what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2014-12-15

Intrexx Professional 6.0 / 5.2 Cross Site Scripting
Posted Dec 15, 2014
Authored by Christian Schneider | Site christian-schneider.net

Intrexx Professional suffers from a reflective cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2014-2026
SHA-256 | 7e1f202d877049840b07b7d324c3147e199962936a01d0c126c15f3a5a11435e
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass
Posted Dec 15, 2014
Authored by LiquidWorm | Site zeroscience.mk

Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack. Versions 1.3 and 1.4 are affected.

tags | exploit, web, sql injection, bypass
SHA-256 | bb4d5d778f8965b832cb68b53a487a54d03e9cc70ff109a63b91a3be0a4c7653
ActualAnalyzer 'ant' Cookie Command Execution
Posted Dec 15, 2014
Authored by Benjamin Harris | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The 'aa.php' file allows unauthenticated users to execute arbitrary commands in the 'ant' cookie.

tags | exploit, arbitrary, php
SHA-256 | c6579fbbfca38d36e2a6f84933254ca5552f498fbc09c37104f4b62e7c16f695
Red Hat Security Advisory 2014-1995-01
Posted Dec 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
SHA-256 | 6f51d606ff7b3322c666a24390b0422e80a72849656f025ba3acfd45a4c38b2d
Intrexx Professional 6.0 / 5.2 Remote Code Execution
Posted Dec 15, 2014
Authored by Christian Schneider | Site christian-schneider.net

Intrexx Professional suffers from a remote code execution vulnerability via unrestricted file upload.

tags | advisory, remote, code execution, file upload
advisories | CVE-2014-2025
SHA-256 | 14d46b9b3e12c5874cd180eacb54c90d7d73ac9a5b6b818cb3f7c048ffb88fd1
WordPress O2Tweet 0.0.4 CSRF / XSS
Posted Dec 15, 2014
Authored by Manideep K

WordPress O2Tweet plugin version 0.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-9338
SHA-256 | 646d9b986366525995dcfa2c507f57dabe4f6447d31f30262ae75dacdabe5e28
Gentoo Linux Security Advisory 201412-17
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405
SHA-256 | 03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3
Gentoo Linux Security Advisory 201412-16
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-16 - A vulnerability in CouchDB could result in Denial of Service. Versions less than 1.5.1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2014-2668
SHA-256 | 02b20373a08dde3402f59bfb3d6c740876cd2b6091a5d5fbd9a9125427cc73c8
Gentoo Linux Security Advisory 201412-15
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-15 - Two vulnerabilities have been found in MCollective, the worst of which could lead to privilege escalation. Versions less than 2.5.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3248, CVE-2014-3251
SHA-256 | 021c1376b048a79a75436fc37fbfae7da062ca6f643172ebfe5d8e173a30a725
Gentoo Linux Security Advisory 201412-14
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-14 - Two vulnerabilities have been found in Xfig, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 3.2.5c are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4227, CVE-2009-4228
SHA-256 | c4cd03bdfcf2efbcc948e588b676a1e59d0484ec2def017bbefadbc83748ff2c
Mandriva Linux Security Advisory 2014-253
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-253 - It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-8583
SHA-256 | 8336b360e16f0c2a346262a2b65d82bd0d946e35b938fddd29e48042ef43d491
Gentoo Linux Security Advisory 201412-13
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Versions less than 39.0.2171.65 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3195, CVE-2014-3197, CVE-2014-3198, CVE-2014-3199, CVE-2014-3200, CVE-2014-7899, CVE-2014-7900, CVE-2014-7901, CVE-2014-7902, CVE-2014-7903, CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
SHA-256 | 472f37f52920da8f3ab68f22980796eede21209283a155935fc6646773c26c45
Gentoo Linux Security Advisory 201412-30
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-30 - Multiple vulnerabilities have been found in Varnish, the worst of which could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.5 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0345, CVE-2013-4484
SHA-256 | 3cc565ec381a268c4b834de945bc73e3d1b2fdcb65dc933c43c6010c2389a845
Mandriva Linux Security Advisory 2014-242
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2014-9130
SHA-256 | 1a8807c1c97e97b6cf8af38ad94c0f12afed0808ef6f0169b73e64b3b4d7a808
Mandriva Linux Security Advisory 2014-239
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-239 - In libFLAC before 1.3.1, a stack overflow. and a heap overflow. which may result in arbitrary code execution, can be triggered by passing a maliciously crafted.flac file to the libFLAC decoder.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | cbbc26ea5cdb0eb3a0cdbdf8a01c1790ccfa0fedcb1fd4052bff4d93f5841954
Mandriva Linux Security Advisory 2014-243
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-243 - Multiple vulnerabilities has been discovered and corrected in libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service via a long password. Cross-site scripting vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, remote, web, denial of service, arbitrary, php, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2014-9218, CVE-2014-9219
SHA-256 | 2a69f32ae47954054defc2d2e4957f21a079ef6d08cac1df6f4163573d18317d
Mandriva Linux Security Advisory 2014-244
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-244 - Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long fileserver ACL entry. Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption for Kerberos keys, which makes it easier for remote attackers to obtain the service key. The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Buffer overflow in the GetStatistics64 remote procedure call in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service via a crafted statsVersion argument. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1794, CVE-2013-1795, CVE-2013-4134, CVE-2013-4135, CVE-2014-0159
SHA-256 | f0ded20bf2adb359a6b497c84a94616df27c085b24333664b6ab70f9a03960e2
Mandriva Linux Security Advisory 2014-245
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-245 - A flaw was discovered in mutt. A specially crafted mail header could cause mutt to crash, leading to a denial of service condition. The mutt package has been updated to version 1.5.23 and patched to fix this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-9116
SHA-256 | 041c79dcae85964278e5b7ed46bb61331c9b7ba9f5273229324b675b7d00e2af
Mandriva Linux Security Advisory 2014-251
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-251 - It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2013-6435, CVE-2014-8118
SHA-256 | 31f344d63d9baca0e56a33307bf5601a34d328596c0f178547bc7bd8c78ab69a
Mandriva Linux Security Advisory 2014-250
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-250 - Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Additionally, a null pointer dereference in the copyin_link function which could cause a denial of service has also been fixed.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2014-9112
SHA-256 | a8625283ecee460395d8476aec6cc661dd2cb703162b8a3f3d847a5f31745475
Mandriva Linux Security Advisory 2014-249
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-249 - During migration, the values read from migration stream during ram load are not validated. Especially offset in host_from_stream_offset() and also the length of the writes in the callers of the said function. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.

tags | advisory, arbitrary, code execution
systems | linux, redhat, mandriva
advisories | CVE-2014-7840, CVE-2014-8106
SHA-256 | adf1d3e7d2fd271696062fca8f954a2af9753513a585d7bb64bd9f7fcc5d0f55
Mandriva Linux Security Advisory 2014-248
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-248 - Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-9157
SHA-256 | 87aabea0b65c9aaa124ec95d557113deb52f6d9692681c574a524366affbe9f4
Mandriva Linux Security Advisory 2014-247
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-247 - Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, which could lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-9029
SHA-256 | 5d23fe2eeb175480a6aff36ada4175a952b2290341274472507d97c8f7ceface
Gentoo Linux Security Advisory 201412-12
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-12 - Multiple vulnerabilities have been found in D-Bus, possibly resulting in local Denial of Service. Versions less than 1.8.10 are affected.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
advisories | CVE-2014-3477, CVE-2014-3532, CVE-2014-3533, CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639, CVE-2014-7824
SHA-256 | ace5ab63b7a75f393ac56d393383f548a8b397f417ed2529a932894237c3b60f
Mandriva Linux Security Advisory 2014-246
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-246 - Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service. The openvpn packages has been updated to the 2.3.2 version and patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8104
SHA-256 | d68c5a0989fe540e597168036b2e3568179f1806f12dde0333bf499275742a10
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close