what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-01-20

Debian Security Advisory 3133-1
Posted Jan 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3133-1 - Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-1031
MD5 | 3f97d4044cd6e37cec1ca6d966194fe4
Barracuda Load Balancer ADC Key Recovery / Password Reset
Posted Jan 20, 2015
Authored by Cristiano Maruti

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key issues, and various other problems.

tags | advisory
advisories | CVE-2014-8426, CVE-2014-8428
MD5 | c8913ae4082ad291d6da4e7eded4df7b
Prestashop 1.6.0.9 Cross Site Scripting
Posted Jan 20, 2015
Authored by Sudhanshu Chauhan

Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-1175
MD5 | 9620b29ff30be75a7de13821ee3377f9
Hack In Paris / Nuit Du Hack 2015 Call For Papers
Posted Jan 20, 2015
Authored by Hack in Paris CFP

Since 2010, Sysdream organizes the "Hack In Paris" event in Paris, France. Aiming to bring together security professionals and enthusiasts, Hack In Paris will focus on the latest advances in IT security. Hack In Paris will be held at a totally new location in Paris from June 15th to 19th, 2015. The Nuit Du Hack will take place on June 20th at the same place.

tags | paper, conference
MD5 | aa428c913df1c12b6a2e8c89469a3afd
OS X networkd Sandbox Escape
Posted Jan 20, 2015
Authored by Google Security Research

OS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.

tags | exploit, proof of concept
systems | apple, osx
MD5 | 4050c0d6e9c3910083759e7b718c3818
Vorbis Tools Division-By-Zero / Integer Overflow
Posted Jan 20, 2015
Authored by Paris Zoumpouloglou

Vorbis Tools suffers from a division-by-zero bug and integer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 7417518978d783d6161798f90560f65a
EMC M&R (Watch4Net) XSS / Upload / Java / Traversal / Overflow
Posted Jan 20, 2015
Site emc.com

EMC M&R (Watch4Net) suffers from heap overflow, remote file upload, insecure cryptographic storage, cross site scripting, ntp-related, java-related, and path traversal vulnerabilities.

tags | advisory, java, remote, overflow, vulnerability, xss, file upload
advisories | CVE-2014-3618, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294
MD5 | 1bb4795beb321e519020ba164d8124db
ifchk 1.0.1
Posted Jan 20, 2015
Authored by noorg | Site noorg.org

Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.

Changes: Various updates.
tags | tool
systems | unix
MD5 | 7e26567040b600fbd210b46e26780941
Remote Desktop 0.9.4 Android CSRF / Command Injection
Posted Jan 20, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Remote Desktop version 0.9.4 Android suffers from local command injection and cross site request forgery vulnerabilities.

tags | exploit, remote, local, vulnerability, csrf
MD5 | 1df201c85216e756909c248eee3bc2c7
Webinars 2.2.26.0 Script Insertion
Posted Jan 20, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Webinars version 2.2.26.0 suffers from a client-side script insertion vulnerability.

tags | exploit
MD5 | 31927a9be263d5448c93c87d155fbbf8
Remote Web Desktop Full 5.9.5 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 20, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Remote Web Desktop Full version 5.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, csrf
MD5 | 5424c212289698cd021b4c028ef0d7d9
Sites Powered By INVEM SQL Injection
Posted Jan 20, 2015
Authored by SeRaVo.BlackHat

Sites "Powered by INVEM" suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | ddc3f7c0af4f0ccd9121a45a52b05a4d
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150114
Posted Jan 20, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release of tor-ramdisk was triggered by some integer overflow bugs in libevent, CVE-2014-6272, which may be exploitable. The author took the opportunity to bump tor from the older 0.2.4 branch to 0.2.5.10 in the latest stable branch. Also updated is busybox, openssl, and the kernel.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-6272
MD5 | 462128c2bb5edd85c76e2dd98e7c2fcc
ManageEngine Multiple Products Authenticated File Upload
Posted Jan 20, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.

tags | exploit
systems | linux, windows
advisories | CVE-2014-5301
MD5 | 272a3df924baba786c9fb30f40476d5b
Ubuntu Security Notice USN-2460-1
Posted Jan 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2460-1 - Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
MD5 | 1ab5af1abaa0fd3ccb27df4d4a7487d6
Debian Security Advisory 3132-1
Posted Jan 20, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3132-1 - Multiple security issues have been found in Icedove, Debian's version of errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-8634, CVE-2014-8638, CVE-2014-8639
MD5 | 436865feddd58237901515cf5503fbfb
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close