all things security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2014-12-02

Facebook Graph Search Brute Force
Posted Dec 2, 2014
Authored by rapper crazy

Facebook Graph Search allows you to leverage private phone numbers to mine real users that map to that number.

tags | exploit, info disclosure
systems | linux
MD5 | 5de38437fa6dceaf27e765510222fe65
Ubuntu Security Notice USN-2424-1
Posted Dec 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2424-1 - Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Christian Holler, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Cody Crews discovered a way to trigger chrome-level XBL bindings from web content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1587, CVE-2014-1588, CVE-2014-1589, CVE-2014-1590, CVE-2014-1591, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
MD5 | 0cf1afdd88953e1ecfcbc3cccb37028e
WordPress CM Download Manager 2.0.6 XSS / CSRF
Posted Dec 2, 2014
Authored by Henri Salo

WordPress CM Download Manager plugin versions 2.0.6 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9129
MD5 | 923953dcb5dcc8ca88fc29a42b42e577
IBM Endpoint Manager For Mobile Devices Code Execution
Posted Dec 2, 2014
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secret_token values. With these values, attackers can create valid session cookies containing marshalled objects of their choosing. This can be leveraged to execute arbitrary code when the Ruby on Rails application unmarshals the cookie. Versions prior to 9.0.60100 are affected.

tags | exploit, arbitrary, ruby
advisories | CVE-2014-6140
MD5 | d48ec913477bf214f8cb05c76624104c
Ubuntu Security Notice USN-2430-1
Posted Dec 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2430-1 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-8104
MD5 | ff3a35ca915b9b48d041cf6737d465a9
Debian Security Advisory 3084-1
Posted Dec 2, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3084-1 - Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload.

tags | advisory
systems | linux, debian
advisories | CVE-2014-8104
MD5 | a340da79475a1cbc64cd08d3da713997
Red Hat Security Advisory 2014-1938-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1938-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-7821
MD5 | 914ed8fc89ac371e5d3db204ec3b18f0
Red Hat Security Advisory 2014-1937-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1937-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5615, CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
MD5 | 258897256d091cf915f048c6965432dd
Wix.com Cross Site Scripting
Posted Dec 2, 2014
Authored by Devsec Security

57 million web pages in wix.com suffer from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | e13c62944b144813c66b170e63e27832
Red Hat Security Advisory 2014-1940-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1940-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Galera is a synchronous multi-master cluster for MariaDB. This update fixes several vulnerabilities in the MariaDB database server.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2012-5615, CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559
MD5 | fe1370f350849f546a19318718516e9a
Red Hat Security Advisory 2014-1939-01
Posted Dec 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1939-01 - OpenStack Database is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly and easily utilize the features of a database without the burden of handling complex administrative tasks. Cloud users and database administrators can provision and manage multiple database instances as needed. It was found that the processutils.execute() and strutils.mask_password() functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-7230, CVE-2014-7231
MD5 | 5a4260f35594b024a5a26c80a66a964c
Hack4 Call For Papers
Posted Dec 2, 2014
Authored by dash | Site hack4.org

Hack4 has announced its Call For Papers. It will be held December 29th through the 30th, 2014 in Berlin, Germany.

tags | paper, conference
MD5 | a3510a334032d585806c1f8c82f00d33
less Out Of Bounds Read Access
Posted Dec 2, 2014
Authored by Hanno Boeck | Site hboeck.de

An out of bounds read access in the UTF-8 decoding can be triggered with a malformed file in the tool less.

tags | advisory
MD5 | 85dda24e891f4b59cba49cdb41729e55
SQL Buddy 1.3.3 Remote Code Execution
Posted Dec 2, 2014
Authored by Fady Mohamed Osman

SQL Buddy version 1.3.3 suffers from a code execution vulnerability.

tags | exploit, code execution
MD5 | 28b2e28faa8470a07d6e2e68cc42ca43
IPUX CL5452/CL5132 IP Camera Stack Buffer Overflow
Posted Dec 2, 2014
Authored by LiquidWorm | Site zeroscience.mk

The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.

tags | exploit, overflow, arbitrary, activex
MD5 | 02c64e789da003ccc07cc6e9ec09fe9e
IPUX CS7522/CS2330/CS2030 IP Camera Stack Buffer Overflow
Posted Dec 2, 2014
Authored by LiquidWorm | Site zeroscience.mk

The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.

tags | exploit, overflow, arbitrary, activex
MD5 | 7ae4523a862bb27def6630329d4b58d6
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Posted Dec 2, 2014
Authored by joev, Ian Beer | Site metasploit.com

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has been patched silently in Yosemite.

tags | exploit, overflow, kernel
systems | apple, osx
advisories | CVE-2014-4404
MD5 | 456a9ca66b1cb8d70b22b73cb2510cf9
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close