what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-11-10

Ubuntu Security Notice USN-2401-1
Posted Nov 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2401-1 - Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-8483
SHA-256 | 415a376ad65148e85810d24f42aaefd9bc889ce070aa07c87b73504b2172a186
Red Hat Security Advisory 2014-1836-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1836-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | 8d9a8727833060342b3f8edd5ac10693285691bfa1a25dffd384ca4ec9ca055e
Red Hat Security Advisory 2014-1835-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1835-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | 34ebf02b86bcfadf0dda911f6cfe8461ad07a2197b7f98e263769eeda7c4badf
Red Hat Security Advisory 2014-1834-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1834-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | 9a709e37af3cd03c5bec21c6eb01972b58c86cf4e2eba3b2061cc23171fb3001
Red Hat Security Advisory 2014-1833-01
Posted Nov 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1833-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, java, web, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | c8e06ab40cb432221b15620ffd9997b1b168d8488e421d284b4d65d3f0834c47
Packet Fence 4.5.1
Posted Nov 10, 2014
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a minor release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from 4.5.0 is advised.
tags | tool, remote
systems | unix
SHA-256 | a34e45efe221ca9a4a7f0ed2582bf42715795a93ca4ff9bdfb31ac1e494bff5a
Monstra 3.0.1 HTTP Response Splitting
Posted Nov 10, 2014
Authored by Paulos Yibelo

Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | 333a7cbaeed3cb481b4ccd4a7866dfecf3b66efe774dfea04879157048aaa69e
Anchor CMS 0.9.2 Header Injection
Posted Nov 10, 2014
Authored by Paulos Yibelo

Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.

tags | exploit
advisories | CVE-2014-9182
SHA-256 | d1627d2ea7402acbd8c551b616bb1440bb991963b32d178d425ebbb7de626061
ZXDSL 831CII Cross Site Request Forgery
Posted Nov 10, 2014
Authored by Paulos Yibelo

ZXDSL 831CII suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2014-9027
SHA-256 | 843e8f18a1aecb19a3193b0c21a2f4b43254e1c19a3543a86ca96e33f9b2994a
IP.Board 3.4.7 SQL Injection
Posted Nov 10, 2014
Authored by secthrowaway

IP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1029fca8f5a270ef99408d415c08dcdd94232176b52896c8e45f98f4907417f9
Ubuntu Security Notice USN-2400-1
Posted Nov 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2400-1 - It was discovered that LibreOffice incorrectly handled OLE preview generation. If a user were tricked into opening a crafted document, an attacker could possibly exploit this to embed arbitrary data into documents.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-3575
SHA-256 | 6c4919230f6fe12246afa2c2e7e22f959cc3020a7b3c1ecca6650a558e522110
Ubuntu Security Notice USN-2399-1
Posted Nov 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2399-1 - Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may result in sensitive data being incorrectly sent to the remote server.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-3707
SHA-256 | 1a2034fba6c877540576f0bf59130ff57460fde869849e6027a5d3701378b157
Debian Security Advisory 3070-1
Posted Nov 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3070-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.

tags | advisory, denial of service, kernel, vulnerability, info disclosure
systems | linux, freebsd, debian
advisories | CVE-2014-3711, CVE-2014-3952, CVE-2014-3953, CVE-2014-8476
SHA-256 | 35934d202298475350a39abfefbd1bbc283d954535307ddb4cbccb516374b025
Debian Security Advisory 3069-1
Posted Nov 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3069-1 - Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation.

tags | advisory, web
systems | linux, debian
advisories | CVE-2014-3707
SHA-256 | c03b6bf995b681849b2ff96dffa2fda79c2d1a2cc8504f28055c343634166b7e
Gentoo Linux Security Advisory 201411-04
Posted Nov 10, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-4 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.18 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
SHA-256 | 69241b95bfe0e52a9fd325dac3627d4dcdfe17f01058fb0a4fc522e165b0d45f
Position Independent / Alphanumeric 64-Bit /bin/sh Shellcode
Posted Nov 10, 2014
Authored by Breaking.Technology

87 bytes small position independent and alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); shellcode.

tags | shellcode
SHA-256 | e1d1bfc09c2a1228a04d049674175d98a8bf646ec605a86ae7016e728e8e2c16
X3 CMS 0.5.1.1 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 10, 2014
Authored by Nahendra Bhati

X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | c0f412e75d49e1016a81bfc9b778be1b4b23e45e968f63e05b4d8159c3fdf6cc
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    12 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close