what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-11-10

Ubuntu Security Notice USN-2401-1
Posted Nov 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2401-1 - Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-8483
MD5 | 64a8ad927d18e8447a09f3e3a1043f7f
Red Hat Security Advisory 2014-1836-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1836-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 22aec7a938024b3b92c1a7af3333865f
Red Hat Security Advisory 2014-1835-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1835-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 575c53aae7a6ec1695cafbef7035645e
Red Hat Security Advisory 2014-1834-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1834-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 0b74f413b4145bd2fbb769cf97b26800
Red Hat Security Advisory 2014-1833-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1833-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 014dd92fb7f49ae60b56ca7ad54aef83
Packet Fence 4.5.1
Posted Nov 10, 2014
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a minor release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.5.0 is advised.
tags | tool, remote
systems | unix
MD5 | e1221f8e82cf9e8c6b00bb3e8edd25d0
Monstra 3.0.1 HTTP Response Splitting
Posted Nov 10, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.

tags | exploit, web
MD5 | 6e988b6e78111a3ee34b120d3e7e1c82
Anchor CMS 0.9.2 Header Injection
Posted Nov 10, 2014
Authored by Paulos Yibelo

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.

tags | exploit
advisories | CVE-2014-9182
MD5 | 2d4a2d2524d91e8c13e1ff25457a33ce
ZXDSL 831CII Cross Site Request Forgery
Posted Nov 10, 2014
Authored by Paulos Yibelo

ZXDSL 831CII suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-9027
MD5 | 3f7a681ff157948392797de9eea553e2
IP.Board 3.4.7 SQL Injection
Posted Nov 10, 2014
Authored by secthrowaway

IP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c55334e3719aa9b6dc22fbf247ca38b3
Ubuntu Security Notice USN-2400-1
Posted Nov 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2400-1 - It was discovered that LibreOffice incorrectly handled OLE preview generation. If a user were tricked into opening a crafted document, an attacker could possibly exploit this to embed arbitrary data into documents.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3575
MD5 | b04ac5811360e7475384db2eba273f49
Ubuntu Security Notice USN-2399-1
Posted Nov 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2399-1 - Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may result in sensitive data being incorrectly sent to the remote server.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3707
MD5 | 3d12319c938627dd4bc25d8199f3187b
Debian Security Advisory 3070-1
Posted Nov 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3070-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.

tags | advisory, denial of service, kernel, vulnerability, info disclosure
systems | linux, freebsd, debian
advisories | CVE-2014-3711, CVE-2014-3952, CVE-2014-3953, CVE-2014-8476
MD5 | 0a0b213c5368b4faf80d429fa7ac1d4e
Debian Security Advisory 3069-1
Posted Nov 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3069-1 - Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-3707
MD5 | 54609cc00cd82ca81fd3c4bc2f1c95be
Gentoo Linux Security Advisory 201411-04
Posted Nov 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-4 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.18 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
MD5 | cc9179dc03f8baf33f460fd91a04dd1d
Position Independent / Alphanumeric 64-Bit /bin/sh Shellcode
Posted Nov 10, 2014
Authored by Breaking.Technology

87 bytes small position independent and alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); shellcode.

tags | shellcode
MD5 | 34eeaa84f92a53f33524d81164eb39ea
X3 CMS 0.5.1.1 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 10, 2014
Authored by Nahendra Bhati

X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 4a49ea772d0a5af404cd69a64a83ab27
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close