exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-11-24

Ubuntu Security Notice USN-2415-1
Posted Nov 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2415-1 - Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-7975
MD5 | ecd80db567739de51671dc392f7ba458
AIEngine 1.0
Posted Nov 24, 2014
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: DatabaseAdaptors can be removed and added on execution. Support for SIP protocol. Support for ban HTTPFlows on callbaks using external intelligence. Various other additions.
tags | tool
systems | unix
MD5 | fbc900e7ecd8790e486d99cc4c46c177
Maligno 1.4
Posted Nov 24, 2014
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Code housekeeping. Better organization with /libs. Improved data validation (config and profiles), error detection and error description. Various updates and improvements.
tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | 4cba141829d49cff18cdd11ec5431b37
Ubuntu Security Notice USN-2414-1
Posted Nov 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.

tags | advisory, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2014-8600
MD5 | 094f1b5dabf2558563db7115a0145327
Red Hat Security Advisory 2014-1894-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1894-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2014-7899, CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
MD5 | bae2c8c0b5d3534c17002893dbf6d91d
Gentoo Linux Security Advisory 201411-10
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service. Versions less than 11.13.1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3566, CVE-2014-6610
MD5 | a4be8cd7c735823ac2c0c6f130d0a0f8
Red Hat Security Advisory 2014-1893-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1893-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-0209, CVE-2014-0210, CVE-2014-0211
MD5 | bbeb12ce3b04ff3f19dbb11f25f640b5
Gentoo Linux Security Advisory 201411-08
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-8 - Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service. Versions prior to 1.2_rc1 are affected.

tags | advisory, remote, denial of service, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324
MD5 | 0dc7b5e6c7e0143fa6a4875720ef54ea
Gentoo Linux Security Advisory 201411-09
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-9 - Multiple vulnerabilities have been found in Ansible which may allow local privilege escalation. Versions less than 1.6.8 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-4657, CVE-2014-4678, CVE-2014-4966, CVE-2014-4967
MD5 | a4283525483bc8170ba5d1bc72b1b956
Gentoo Linux Security Advisory 201411-07
Posted Nov 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-7 - A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service. Versions less than or equal to 2.6.39-r1 are affected.

tags | advisory, remote, denial of service
systems | linux, gentoo
advisories | CVE-2013-6466
MD5 | 186fae4827e9e06564096ca380906715
Red Hat Security Advisory 2014-1892-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1892-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 196a3b299dac5d0c1df314666d3ac4e1
Red Hat Security Advisory 2014-1891-01
Posted Nov 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1891-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are fixed with this release: It was discovered that Jakarta Commons HttpClient incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3577
MD5 | 6fd391bf1c7cd93778129576867f79da
Deep Dive Into ROP Payload Analysis
Posted Nov 24, 2014
Authored by Sudeep Singh

This paper introduces the reader to techniques that can be used to analyze ROP payloads that are used in exploits in the wild.

tags | paper
MD5 | 029085537c48f7d6c2f6e96ec1b91b75
CodeMeter Weak Service Permissions
Posted Nov 24, 2014
Authored by Matt Smith, Andrew Smith aka jakx

A local privilege escalation vulnerability has been identified in the codemeter.exe Windows service. When installed with the default settings, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges.

tags | advisory, local
systems | windows
advisories | CVE-2014-8419
MD5 | 8bf98d87de45f491e094c4b1ab0fd17e
PCI/DSS - Are The Controls Relevant?
Posted Nov 24, 2014
Authored by Lokesh Pidawekar

Whitepaper called PCI/DSS - Payment Card Industry / Data Security Standard - Are the controls relevant? This paper goes into detail on risk management plans, policies, standards, and practices.

tags | paper
MD5 | a068761429b05e5c2626f2af801817e1
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close