ignore security and it'll go away
Showing 1 - 25 of 410 RSS Feed

Files Date: 2015-01-01 to 2015-01-31

EMC Avamar Missing Certificate Validation
Posted Jan 30, 2015
Site emc.com

EMC Avamar contains a security vulnerability that may potentially be leveraged by a malicious user to obtain sensitive information when performing a backup or restore operation relating to the vCenter Server. EMC Avamar VMware image and File Level Restore (FLR) proxies do not verify SSL certificates properly when presented by vCenter and may be vulnerable to man-in-the-middle attacks. This vulnerability may potentially be exploited to obtain sensitive information when performing backup and restore operations relating to the vCenter Server. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x are affected.

tags | advisory
advisories | CVE-2014-4632
MD5 | ce55af5556dad5d37c8fbcc7cba43b46
Unisphere Central Redirect / Access Bypass / DoS / Updates
Posted Jan 30, 2015
Site emc.com

Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899
MD5 | 77b7ca247803592598a9f050a2092ac7
Asus RT-N10 Plus Cross Site Scripting
Posted Jan 30, 2015
Authored by Kaustubh G. Padwad

Asus RT-N10 Plus with firmware version 2.1.1.1.70 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | cbd31adcbb31f787ab3a7f9c44d83530
VMware Security Advisory 2015-0002
Posted Jan 30, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0002 - VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

tags | advisory
advisories | CVE-2014-4632
MD5 | 90c495da18e05939705ef7726b92e478
Debian Security Advisory 3145-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3145-1 - Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing HTTP proxy, which might result in denial of service.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-1381, CVE-2015-1382
MD5 | 0a39e1383c4014ee1b60a9df0c0cb416
Debian Security Advisory 3144-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3144-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
MD5 | 582e8e0f25c2920d083e15dc54d5097e
HP Security Bulletin HPSBOV03226 2
Posted Jan 30, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03226 2 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. No update is required for BIND clients. Revision 2 of this advisory.

tags | advisory, denial of service, tcp, vulnerability
advisories | CVE-2006-4096, CVE-2007-2926, CVE-2008-1447, CVE-2009-0025, CVE-2011-4313, CVE-2012-4244
MD5 | 030d30c3b6c8106e6b18648558b2d49a
Debian Security Advisory 3146-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3146-1 - Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occurred. This would allow remote servers to obtain two Proxy-Authorization header (CVE-2014-1830), or netrc passwords from the Authorization header (CVE-2014-1829).

tags | advisory, remote, web, python
systems | linux, debian
advisories | CVE-2014-1829, CVE-2014-1830
MD5 | 6095111dbdce77f5d4dcf5a079b38606
Debian Security Advisory 3147-1
Posted Jan 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3147-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, java, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
MD5 | 3bc167a52cf829fc2cca4b718a4575e0
Symantec Encryption Management Server Remote Command Injection
Posted Jan 30, 2015
Authored by Paul Craig from Vantage Point

Symantec Encryption Management Server versions prior to 3.2.0 MP6 suffers from a remote command injection vulnerability.

tags | exploit, remote
MD5 | 50510916c10731276008f34f7d1f6764
NPDS CMS Revolution-13 SQL Injection
Posted Jan 30, 2015
Authored by Nahendra Bhati

NPDS CMS Revolution-13 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1400
MD5 | 6ffe620b7668bd0453350f6674aa844d
How To Secure Against Glibc Ghost Vulnerability
Posted Jan 30, 2015
Authored by Rajivarnan.R

This is a whitepaper discussing mitigation of the Ghost glibc vulnerability as discussed in CVE-2015-0235.

tags | paper
advisories | CVE-2015-0235
MD5 | bc12f4d4fdbf708346109df88f91587f
McAfee Data Loss Prevention Endpoint Privilege Escalation
Posted Jan 30, 2015
Authored by Parvez Anwar

McAfee Data Loss Prevention Endpoint version 9.3.200.23 suffers from an arbitrary write privilege escalation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2015-1305
MD5 | 92a10ae42d3ddfdec969f1c581b2ee81
Asterisk Project Security Advisory - AST-2015-002
Posted Jan 29, 2015
Authored by Mark Michelson, Olle Johansson | Site asterisk.org

Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

tags | advisory, web
advisories | CVE-2014-8150
MD5 | 40713dbc27a6fb8e51bb53765591ef4e
Kaseya Browser 7.0 Android Path Traversal
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details a vulnerability found within Kaseya Browser Android application. A path traversal vulnerability was discovered within an exported content provider, resulting in the disclosure of arbitrary files, including internal application files.

tags | exploit, arbitrary, file inclusion
MD5 | e96819aa7e39e1623c71e59dd7bf05a2
Pexip Infinity Non-Unique SSH Host Keys
Posted Jan 29, 2015
Authored by giles | Site pexip.com

Pexip Infinity versions prior to 8 fail to generate unique SSH host keys.

tags | advisory
advisories | CVE-2014-8779
MD5 | 771ad68eb387cba60d860d6c38a2ea4f
MantisBT 1.2.17 XSS / Improper Access Control / SQL Injection
Posted Jan 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

MantisBT version 1.2.17 suffers from improper access control, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2014-9571, CVE-2014-9572, CVE-2014-9573
MD5 | 0f926f4efcc5bff0d41478179110cb8b
Kaseya BYOD Gateway 7.0.2 SSL Certificate Validation / Redirection
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This advisory details multiple vulnerabilities found within the Kaseya BYOD Gateway software. By chaining a combination of lacking SSL verification, poor authentication mechanisms and arbitrary redirection vulnerabilities, a malicious entity may potentially compromise any Kaseya BYOD installation. The Kaseya BYOD Gateway software uses a redirection feature, wherein users are redirected to their local Kaseya installation via Kaseya's hosted servers. The update request from the BYOD Gateway software to the Kaseya hosted servers was not found to verify SSL certificates and fails to implement any form of authentication, instead relying on the length of the gateway identifier to provide security. Thus, the security of the solution depends on an attacker's ability to enumerate the gateway identifier. Once a malicious user enumerates the Gateway identifier, then they may update the redirect rule for that customer in Kaseya's hosted servers, redirecting customers to a malicious Kaseya BYOD Gateway. Version 7.0.2 is affected.

tags | exploit, arbitrary, local, vulnerability
MD5 | f01ce6f62fb92059c9e3299103497252
ManageEngine Firewall Analyzer 8.0 Directory Traversal / XSS
Posted Jan 29, 2015
Authored by AmirHadi Yazdani

ManageEngine Firewall Analyzer versions 8.0 and below suffer from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion
MD5 | 04ac1879cf9ea965ae56ccf68f19beaa
AirWatch Direct Object Reference
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Multiple direct object reference vulnerabilities were found within the AirWatch cloud console. VMWare advised that these issues also affect on-premise AirWatch deployments. A malicious AirWatch user may leverage several direct object references to gain access to information regarding other AirWatch customers using the AirWatch cloud. This includes viewing groups and downloading private APKs belonging to other organizations.

tags | exploit, vulnerability
advisories | CVE-2014-8372
MD5 | 16402408cf32772e47bf2b7787d201e9
UniPDF 1.1 Buffer Overflow / Denial Of Service
Posted Jan 29, 2015
Authored by bonze

UniPDF version 1.1 suffers from a buffer overflow vulnerability. This is a SEH overwrite denial of service proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
MD5 | 3567d3488c7e7994235e9055a8ccd583
ClearSCADA Remote Authentication Bypass
Posted Jan 29, 2015
Authored by Jeremy Brown

There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.

tags | exploit, bypass
advisories | OSVDB-75022
MD5 | 5a91b8965b0bd7e42547ec87525ee02b
Slackware Security Advisory - glibc Updates
Posted Jan 29, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0235
MD5 | 5afdab05e39a1e3233e0a0dcc49dd310
ManageEngine File Download / Content Disclosure / SQL Injection
Posted Jan 29, 2015
Authored by Pedro Ribeiro

ManageEngine OpManager, Applications Manager, and IT360 suffer from arbitrary file download, directory content disclosure, and blind SQL injection vulnerabilities.

tags | exploit, arbitrary, vulnerability, sql injection, info disclosure
MD5 | 7aea427606c71aefe920fb9e4aecca03
Fortinet FortiOS Denial Of Service / Man-In-The-Middle
Posted Jan 29, 2015
Authored by Denis Andzakovic | Site security-assessment.com

Fortinet FortiOS with firmware 5.0 build 4457 (GA Patch 7) suffers from a CAPWAP daemon DTLS denial of service vulnerability and man-in-the-middle vulnerability.

tags | exploit, denial of service
MD5 | a9dedd6e1c4147dde2d00cbc2fb24a8d
Page 1 of 17
Back12345Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close