what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2014-11-20

Ubuntu Security Notice USN-2412-1
Posted Nov 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2412-1 - Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2014-8090
SHA-256 | 01722294a0b313f8e8afdbc85a33a5bbad3769b7586918f6bcfb791c4d0d0ccf
Debian Security Advisory 3075-1
Posted Nov 20, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3075-1 - Two vulnerabilities were discovered in Drupal, a fully-featured content management framework.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-9015, CVE-2014-9016
SHA-256 | 63d4bdbad4a4ce7ba4d2fb743a437a426aa6f86aa2d1044f245f01baa4f1801d
Hikvision DVR RTSP Request Remote Code Execution
Posted Nov 20, 2014
Authored by Mark Schloesser | Site metasploit.com

This Metasploit module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but due to the available test device this module only supports the DS-7204 model.

tags | exploit, remote, overflow
advisories | CVE-2014-4880
SHA-256 | 6b2b9a85fb38d16071b6b342c045ffee4f7eec319cde44c45f5692a33a084002
Advantech WebAccess 7.2 Stack-Based Buffer Overflow
Posted Nov 20, 2014
Authored by Core Security Technologies, Joaquin Rodriguez Varela, Ricardo Narvaj | Site coresecurity.com

Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2014-8388
SHA-256 | f1107baceb903ca53318f0f5735854c6a5130cf3da81f5840dce6c8afe32091a
Advantech EKI-6340 2.05 Command Injection
Posted Nov 20, 2014
Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo, Joaquin Rodriguez Varela, Flavio Cangini | Site coresecurity.com

Core Security Technologies Advisory - Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file.

tags | exploit, remote, arbitrary, cgi
advisories | CVE-2014-8387
SHA-256 | a64726d244d547419fa3a47c114cb81761f6e477ec05f980a3199ab9e0a55aca
Advantech AdamView 4.3 Buffer Overflow
Posted Nov 20, 2014
Authored by Core Security Technologies, Daniel Kazimirow, Joaquin Rodriguez Varela, Fernando Paez | Site coresecurity.com

Core Security Technologies Advisory - Advantech AdamView version 4.3 has two different fields vulnerable to buffer overflow attacks, which can be exploited by attackers in order to execute arbitrary code by running files with the '.gni' extension that is associated with the AdamView software.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-8386
SHA-256 | 4fe10cda753e8e158ce53fcdfbfe4c893a64dbd2105a91b331e4abac8fc4f063
WordPress CM Download Manager 2.0.0 Code Injection
Posted Nov 20, 2014
Authored by Phi Le Ngoc

WordPress CM Download Manager plugin versions 2.0.0 and below suffer from a code injection vulnerability.

tags | exploit
advisories | CVE-2014-8877
SHA-256 | 85816724b146fa7f598695ab683a2371e3a701ba19011ec52740b1d217e59ab4
Mandriva Linux Security Advisory 2014-217
Posted Nov 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-217 - ClamAV 0.98.5 addresses several reported potential security bugs. Certain javascript files causes ClamAV to segfault when scanned with the -a.

tags | advisory, javascript
systems | linux, mandriva
advisories | CVE-2013-6497
SHA-256 | 34d90cc32a544a3c929bee3170979f4f877e9ca2a4c8a7645cb877ec7aae1f39
Mandriva Linux Security Advisory 2014-216
Posted Nov 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-216 - The Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. The updated packages have been upgraded to the latest ZendFramework version which is not vulnerable to this issue.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-8088
SHA-256 | fa7b299f23243117c4d5325a9a21dfaa3642ae63ca4f9d8d4a57c626625d3674
Ubuntu Security Notice USN-2410-1
Posted Nov 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2410-1 - A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-7904, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
SHA-256 | a0eb2e8f1600102c5ce5d378e991cc151504dd74a6f59142caaba94ac7cf77cc
Red Hat Security Advisory 2014-1877-01
Posted Nov 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1877-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 03fd13611ccfc856be5e91a62ee8127d21ba187f8ca92810e9d322950c7c3bc1
Red Hat Security Advisory 2014-1876-01
Posted Nov 20, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1876-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2014-3065, CVE-2014-3566, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558
SHA-256 | 6d221975cabbebbc241b0225aff33a5b993018aaf62f538567c220abef5005dd
PHP 5.5.12 Locale::parseLocale Double Free Memory Corruption
Posted Nov 20, 2014
Authored by John Leitch

PHP version 5.5.12 suffers from a memory corruption vulnerability that could potentially be exploited to achieve remote code execution. The vulnerability exists due to inconsistent behavior in the get_icu_value_internal function of ext\intl\locale\locale_methods.c. In most cases, get_icu_value_internal allocates memory that the caller is expected to free. However, if the first argument, loc_name, satisfies the conditions specified by the isIDPrefix macro (figure 1), and fromParseLocal is true, loc_name itself is returned. If a caller abides by contract and frees the return value of such a call, then the pointer passed via loc_name is freed again elsewhere, a double free occurs.

tags | exploit, remote, php, code execution
systems | linux
SHA-256 | e1dcadb447af1ab80dabe070ca75aed52d71efed2b43a7c6a34d21061054de25
CryptoPHP - Analysis Of A Hidden Threat Inside Popular Content Management Systems
Posted Nov 20, 2014
Authored by Barry Weymes, Maarten van Dantzig, Yonathan Klijnsma, Lennart Haagsma, Yun Zheng Hu

CryptoPHP is a threat that uses backdoored Joomla, WordPress, and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

tags | paper
SHA-256 | c7dfe85cde25dbe5c269bd310b1cfea91ea45e7b76f3c8eb974764ac3d6e7fca
Paid Memberships Pro 1.7.14.2 Path Traversal
Posted Nov 20, 2014
Authored by Kacper Szurek

Paid Memberships Pro version 1.7.14.2 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2014-8801
SHA-256 | 4e6d1b287ebd0d181c3762de6568c6062d1da3e10e5905bef16c7bcb93e2e928
Exploiting Sudo's Grace Period
Posted Nov 20, 2014
Authored by Nicolas Surribas

Whitepaper called Exploiting sudo's grace period. This paper goes into detail on how to leverage sudo's grace period against a user in order to escalate privileges once basic access is achieved on their account.

tags | exploit
SHA-256 | af812d842d2b770a4955b41d5fcdca2671ecab4b58892bc9f9c12e11541e39a7
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close