what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

Files Date: 2014-12-20

Apple Security Advisory 2014-12-18-1
Posted Dec 20, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-12-18-1 - Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.

tags | advisory
systems | apple
advisories | CVE-2014-9390
MD5 | 9c5f425de5e1ae73fd96e6c3e347d15d
Ubuntu Security Notice USN-2448-2
Posted Dec 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2448-2 - USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
MD5 | a9714f14043ebbd90c277a112cfe2d36
Ubuntu Security Notice USN-2447-2
Posted Dec 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2447-2 - USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, tcp, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7825, CVE-2014-7826, CVE-2014-7970, CVE-2014-8086, CVE-2014-8134, CVE-2014-8369, CVE-2014-9090
MD5 | 03cab965090f0ce4772db75751fe74ab
Varnish Cache CLI Interface Remote Code Execution
Posted Dec 20, 2014
Authored by Patrick Webster | Site metasploit.com

This Metasploit module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords. This Metasploit module will also attempt to read the /etc/shadow root password hash if a valid password is found. It is possible to execute code as root with a valid password, however this is not yet implemented in this module.

tags | exploit, root
advisories | CVE-1999-0502, CVE-2009-2936, OSVDB-67670
MD5 | d65f2e946602f71cbd4d008190d356fe
miniBB 3.1 Blind SQL Injection
Posted Dec 20, 2014
Authored by Kacper Szurek

miniBB version 3.1 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-9254
MD5 | 006d77d258be6fdb49413eae6028b6be
Cacti Superlinks 1.4-2 Code Execution / LFI / SQL Injection
Posted Dec 20, 2014
Authored by Wireghoul

Cacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, sql injection, file inclusion
advisories | CVE-2014-4644
MD5 | e9b1d0f447cd3fb2c12705fe250b0523
NetIQ eDirectory NDS iMonitor 8.8 SP8 / 8.8 SP7 XSS / Memory Disclosure
Posted Dec 20, 2014
Authored by Wolfgang Ettlinger | Site sec-consult.com

NetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-5212, CVE-2014-5213
MD5 | aee8af210596cb47ba67c201dc2dfff7
Mobilis MobiConnect 3G ZDServer 1.0.1.2 Privilege Escalation
Posted Dec 20, 2014
Authored by Hadji Samir | Site vulnerability-lab.com

Mobilis MobiConnect 3G ZDServer version 1.0.1.2 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | ea2fd8510cd3606fa76e1f326a46373a
Codiad 2.4.3 Cross Site Scripting / Local File Inclusion
Posted Dec 20, 2014
Authored by Taurus Omar

Codiad version 2.4.3 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2014-1137
MD5 | d421fbb34046ce50003d4b8aafaf25c8
ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure
Posted Dec 20, 2014
Authored by Taurus Omar

ProjectSend version r561 Ultimate suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2014-1155
MD5 | 13df0fc75be009d95e8dd700412e85ec
Piwigo 2.7.2 Cross Site Scripting / SQL Injection
Posted Dec 20, 2014
Authored by Taurus Omar

Piwigo version 2.7.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-1470
MD5 | 99db80829fe9468a8e9844af05a7b6a0
GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection
Posted Dec 20, 2014
Authored by Taurus Omar

GQ File Manager version 0.2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-1137
MD5 | 31a87aa78617dad826edce3f74545fde
Ettercap 0.8.0 / 0.8.1 Denial Of Service
Posted Dec 20, 2014
Authored by Nick Sampanis

Ettercap versions 0.8.0 and 0.8.1 suffers from multiple denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2014-6395
MD5 | 072cfde7d04b0efa5d382a2eeeafde83
PHP Shell Backdoors
Posted Dec 20, 2014
Authored by KnocKout

This is a brief write up noting javascript backdoors left in common PHP shells.

tags | paper, shell, php, javascript
MD5 | 465a8584e9016e457c0c418a061e0cce
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    2 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close