what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-11-05

Gentoo Linux Security Advisory 201411-01
Posted Nov 5, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-1 - Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code. Versions less than 2.1.2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-1441, CVE-2010-1442, CVE-2010-1443, CVE-2010-1444, CVE-2010-1445, CVE-2010-2062, CVE-2010-2937, CVE-2010-3124, CVE-2010-3275, CVE-2010-3276, CVE-2010-3907, CVE-2011-0021, CVE-2011-0522, CVE-2011-0531, CVE-2011-1087, CVE-2011-1684, CVE-2011-2194, CVE-2011-2587, CVE-2011-2588, CVE-2011-3623, CVE-2012-0023, CVE-2012-1775, CVE-2012-1776, CVE-2012-2396, CVE-2012-3377, CVE-2012-5470, CVE-2012-5855, CVE-2013-1868
SHA-256 | dc80967f563bbb7cad25daadf72cf12d774e1d368369c73dbb4cb2d0f6afafb2
Ubuntu Security Notice USN-2398-1
Posted Nov 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2398-1 - It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3693
SHA-256 | 2d4b12d6493a91f3eaa8006e193e7e2d7759c708a8395f117d5518a2272bbcda
ROP Gadget Tool 5.3
Posted Nov 5, 2014
Authored by Jonathan Salwan

This tool lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation. The gadgets are found on executable segments.

Changes: Fixed some bugs. Added various options such as --all, --multibr, -offset, --rawArch, and --rawMode. Various other updates and additions.
tags | tool
systems | unix
SHA-256 | fb9122139453d8f4446211b8abc04b50ffab8420069b74155ee605f46c1cdf71
Packet Storm New Exploits For October, 2014
Posted Nov 5, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 161 exploits added to Packet Storm in October, 2014.

tags | exploit
systems | linux
SHA-256 | d3984571a8227f9e7d13a88d6671d74cea13cecb585d4ce11eaa50e2afdfa3a3
FreeBSD Security Advisory - ftp Remote Command Execution
Posted Nov 5, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A malicious HTTP server could cause ftp(1) to execute arbitrary commands. When operating on HTTP URIs, the ftp(1) client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not specified. If the output file name provided by the server begins with a pipe ('|'), the output is passed to popen(3), which might be used to execute arbitrary commands on the ftp(1) client machine.

tags | advisory, web, arbitrary
systems | freebsd
advisories | CVE-2014-8517
SHA-256 | 908b41945f4a776313f3f3dbb1964358ed272a66171fc28e7a94977708dbbae3
FreeBSD Security Advisory - Kernel Stack Disclosure
Posted Nov 5, 2014
Site security.freebsd.org

FreeBSD Security Advisory - When setlogin(2) is called while setting up a new login session, the login name is copied into an uninitialized stack buffer, which is then copied into a buffer of the same size in the session structure. The getlogin(2) system call returns the entire buffer rather than just the portion occupied by the login name associated with the session. An unprivileged user can access this memory by calling getlogin(2) and reading beyond the terminating NUL character of the resulting string. Up to 16 (FreeBSD 8) or 32 (FreeBSD 9 and 10) bytes of kernel memory may be leaked in this manner for each invocation of setlogin(2). This memory may contain sensitive information, such as portions of the file cache or terminal buffers, which an attacker might leverage to obtain elevated privileges.

tags | advisory, kernel
systems | freebsd
advisories | CVE-2014-8476
SHA-256 | 23fbb0c0a00923eafb684d61182e85209722ef19a307b518f0e37f0833b833cf
HelpDEZk 1.0.1 Unrestricted File Upload
Posted Nov 5, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

HelpDEZk version 1.0.1 suffers from a remote unrestricted file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2014-8337
SHA-256 | 85479cd2e6c2e25ff9357f6e9ffdb13443ba588c85cf9a0ce5625914b530c690
Forma Lms 1.2.1 Cross Site Scripting
Posted Nov 5, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

Forma Lms version 1.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5257
SHA-256 | a2fd82d89af099cb808bcdd5f234d0f2dc854c7a567c21ee470c8a2d419a4013
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF
Posted Nov 5, 2014
Authored by Pietro Oliva

WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-7958, CVE-2014-7959, CVE-2014-8749
SHA-256 | f48eb2e59a5e952f39b016be11e5ff6296d87aa734b6ee5886bc652f1e3ef960
Softing FG-100 PB Hardcoded Backdoor
Posted Nov 5, 2014
Authored by Daniel Marzin, Johannes Klick, Ingmar Rosenhagen

Softing FG-100 PB comes with a hardcoded root account with a static password that cannot be changed by the administrator.

tags | exploit, root
advisories | CVE-2014-6617
SHA-256 | 22e4763533c7a20fc4e6a7977f464c067e829cdfcf045f51124db5c9ecfc01fd
Softing FG-100 PB Cross Site Scripting
Posted Nov 5, 2014
Authored by Daniel Marzin, Johannes Klick, Ingmar Rosenhagen

Softing FG-100 PB suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-6616
SHA-256 | 013ea4e2345f6f6e6ba59bf7a81af0215b31cb0ee702b3aa4b06d72ed20d06c0
VMWare vmx86.sys Arbitrary Kernel Read
Posted Nov 5, 2014
Authored by Matthew Bergin

A vulnerability within the vmx86 driver allows an attacker to specify a memory address within the kernel and have the memory stored at that address be returned to the attacker. VMWare Workstation version 10.0.0.40273 is affected.

tags | exploit, kernel
SHA-256 | bf4905c643bfb35f7aa1fcf8969c9ca0cce46972723b84fbd81cf253c06f8385
Magento E-Commerce Cross Site Scripting
Posted Nov 5, 2014
Authored by AppCheck

E-Bay has failed to fix six month old cross site scripting issues in Magento E-Commerce.

tags | advisory, xss
SHA-256 | b6103fbae29d2285801cfb9ed7afdf2cb519b2c238e80e901a7808a266bd316e
FreeBSD Security Advisory - sshd Denial Of Service
Posted Nov 5, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Although OpenSSH is not multithreaded, when OpenSSH is compiled with Kerberos support, the Heimdal libraries bring in the POSIX thread library as a dependency. Due to incorrect library ordering while linking sshd(8), symbols in the C library which are shadowed by the POSIX thread library may not be resolved correctly at run time. Note that this problem is specific to the FreeBSD build system and does not affect other operating systems or the version of OpenSSH available from the FreeBSD ports tree. An incorrectly linked sshd(8) child process may deadlock while handling an incoming connection. The connection may then time out or be interrupted by the client, leaving the deadlocked sshd(8) child process behind. Eventually, the sshd(8) parent process stops accepting new connections. An attacker may take advantage of this by repeatedly connecting and then dropping the connection after having begun, but not completed, the authentication process.

tags | advisory
systems | freebsd, osx
advisories | CVE-2014-8475
SHA-256 | 8268d282b64535e24bba05832891f3e53bd3a51e05846e68a5926dd47bf5e566
D-Link DAP-1360 Abuse / Cross Site Request Forgery
Posted Nov 5, 2014
Authored by MustLive

D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 13f055196ecbe9cc753181069533bed0e6bb0ed7dacc0f0f288626122f658c53
Red Hat Security Advisory 2014-1803-01
Posted Nov 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1803-01 - mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash.

tags | advisory, remote, web, info disclosure
systems | linux, redhat
advisories | CVE-2014-8566, CVE-2014-8567
SHA-256 | bace11b023f51bec854dbba74876c1b28bf5a08128b9b8731372afea85f15b8c
Debian Security Advisory 3064-1
Posted Nov 5, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3064-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. It has been decided to follow the stable 5.4.x releases for the Wheezy PHP packages. Consequently the vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.34, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
SHA-256 | 86198ac74581d1b8e64cfabee05b0965d5cbcc64967110b550e4aed43f5368d6
Web-Based Firewall Logging Tool 1.01
Posted Nov 5, 2014
Authored by Bob Hockney | Site webfwlog.sourceforge.net

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

Changes: Fixed issues compiling under cygwin. Various configuration changes made.
tags | tool, web, firewall
systems | linux, windows
SHA-256 | daee4486bc231e8206b8e28723806917c63d00403bd318b83e149d436f28c414
Lynis Auditing Tool 1.6.4
Posted Nov 5, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: New bootloader detection for AIX, new detection of getcap and lsvg binary, and more. Various other changes and improvements.
tags | tool, scanner
systems | unix
SHA-256 | 886c74b591706f896149fe74adb481b58c549d32243d0cf620b46dfdd25dc66d
X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
Posted Nov 5, 2014
Authored by Fernando Munoz, Juan Escobar | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote machine.

tags | exploit, remote, arbitrary, php
SHA-256 | a2b589b509418491b055a24abe22347f72177b3719a6768da42a90f3ad84e5e0
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close