what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-01-12

Red Hat Security Advisory 2015-0035-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0035-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-8126
SHA-256 | 3c1f125f97bc88b4deed7f3ff819084519c1bfeee969557e24c33dd6ea243241
Red Hat Security Advisory 2015-0036-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0036-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-8126
SHA-256 | f40e14038cebb1e9e5adddbc4aaf0976e70afd1097711d9a9f5a1ddf3e8e9d38
Debian Security Advisory 3126-1
Posted Jan 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3126-1 - It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file.

tags | advisory, php
systems | linux, debian
SHA-256 | 332588a9bfee14ff81a558411e41a3e853aee8ae73cf738d3aff8db20486318d
Ubuntu Security Notice USN-2459-1
Posted Jan 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2459-1 - Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
SHA-256 | 6f00b72626b6f68f0c06341bf3ac10a1e5f66a900767d453b7c8cff5bbe8ebf0
Red Hat Security Advisory 2015-0033-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0033-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. This update introduces Red Hat Satellite 5.7.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-7811, CVE-2014-7812
SHA-256 | d528679ee7a0b10f41c97597e1bb4c7921846eaf0208cdc258816d9a0a2eaf9b
Red Hat Security Advisory 2015-0034-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0034-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2014-0058, CVE-2014-0171
SHA-256 | 1e007824be21106fc9af7fd5ea1906181d5d2596e02ecaa7ab88f6e0c2a9bdde
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Posted Jan 12, 2015
Authored by Pietro Oliva

WordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7956, CVE-2014-7957
SHA-256 | 0d05523785cc3c3d6afe4c0cd58b19ca76dd69c34245e15bfa829cfa9677b80d
Lexmark MarkVision Enterprise Arbitrary File Upload
Posted Jan 12, 2015
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-8741
SHA-256 | 1983d15e14382b842439b7a8129d4ce859b00fbd289876ecee0e865564af878c
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
Posted Jan 12, 2015
Authored by sinn3r | Site metasploit.com

This Metasploit module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This Metasploit module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.

tags | exploit
systems | windows
advisories | OSVDB-88118
SHA-256 | 4f82b9e9bf5035178dee3ab985bc03afde702dd4e7ca3f166360be5aa2dd3474
WordPress WP Symposium 14.11 Shell Upload
Posted Jan 12, 2015
Authored by Claudio Viviani | Site metasploit.com

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
SHA-256 | 42ecbf4669c89af75d07968bac4f2e5509c6bb5b265890feae2edd0dd0629e00
Mandriva Linux Security Advisory 2015-022
Posted Jan 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-022 - Updated wireshark packages fix security vulnerabilities. The DEC DNA Routing Protocol dissector could crash. The SMTP dissector could crash. Wireshark could crash while decrypting TLS/SSL sessions.

tags | advisory, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2015-0562, CVE-2015-0563, CVE-2015-0564
SHA-256 | 589db02383c5c6ddf52afd78d380fd591cb3edd780d9de5b17bbaf8f9ccb57f3
Mandriva Linux Security Advisory 2015-021
Posted Jan 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-021 - When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2014-8150
SHA-256 | 4b472d23ffe86225843d6b67f6add7d503f380ffb5318312c90de3a21fb359dd
Mandriva Linux Security Advisory 2015-020
Posted Jan 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-020 - Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-8132
SHA-256 | fd1ce300a03a1ae7c8aa5b610766951094c2ada644a79a3933187761ebedfe3f
Debian Security Advisory 3125-1
Posted Jan 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3125-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
SHA-256 | 6915b9bc098527210f3f8ac74779674ad2abd9a6f7a5d955ce9f880e9dc19e35
Debian Security Advisory 3124-1
Posted Jan 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3124-1 - Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.

tags | advisory
systems | linux, debian
advisories | CVE-2014-9324
SHA-256 | 7bbeb782b4332cf7eba5793171a4bba0a05ee1778c7d6bff699dabf4b2b6ecbf
HP Security Bulletin HPSBOV03227
Posted Jan 12, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03227 - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-3556, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
SHA-256 | 388383b2c3d37ee3b91f78f91d186afc077b8a7f693178ebf43e1ddcc4d0db88
Maligno 1.5
Posted Jan 12, 2015
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Adjustments to server and client HTTP request headers for improved adversary replication, invocation of socks4a auxiliary module migrated from msfcli to msfconsole, other minor fixes.
tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 43f36f577dec1520eff727da3da49af10f27705a92d3ecf435b6d6c1ff4a669a
ZTE Datacard MF180 Privilege Escalation / DLL Hijacking
Posted Jan 12, 2015
Authored by Hadji Samir

ZTE Datacard MF180 suffers from privilege escalation and DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
SHA-256 | 61549ca54b62be8573a682ec61570172bcfc6079ecb46713ff0cf356b3781bbc
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close