Exploit the possiblities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-11-18

Red Hat Security Advisory 2014-1873-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1873-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3633, CVE-2014-3657, CVE-2014-7823
MD5 | 1e840c5a417b85eebc708d019a0feec5
Red Hat Security Advisory 2014-1872-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash.

tags | advisory, remote, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-5077
MD5 | 412a5affe4ddc5f122c7920d48d71540
Microsoft Security Bulletin Re-Release For November, 2014
Posted Nov 18, 2014
Site microsoft.com

This bulletin summary lists one critical bulletin and two revised bulletins for November, 2014.

tags | advisory
MD5 | 63a7e2aea46e6c00f082c303c6b109b7
MINIX 3.3.0 Denial Of Service
Posted Nov 18, 2014
Authored by nitr0us

MINIX versions 3.3.0 and below remote TCP/IP stack denial of service exploit that leverages a malformed TCP option.

tags | exploit, remote, denial of service, tcp
systems | minix
MD5 | 30c9ee52936ca41a929912b4c1174102
HP Security Bulletin HPSBMU03183 2
Posted Nov 18, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03183 2 - A potential security vulnerability has been identified with HP Server Automation and Server Automation Virtual Appliance running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-3566
MD5 | dd590bd9f7cdf11438fd7184f9f382dd
HP Security Bulletin HPSBMU03072 3
Posted Nov 18, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03072 3 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-2623
MD5 | 8be31e43075d027d6486bb8c67b0ea04
Red Hat Security Advisory 2014-1870-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1870-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
MD5 | fb725e6b8cc5d6a5ac65782bdd7d009d
Mandriva Linux Security Advisory 2014-213
Posted Nov 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-213 - Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2014-3707
MD5 | 3299e8957f7cb234146d3ac4c4909298
Mandriva Linux Security Advisory 2014-214
Posted Nov 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-214 - Alban Crequy and Simon McVittie discovered several vulnerabilities On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution.

tags | advisory, arbitrary, local, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824
MD5 | c6bae6f134e2f200080e1228f6931781
Ubuntu Security Notice USN-2411-1
Posted Nov 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2411-1 - Saurav Sengupta discovered that mountall incorrectly handled umask when calling the mount utility, resulting in certain filesystems possibly being mounted with incorrect permissions.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-1421
MD5 | 442d411dd58b6a34ac2266e0323b3c07
PHPFox Cross Site Scripting
Posted Nov 18, 2014
Authored by Wesley Henrique Leite

Administrators of PHPFox can be hit by cross site scripting via malicious user agents planted in the logs.

tags | exploit, xss
MD5 | 12dc5ecf03eb1910210f7cc0680dd5ff
DAVOSET 1.2.3
Posted Nov 18, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added new services into full list of zombies, made a list of web sites which require "http" for target URL and removed non-working services from full list of zombies.
tags | tool, denial of service
MD5 | f41f6d906efdc9eb53ad4a2106476054
Samsung Galaxy KNOX Android Browser Remote Code Execution
Posted Nov 18, 2014
Authored by joev, Andre Moulu | Site metasploit.com

This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4.

tags | exploit, remote, arbitrary, protocol
MD5 | 9f057a9c3dab36565bdf001f5df0f7d1
MantisBT XmlImportExport Plugin PHP Code Injection
Posted Nov 18, 2014
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.

tags | exploit, remote, arbitrary, php
advisories | CVE-2014-7146
MD5 | 3a24e0e940ae20b57789e18c70afbd73
Fwknop Port Knocking Utility 2.6.4
Posted Nov 18, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added a UDP server mode so that SPA packets can be acquired via UDP directly without having to use libpcap. Replaced all popen() and system() calls with execvpe() with no usage of the environment. Added support for firewalld to the fwknopd daemon on RHEL 7 and CentOS 7.
tags | tool, scanner, vulnerability
systems | unix
MD5 | e122e22cf77dc4aa79b26bc343b4a04a
Zoph 0.9.1 Cross Site Scripting / SQL Injection
Posted Nov 18, 2014
Authored by Manuel Garcia Cardenas

Zoph versions 0.9.1 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | e090182024516a6e38347b0a96b7a609
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close