what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-02-04

Malwarebytes Anti-Malware / Anti-Exploit Update Remote Code Execution
Posted Feb 4, 2015
Authored by todb, Gabor Seljan, Yonathan Klijnsma | Site metasploit.com

This Metasploit module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation a man-in-the-middle attacker could execute arbitrary code by spoofing the update server data-cdn.mbamupdates.com and uploading an executable. This Metasploit module has been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.

tags | exploit, arbitrary, spoof
advisories | CVE-2014-4936
SHA-256 | 7ff0974c6eceef6b507a55c91fa7ecc2267e3fb1d468c441797b7a7071ac3090
EMC Documentum D2 Information Disclosure / Privilege Escalation
Posted Feb 4, 2015
Site emc.com

EMC Documentum D2 suffers from sensitive information disclosure and privilege escalation vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2015-0517, CVE-2015-0518
SHA-256 | 49898d02690c57f2c7516ee625e62143bae3b68445d798ce8a9f9ac48973cdbc
Fork CMS 3.8.5 SQL Injection
Posted Feb 4, 2015
Authored by Sven Schleier

Fork CMS version 3.8.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-1467
SHA-256 | e872082a2312ec95900f823efdd066a5402dc9f5d5ffa7f7a3cde84fc459392c
Red Hat Security Advisory 2015-0126-01
Posted Feb 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0126-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2014-3511, CVE-2014-3567, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2015-0235
SHA-256 | d44426ffefcc6444f5b0e9c23919d3d7de8a73feffb3acd51ec8ab0294efb23b
Cisco Security Advisory 20150204-wbx
Posted Feb 4, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the administrative web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary commands on the affected system and on the devices managed by the affected system. The vulnerability is due to improper user input validation. An attacker could exploit this vulnerability by crafting input into the affected fields of the web interface.

tags | advisory, remote, web, arbitrary
systems | cisco
SHA-256 | 4b60f20ed92c5b3dd2cdab3380d2c9efe1b3b6db26730e670f2137a6aa271a78
Debian Security Advisory 3153-1
Posted Feb 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3153-1 - Multiples vulnerabilities have been found in krb5, the MIT implementation of Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
SHA-256 | ecee120847457717a01fd2a9987ef675a6d879e4f16c09674711b8939feb31a6
Ubuntu Security Notice USN-2469-2
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2469-2 - USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-0219, CVE-2015-0220, CVE-2015-0221, CVE-2015-0222
SHA-256 | 5dc4cf9fd9fb7b32640fdad08d1ed4b56744197013e1ee313e726c46e7b1c6b6
Ubuntu Security Notice USN-2494-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2494-1 - Francisco Alonso discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly handled certain ELF files. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Thomas Jarosch discovered that file incorrectly limited recursion. An attacker could use this issue to cause file to hang or crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3710, CVE-2014-8116, CVE-2014-8117
SHA-256 | a0172d45fde45339ba18deb09206dc0648821b862540859d68b1e3108eff0aae
Red Hat Security Advisory 2015-0125-01
Posted Feb 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0125-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.6.0, and includes bug fixes and enhancements.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2014-3490, CVE-2014-3558, CVE-2014-3577
SHA-256 | 458310105b1d75920acc0a556797f379a84d6fbdc2f973508a56558ed2fb7a7a
WordPress Pixabay Images PHP Code Upload
Posted Feb 4, 2015
Authored by h0ng10 | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images version 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

tags | exploit, php, vulnerability
SHA-256 | d111cecf145c4dabb425662dffda4d1cf8b9241d370037c752f93b57412ecb27
WordPress Platform Theme Remote Code Execution
Posted Feb 4, 2015
Authored by Christian Mehlmauer, Marc-Alexandre Montpas | Site metasploit.com

The Wordpress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

tags | exploit, remote, php, code execution
SHA-256 | c111d9d51c266ad61917964f9eea57d1334074e2ca4b8eb80252f3ed807ddc0f
Pragyan CMS 3.0 SQL Injection
Posted Feb 4, 2015
Authored by Steffen Roesemann

Pragyan CMS version 3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3b31f0d50387ab584ccc4e28831cdd27727d3f209f7ea910e49918a04b34e73a
Ubuntu Security Notice USN-2493-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2493-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-8559, CVE-2014-9420
SHA-256 | 78c1dcddff69907c427b2816efa40b8a09fbf6141aceb7afd6b3af9ee42f1518
Ubuntu Security Notice USN-2491-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2491-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Various other issues were also addressed.

tags | advisory, denial of service, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-3610, CVE-2014-3611, CVE-2014-8133, CVE-2014-9322, CVE-2014-9420
SHA-256 | 19a2af96124543aaa352ea18ece1dd413cfb089cee4acb7401e035e68bc63c5c
Ubuntu Security Notice USN-2490-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2490-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-9420
SHA-256 | 9ee17d00db7459bc6c51e01f25a03c93b528f10b6763878bf01be7960f03a2ed
Ubuntu Security Notice USN-2492-1
Posted Feb 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2492-1 - Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2014-8133, CVE-2014-8559, CVE-2014-9420
SHA-256 | 8dad5e507e46c620d936929ce8e358be1f8fa17509f76d943ec58a0fdb565fc7
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close