exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-11-18

Red Hat Security Advisory 2014-1873-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1873-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-3633, CVE-2014-3657, CVE-2014-7823
SHA-256 | 926fc0cc610c6630f02ce4257be003e8e729f64fc84448045e963d1964416a7a
Red Hat Security Advisory 2014-1872-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1872-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash.

tags | advisory, remote, kernel, protocol
systems | linux, redhat
advisories | CVE-2014-5077
SHA-256 | 54407e6e9d70167a75066e417334ef0ce14148e42cf5071246c5480fab521ac3
Microsoft Security Bulletin Re-Release For November, 2014
Posted Nov 18, 2014
Site microsoft.com

This bulletin summary lists one critical bulletin and two revised bulletins for November, 2014.

tags | advisory
SHA-256 | 4aced037c747d3df6acb8046188592f6842998bc6bb7ab3e901046c2cd2f4d04
MINIX 3.3.0 Denial Of Service
Posted Nov 18, 2014
Authored by nitr0us

MINIX versions 3.3.0 and below remote TCP/IP stack denial of service exploit that leverages a malformed TCP option.

tags | exploit, remote, denial of service, tcp
systems | minix
SHA-256 | 78ee0c01b3e508a77897e2ea4fdd9158a72765371532e2e44e2c9e95e2de9827
HP Security Bulletin HPSBMU03183 2
Posted Nov 18, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03183 2 - A potential security vulnerability has been identified with HP Server Automation and Server Automation Virtual Appliance running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | 50dd42f8950f74ed5fcdb76107b4f0688854540b1ea9bbfc9deac8b085470f94
HP Security Bulletin HPSBMU03072 3
Posted Nov 18, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03072 3 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 3 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2014-2623
SHA-256 | 9da173f7d13011376d0325bd705cfe274d3cffca255633d7ed17afa810ba7d20
Red Hat Security Advisory 2014-1870-01
Posted Nov 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1870-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
SHA-256 | 885638c25a72e72e94fdb8647725e8bcfa62cd8fcad0298052f24efe4e1b7425
Mandriva Linux Security Advisory 2014-213
Posted Nov 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-213 - Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be used in that order, and then the duplicate handle must be used to perform the HTTP POST. The curl command line tool is not affected by this problem as it does not use this sequence.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2014-3707
SHA-256 | 8c2f22fbf0bceec13557eb8ebed885169b49b44a5f993d69f6abfee0dd58fea5
Mandriva Linux Security Advisory 2014-214
Posted Nov 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-214 - Alban Crequy and Simon McVittie discovered several vulnerabilities On 64-bit platforms, file descriptor passing could be abused by local users to cause heap corruption in dbus-daemon, leading to a crash, or potentially to arbitrary code execution.

tags | advisory, arbitrary, local, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824
SHA-256 | f18c3638c62248de6d67a047b0c027faf904613ac8a45ce27c1d8bbe02610f6b
Ubuntu Security Notice USN-2411-1
Posted Nov 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2411-1 - Saurav Sengupta discovered that mountall incorrectly handled umask when calling the mount utility, resulting in certain filesystems possibly being mounted with incorrect permissions.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-1421
SHA-256 | f8ef497221bf050da40793b4cf901875127827eacb1b9e2d4b7d4e5c94f0ac6e
PHPFox Cross Site Scripting
Posted Nov 18, 2014
Authored by Wesley Henrique Leite

Administrators of PHPFox can be hit by cross site scripting via malicious user agents planted in the logs.

tags | exploit, xss
SHA-256 | 166039ec499dbd3cdcc027d78b3c0737c34a6e0b31547ef2159dc41ac1da1b7c
DAVOSET 1.2.3
Posted Nov 18, 2014
Authored by MustLive

DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Changes: Added new services into full list of zombies, made a list of web sites which require "http" for target URL and removed non-working services from full list of zombies.
tags | tool, denial of service
SHA-256 | 197a8c8d58ffb53d20d8601521070388732c1456b060f8d0da124e7982496681
Samsung Galaxy KNOX Android Browser Remote Code Execution
Posted Nov 18, 2014
Authored by joev, Andre Moulu | Site metasploit.com

This Metasploit module exploits a vulnerability that exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, and Ace 4.

tags | exploit, remote, arbitrary, protocol
SHA-256 | 03a3f71c2c2fa9fd0b119371b2d55e432974a0922073ac802b493949e3fd1f34
MantisBT XmlImportExport Plugin PHP Code Injection
Posted Nov 18, 2014
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.

tags | exploit, remote, arbitrary, php
advisories | CVE-2014-7146
SHA-256 | 48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9
Fwknop Port Knocking Utility 2.6.4
Posted Nov 18, 2014
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: Added a UDP server mode so that SPA packets can be acquired via UDP directly without having to use libpcap. Replaced all popen() and system() calls with execvpe() with no usage of the environment. Added support for firewalld to the fwknopd daemon on RHEL 7 and CentOS 7.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 17d4345d3e61adaa10c443fde75200dc8279ba7180a7f5276fadd5dba3e82f11
Zoph 0.9.1 Cross Site Scripting / SQL Injection
Posted Nov 18, 2014
Authored by Manuel Garcia Cardenas

Zoph versions 0.9.1 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 54a6fe4b6e4670661d2c833d2cc62904c8db60dbd7add953a922e7c519a28313
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close