what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-11-24

Ubuntu Security Notice USN-2415-1
Posted Nov 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2415-1 - Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7975
SHA-256 | 3e554180c5667d7aacf3d3bc2f65d9975859566575d57d2d4037816b562f4ffb
AIEngine 1.0
Posted Nov 24, 2014
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: DatabaseAdaptors can be removed and added on execution. Support for SIP protocol. Support for ban HTTPFlows on callbaks using external intelligence. Various other additions.
tags | tool
systems | unix
SHA-256 | 6945c8b7b78542cfaf46890b63dd1127694db6dc04e83d82d95dd78d39742c30
Maligno 1.4
Posted Nov 24, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Code housekeeping. Better organization with /libs. Improved data validation (config and profiles), error detection and error description. Various updates and improvements.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | fa89fc4db07adae9b26ac9bbc6dcf3e0bf8f4d61f07500bb8fb320d6943315a8
Ubuntu Security Notice USN-2414-1
Posted Nov 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2014-8600
SHA-256 | a8e4d35135b503e43f7c352287cd61c345c6b291c09a386e9b98a354fd84ea40
Red Hat Security Advisory 2014-1894-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1894-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-7899, CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
SHA-256 | 02987fb0dfe645698c6602689bde5f7ba35b81d62886d20d882c078fe28b3eff
Gentoo Linux Security Advisory 201411-10
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service. Versions less than 11.13.1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3566, CVE-2014-6610
SHA-256 | 8cb3b44b05c040b60ed10a544ecb9a25244ce0962746f4d7d96926bcca8015f3
Red Hat Security Advisory 2014-1893-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1893-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
SHA-256 | ba93cba4862f795071c932fc3c43b83e32cbef7456e8542d73f4034f3242c7cb
Gentoo Linux Security Advisory 201411-08
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-8 - Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service. Versions prior to 1.2_rc1 are affected.

tags | advisory, remote, denial of service, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324
SHA-256 | 642f3d924ae079e3b509f1421890b09bd3d9ddf87237d95d6d6cb5a9eded2604
Gentoo Linux Security Advisory 201411-09
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-9 - Multiple vulnerabilities have been found in Ansible which may allow local privilege escalation. Versions less than 1.6.8 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-4657, CVE-2014-4678, CVE-2014-4966, CVE-2014-4967
SHA-256 | 2864926da3458a61d02dbe8623f01598e75752b681274d074fedc48f55914d2f
Gentoo Linux Security Advisory 201411-07
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-7 - A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service. Versions less than or equal to 2.6.39-r1 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2013-6466
SHA-256 | a42a973e98382c25ce8f2f55f8d1cc8e767f20f6c33222680bbb0f05b22722b6
Red Hat Security Advisory 2014-1892-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1892-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | 4f5d88b23ad47c15d92aa56c346f2979074c221f17729cbe994092b16ae9f700
Red Hat Security Advisory 2014-1891-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1891-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: It was discovered that Jakarta Commons HttpClient incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
SHA-256 | b592f8c8ee96a54967e2557353405052d49c187fecc92e620bc4dcf46ba2f8be
Deep Dive Into ROP Payload Analysis
Posted Nov 24, 2014
Authored by Sudeep Singh

This paper introduces the reader to techniques that can be used to analyze ROP payloads that are used in exploits in the wild.

tags | paper
SHA-256 | c59fd17c7b2afac02c08d3a8f60019731e7b3883890d412fa57a5ba5782de8a7
CodeMeter Weak Service Permissions
Posted Nov 24, 2014
Authored by Matt Smith, Andrew Smith aka jakx

A local privilege escalation vulnerability has been identified in the codemeter.exe Windows service. When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges.

tags | advisory, local
systems | windows
advisories | CVE-2014-8419
SHA-256 | cc5d65935bbbef89a934423df07e12fdb85bb3c9bddcdf415a89cc055a1ac021
PCI/DSS - Are The Controls Relevant?
Posted Nov 24, 2014
Authored by Lokesh Pidawekar

Whitepaper called PCI/DSS - Payment Card Industry / Data Security Standard - Are the controls relevant? This paper goes into detail on risk management plans, policies, standards, and practices.

tags | paper
SHA-256 | 87590eb0d7c29454d5794747d95845ac7e822c0e4b7489dd10961f7ebed0e6b3
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close