-01
Posted Nov 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1801-01 - Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys. A local attacker could potentially use this flaw to execute arbitrary code on the system.

tags | advisory, overflow, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-3675, CVE-2014-3676, CVE-2014-3677
SHA-256 | 0171334d7aa257e314bc0281597d3f19bc1049a94ca6aa0907ff335730228390
CNIL CookieViz Cross Site Scripting / SQL Injection
Posted Nov 4, 2014
Authored by iliketurtles

CNIL CookieViz suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-8351, CVE-2014-8352
SHA-256 | a3ee80db996b5bd9fb995e0f9252847de164ffa783138dbcaa3903ed3c68c427
WordPress Clean And Simple Contact Form 4.4.0 XSS
Posted Nov 4, 2014
Authored by Ajin Abraham

WordPress Clean and Simple contact Form plugin version 4.4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1d91c931536f21ad20aa07da813acd456f8bec8475ff5a7c8e9689ecb7f54ede
Slackware Security Advisory - seamonkey Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | d3c71b025a3b1e6dfc9dadb71847ae462f344b75d906db67740555ed5fb2bc43
Slackware Security Advisory - php Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
SHA-256 | fc542a6844bc71539681d08a215682726893e38cf2a930a49816509dd8a9d931
Slackware Security Advisory - mozilla-firefox Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | ef4f7bec4d928e06aa1985f7624af077f8bba56afdf4aecfc2ea091ad2e74f54
Slackware Security Advisory - mariadb Updates
Posted Nov 4, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-6464, CVE-2014-6469, CVE-2014-6491, CVE-2014-6494, CVE-2014-6496, CVE-2014-6500, CVE-2014-6507, CVE-2014-6555, CVE-2014-6559
SHA-256 | 91b7f27b2b81fcaee5d4e18fe8db2643b728ce24658f2588664513f954765a20
HP Security Bulletin HPSBUX03162 SSRT101767 2
Posted Nov 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03162 SSRT101767 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | c51bd30a7372995a2a077c7720121ca3dfb8254c3036fbf6a8b37926e402e633
FastHealth.com CMS Open Redirect
Posted Nov 4, 2014
Authored by Renzi

FastHealth.com suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | a2ce9258c491432b0530ccb81a9790670dd737647fbbd3a061366430a4c7fa9d
vBulletin 4.2.1 Open Redirect
Posted Nov 4, 2014
Authored by Renzi

vBulletin version 4.2.1 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | caadc2b166f96c7a9221e96f42422bc769f60592be2d4b33103897aa96623519
Ahrareandeysheh CMS Cross Site Scripting
Posted Nov 4, 2014
Authored by IeDb

Ahrareandeysheh CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 063270c0fd80b56b2ba7447565f3a3f480ebdaa112d77f55128ab41aabf7baae
SSLsplit 0.4.9
Posted Nov 4, 2014
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: No longer chroot() to /var/empty by default if run by root, in order to prevent breaking -S and sni proxyspecs (issue #21). Fixed segmentation fault when using -t without a CA. Various other updates.
tags | tool, encryption
SHA-256 | 05c5417a42590ca3bba3ad30881484bc6f8f78aad1a422b3765409428a5e3f06
I2P 0.9.16
Posted Nov 4, 2014
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
SHA-256 | ecf74f36440d02ffe810e9f650adc0dcd959616899d8fc6fe372d5148af0398a
Samhain File Integrity Checker 3.1.3
Posted Nov 4, 2014
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Removed initgroups() from the popen call in unix entropy gatherer. Added error message for update mode if local baseline cannot be found.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | bc02f3202d523737697840ab82b5fdafbf74b5a2901e2a56a23422ccab890b33
EllisLab ExpressionEngine Core SQL Injection
Posted Nov 4, 2014
Authored by Jerzy Kramarz, Alejo Murillo Moyas | Site portcullis-security.com

EllisLab ExpressionEngine Core versions prior to 2.9.0 suffer from multiple authenticated remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-5387
SHA-256 | 54d576bf2854ade7d5e970b099908aa7fdc8da9bbb562477b70e54d0cf8bc273
ImageMagick Out-Of-Bounds Read / Heap Overflow
Posted Nov 4, 2014
Authored by Hanno Boeck | Site hboeck.de

ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.

tags | advisory, overflow
advisories | CVE-2014-8354, CVE-2014-8355, CVE-2014-8561, CVE-2014-8562
SHA-256 | f7f73acba950fe2fcdd7e2d0fba2650f734595e55003788431688a9c2e9377d9
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close