what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-12-04

JasPer 1.900.1 Buffer Overflow
Posted Dec 4, 2014
Authored by Andrea Barisani, Open Source CERT

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn(). A specially crafted jp2 file, can be used to trigger the overflows. Versions 1.900.1 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-9029
MD5 | e661c4bbb6e9abe2278116196e0c0c2d
PBBoard CMS SQL Injection
Posted Dec 4, 2014
Authored by Tien Tran Dinh

PBBoard CMS version 3.0.1 (updated on 13/09/2014) and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-9215
MD5 | 953419551cfe9a54729a227be0f0b33d
SpoofedMe - Intruding Accounts Using Social Login Providers
Posted Dec 4, 2014
Authored by Roee Hay, Or Peles

In this paper, they authors present an implementation vulnerability found in some popular social login identity providers (including LinkedIn, Amazon and Mydigipass.com) and show how this vulnerability allowed them to impersonate users of third-party websites.

tags | paper
MD5 | b7ac7ad3e6649189ecd29e7c94daf083
Debian Security Advisory 3087-1
Posted Dec 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3087-1 - Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.

tags | advisory
systems | linux, redhat, debian
advisories | CVE-2014-8106
MD5 | 9fa5e58e6cac25293bf5b06e5e40c735
Red Hat Security Advisory 2014-1956-01
Posted Dec 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1956-01 - The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2, and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script, and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-3686
MD5 | a039443d0c92c30d3a2a480755679c3c
Red Hat Security Advisory 2014-1955-01
Posted Dec 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1955-01 - The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally.

tags | advisory, web, arbitrary, code execution, protocol
systems | linux, redhat
advisories | CVE-2014-4877
MD5 | 09c6338744d45875b9f625ecad0b91e5
Debian Security Advisory 3086-1
Posted Dec 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3086-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service, leaking sensitive information from memory or, potentially, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2014-8767, CVE-2014-8769, CVE-2014-9140
MD5 | c2f21f6ce742fe922a9c929df6f48435
Ubuntu Security Notice USN-2431-2
Posted Dec 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2431-2 - USN-2431-1 fixed vulnerabilities in mod_wsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
MD5 | 78390fa9d8a0294613f26f14d69f082b
Red Hat Security Advisory 2014-1959-01
Posted Dec 4, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1959-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-0181
MD5 | ec1d680ae91a00d3b23af979efd95c74
Debian Security Advisory 3090-1
Posted Dec 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3090-1 - Multiple security issues have been found in Iceweasel, Debian's version overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594
MD5 | 49e2e9fbc1e597fb830652c117eb4f60
Debian Security Advisory 3089-1
Posted Dec 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3089-1 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2014-9029
MD5 | 0d27503727ecc59a0ca79eb2db535b65
Ubuntu Security Notice USN-2433-1
Posted Dec 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2433-1 - Steffen Bauch discovered that tcpdump incorrectly handled printing OSLR packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Steffen Bauch discovered that tcpdump incorrectly handled printing GeoNet packets. A remote attacker could use this issue to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8767, CVE-2014-8768, CVE-2014-8769, CVE-2014-9140
MD5 | 2fc1e5b3e3d2875471d98ebd7781afd0
Debian Security Advisory 3088-1
Posted Dec 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3088-1 - Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm, a full virtualization solution on x86 hardware. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.

tags | advisory, x86
systems | linux, redhat, debian
advisories | CVE-2014-8106
MD5 | 65b9a57a42c03c822d02a1a33f6ffc10
Ubuntu Security Notice USN-2432-1
Posted Dec 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2432-1 - Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-6656, CVE-2014-6040, CVE-2014-7817
MD5 | 11a92497d8b0bc7133717b842bac8b9a
Apple Security Advisory 2014-12-3-1
Posted Dec 4, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-12-3-1 - Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 are now available and address cross-origin CSS loading and multiple memory handling vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2014-1748, CVE-2014-4452, CVE-2014-4459, CVE-2014-4465, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475
MD5 | 870a4ecffca99badf7ebc0bfd18c1095
Nmap Port Scanning: A Practical Approach Modified For Better
Posted Dec 4, 2014
Authored by Florian MINDZSEC

This is a whitepaper that goes into detail on the functionality and usage of nmap for portscanning.

tags | paper
MD5 | e56f786be37d0d1207d47d1fbe093f1a
How To Bypass SafeSEH And Stack Cookie Protection
Posted Dec 4, 2014
Authored by Bekir Karul

Whitepaper called How to Bypass SafeSEH and Stack Cookie Protection. Written in Turkish.

tags | paper
MD5 | a81b3008c1f4f90df142d1dc6cb1905c
Advertise With Pleasure! (AWP) 6.6 SQL Injection
Posted Dec 4, 2014
Authored by Robert Cooper

Advertise With Pleasure! (AWP) versions 6.6 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e178b66be3857699e649b874107699ce
Cart66 Lite WordPress Ecommerce 1.5.1.17 SQL Injection
Posted Dec 4, 2014
Authored by Kacper Szurek

Cart66 Lite WordPress Ecommerce version 1.5.1.17 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 8ab5b1acfe8c6500bfa0e5a29a825784
Google Document Embedder 2.5.16 SQL Injection
Posted Dec 4, 2014
Authored by Securely

Google Document Embedder version 2.5.16 suffers from a mysql_real_escape_string bypass SQL injection vulnerability.

tags | exploit, sql injection
MD5 | 608725d1ffefbd905fefc270bfb7a320
Page 1 of 1
Back1Next

File Archive:

November 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    19 Files
  • 2
    Nov 2nd
    25 Files
  • 3
    Nov 3rd
    8 Files
  • 4
    Nov 4th
    7 Files
  • 5
    Nov 5th
    24 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    106 Files
  • 11
    Nov 11th
    19 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    12 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    12 Files
  • 19
    Nov 19th
    4 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    14 Files
  • 24
    Nov 24th
    19 Files
  • 25
    Nov 25th
    4 Files
  • 26
    Nov 26th
    1 Files
  • 27
    Nov 27th
    4 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close