Twenty Year Anniversary
Showing 1 - 20 of 20 RSS Feed

Files Date: 2015-01-27

FancyFon FAMOC 3.16.5 Cross Site Scripting
Posted Jan 27, 2015
Authored by Matthias Deeg

FancyFon FAMOC version 3.16.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | f74c5f0d7029f0668bc0c98a9821cb16
FancyFon FAMOC 3.16.5 SQL Injection
Posted Jan 27, 2015
Authored by Matthias Deeg, Sebastian Nerz

FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 1e60bb024594a96f0905fbe81e211cd7
Qualys Security Advisory - glibc gethostbyname Buffer Overflow
Posted Jan 27, 2015
Authored by Alexander Peslyak, Qualys Security Advisory

Qualys Security Advisory - During a code audit performed internally at Qualys, they discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so they decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".

tags | exploit, overflow
advisories | CVE-2015-0235
MD5 | 224667245d80596a539da4cf2a8490ef
Red Hat Security Advisory 2015-0092-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0092-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
MD5 | 0686d61b88f314f765c33013c3493d48
SEANux 1.0 Remote Code Execution
Posted Jan 27, 2015
Authored by Larry W. Cashdollar

The Syrian Electronic Army SEANux linux distro version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
systems | linux
MD5 | 41885074404676e6e3f888ed0741ca1a
WebKitGTK+ DoS / Code Execution / Bypass
Posted Jan 27, 2015
Authored by WebKitGTK+ Team

The WebKitGTK+ 2.4 series suffers from buffer overflow, code execution, memory corruption, sandbox bypass, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
advisories | CVE-2013-2871, CVE-2013-2875, CVE-2013-2927, CVE-2014-1292, CVE-2014-1297, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339
MD5 | 99aff3f520687cae562fab1e9205a6a6
D-Link DSL-2740R Unauthenticated Remote DNS Change
Posted Jan 27, 2015
Authored by Todor Donev

Exploit for remotely changing DNS settings on the D-Link DSL-2740R router.

tags | exploit
MD5 | 2d4b977af05f1ec7c47a71f12d2a1629
0x90 International Cyber Security Summit 2015 Call For Papers
Posted Jan 27, 2015
Authored by 0x90 CFP

The 0x90 International Cyber Security Conference has announced its Call For Papers. It will be help March 14th, 2015 in Chennai.

tags | paper, conference
MD5 | 1aab253122288fcb057cc31699faed25
Red Hat Security Advisory 2015-0091-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0091-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3530
MD5 | 3e1b3ea242fdbb0cbe86a145e2f33bf0
Red Hat Security Advisory 2015-0090-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0090-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, osx
advisories | CVE-2015-0235
MD5 | eb19afea62b971cf3015e239b813420f
Ubuntu Security Notice USN-2485-1
Posted Jan 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2485-1 - It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0235
MD5 | 52f3ae8cfd09b4eecaf646aaeef26c84
Debian Security Advisory 3142-1
Posted Jan 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3142-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-6656, CVE-2014-6040, CVE-2014-7817, CVE-2015-0235
MD5 | 1c6656674352bdd6eb5b983035a39c4a
Debian Security Advisory 3141-1
Posted Jan 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3141-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for SSL/TLS and DEC DNA, which could result in denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-0562, CVE-2015-0564
MD5 | d53ec7878662cf0674ba61ef78236668
Debian Security Advisory 3140-1
Posted Jan 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3140-1 - Multiple security issues have been discovered in the Xen virtualization solution which may result in denial of service, information disclosure or privilege escalation.

tags | advisory, denial of service, info disclosure
systems | linux, debian
advisories | CVE-2014-8594, CVE-2014-8595, CVE-2014-8866, CVE-2014-8867, CVE-2014-9030
MD5 | 791dd5886f36bbb5c77c57e5c17e35d7
Ubuntu Security Notice USN-2458-3
Posted Jan 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2458-3 - USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. This update fixes the problem. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that some DOM objects with certain properties can bypass XrayWrappers in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. Michal Zalewski discovered a use of uninitialized memory when rendering malformed bitmap images on a canvas element. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642
MD5 | 806c00f80d94d8d6a02e4bd7368f8ed3
FancyFon FAMOC 3.16.5 Session Fixation
Posted Jan 27, 2015
Authored by Matthias Deeg

FancyFon FAMOC version 3.16.5 suffers from a session fixation vulnerability.

tags | exploit
MD5 | c5346c381d1a7b3a3e33a1f9cdda00ba
FancyFon FAMOC 3.16.5 Missing Salt
Posted Jan 27, 2015
Authored by Matthias Deeg

FancyFon FAMOC version 3.16.5 fails to mint one-way hashes without use of a salt.

tags | exploit
MD5 | e4231c4aa385396b2250535540669adf
NASA.gov Cross Site Scripting
Posted Jan 27, 2015
Authored by Yann CAM

Multiple nasa.gov subdomains suffered from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 78ab20ccc8774beeb37d85cdc24faadd
Android CVE-2014-7911 / CVE-2014-4322 Local Exploit
Posted Jan 27, 2015
Authored by retme

Proof of concept exploit that allows a local application to gain system privileges via CVE-2014-7911 and then root via CVE-2014-4322. The exploit included is for a Nexus 5 with Android 4.4.4 (KTU8P). The exploit may also work on other devices if the offsets of the rop chain are modified.

tags | exploit, local, root, proof of concept
advisories | CVE-2014-4322, CVE-2014-7911
MD5 | b0da1530282e04f968999d2ec5a44556
Bro Network Security Monitor 2.3.2
Posted Jan 27, 2015
Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple security-related bug fixes.
tags | tool, intrusion detection
systems | unix
advisories | CVE-2014-9586
MD5 | d89fe0942e41c25869effd959749a730
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    61 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close