Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2015-01-12

Red Hat Security Advisory 2015-0035-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0035-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-8126
MD5 | f2551f40b053d38567c0f5f09f52288d
Red Hat Security Advisory 2015-0036-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0036-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. This issue was discovered by Florian Weimer of Red Hat Product Security.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2014-8126
MD5 | db0fef7386f7516dfce811ab3b6abe6c
Debian Security Advisory 3126-1
Posted Jan 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3126-1 - It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file.

tags | advisory, php
systems | linux, debian
MD5 | 7719e900f6ef14fd4bf329640b855729
Ubuntu Security Notice USN-2459-1
Posted Jan 12, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2459-1 - Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
MD5 | 17f7fbaa79a754d764ac4661753b8c80
Red Hat Security Advisory 2015-0033-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0033-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. This update introduces Red Hat Satellite 5.7.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-7811, CVE-2014-7812
MD5 | 9dd93c357eba46eac2dccaab2381a9df
Red Hat Security Advisory 2015-0034-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0034-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2014-0058, CVE-2014-0171
MD5 | 750e53ff1c27692e06dbd0a901c09a28
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Posted Jan 12, 2015
Authored by Pietro Oliva

WordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7956, CVE-2014-7957
MD5 | 8393d28eee39aab2c860fcfbd03f64d2
Lexmark MarkVision Enterprise Arbitrary File Upload
Posted Jan 12, 2015
Authored by Andrea Micalizzi, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2014-8741
MD5 | cd1e925244f475f400459c44ff459365
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
Posted Jan 12, 2015
Authored by sinn3r | Site metasploit.com

This Metasploit module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This Metasploit module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.

tags | exploit
systems | windows, 7
advisories | OSVDB-88118
MD5 | 01b957cce66f751708896b6c29334a0f
WordPress WP Symposium 14.11 Shell Upload
Posted Jan 12, 2015
Authored by Claudio Viviani | Site metasploit.com

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.

tags | exploit, remote, web, arbitrary, php
MD5 | 309dbdb413d8a101edf6ade1cf18c136
Mandriva Linux Security Advisory 2015-022
Posted Jan 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-022 - Updated wireshark packages fix security vulnerabilities. The DEC DNA Routing Protocol dissector could crash. The SMTP dissector could crash. Wireshark could crash while decrypting TLS/SSL sessions.

tags | advisory, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2015-0562, CVE-2015-0563, CVE-2015-0564
MD5 | 260614505a954eab2f7625dd270e6aad
Mandriva Linux Security Advisory 2015-021
Posted Jan 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-021 - When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2014-8150
MD5 | ec50ed3647405ba23edf08d63fbd6d59
Mandriva Linux Security Advisory 2015-020
Posted Jan 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-020 - Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-8132
MD5 | 0ea20165ec79ee01134b2f79d6b59740
Debian Security Advisory 3125-1
Posted Jan 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3125-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
MD5 | b1a6186e548b5fe5d3180140b3146009
Debian Security Advisory 3124-1
Posted Jan 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3124-1 - Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.

tags | advisory
systems | linux, debian
advisories | CVE-2014-9324
MD5 | ff4ce6bdefe5a09f2d4e8a63b7ce199a
HP Security Bulletin HPSBOV03227
Posted Jan 12, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03227 - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2014-3556, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
MD5 | 6ddaee2c4bf99afccbef50d127ae3605
Maligno 1.5
Posted Jan 12, 2015
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changes: Adjustments to server and client HTTP request headers for improved adversary replication, invocation of socks4a auxiliary module migrated from msfcli to msfconsole, other minor fixes.
tags | tool, web, scanner, shellcode, python
systems | unix
MD5 | fc5e11cdc86e2b9703da16dfea448edc
ZTE Datacard MF180 Privilege Escalation / DLL Hijacking
Posted Jan 12, 2015
Authored by Hadji Samir

ZTE Datacard MF180 suffers from privilege escalation and DLL hijacking vulnerabilities.

tags | exploit, vulnerability
systems | windows
MD5 | 2cdfc4e33188f51c2b1eacc9e5765f9e
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close