Twenty Year Anniversary
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-02-11

Elasticsearch 1.3.7 / 1.4.2 Sandbox Escape / Command Execution
Posted Feb 11, 2015
Authored by Cameron Morris

Elasticsearch versions 1.3.0 through 1.3.7 and 1.4.0 through 1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.

tags | advisory, java, shell, vulnerability
advisories | CVE-2015-1427
MD5 | 56239d78dc6ef17bebd16f69ea998b24
Mandiant Incident Response Conference 2015 Call For Papers
Posted Feb 11, 2015
Site mandiant.com

The sixth annual Mandiant Incident Response Conference (MIRcon 2015) has announced its call for papers. It will take place November 3rd through the 4th at the Washington Hilton, Washington, DC, USA.

tags | paper, conference
MD5 | 970d93ffdbf9828a8442645f0eef90e1
LG DVR LE6016D File Disclosure
Posted Feb 11, 2015
Authored by Yakir Wizman

LG DVR LE6016D suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 99a1490135a7548493b97f45a234e15a
My Little Forum 2.3.3 Cross Site Scripting / SQL Injection
Posted Feb 11, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

My Little Forum version 2.3.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2015-1434, CVE-2015-1435
MD5 | ac96ee4cf8e4f14b7d07e5ef218479c4
WordPress Easing Slider 2.2.0.6 Cross Site Scripting
Posted Feb 11, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Easing Slider plugin version 2.2.0.6 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-1436
MD5 | 7e4769290796cbd6feec09f0702414b8
Pandora FMS 5.1 SP1 SQL Injection
Posted Feb 11, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Pandora FMS version 5.1 SP1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3c771580986a3f1bc276a6c62a9b2f09
BlinkSale Script Insertion
Posted Feb 11, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

BlinkSale suffered from a malicious script insertion vulnerability that affects the mail functionality client-side.

tags | exploit
MD5 | 6ddda6bd4a772db8e9d75224bf0973ff
Facebook CSRF / Session Manipulation
Posted Feb 11, 2015
Authored by Joe Balhis | Site vulnerability-lab.com

Facebook.com suffered from session manipulation and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 7067692ee03ba459067731b09a9a2d23
Red Hat Security Advisory 2015-0165-01
Posted Feb 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0165-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2014-3528, CVE-2014-3580
MD5 | 441b1a968a4c4cfcfc511453f0ac8016
Red Hat Security Advisory 2015-0163-01
Posted Feb 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0163-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 40.0.2214.111, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212
MD5 | 39c0b82bc03613f4bf8a667ef2a45a61
Red Hat Security Advisory 2015-0164-01
Posted Feb 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0164-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-7822
MD5 | e8b1e1ecbc368ba1f3eee2e997daf6c2
Ubuntu Security Notice USN-2498-1
Posted Feb 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2498-1 - It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the libgssapi_krb5 library incorrectly processed security context handles. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5351, CVE-2014-5352, CVE-2014-5353, CVE-2014-5354, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
MD5 | 725ec9eda0f09fd93bbc0b23c5c1820b
Ubuntu Security Notice USN-2495-1
Posted Feb 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2495-1 - A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1209, CVE-2015-1210, CVE-2015-1211, CVE-2015-1212
MD5 | 1671fb9c19959e6e3f81ecdd4efaf656
Red Hat Security Advisory 2015-0166-01
Posted Feb 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0166-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2014-3528, CVE-2014-3580, CVE-2014-8108
MD5 | 7cb2ffc8fd1e88f05411725ec21006d3
Debian Security Advisory 3159-1
Posted Feb 11, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3159-1 - It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).

tags | advisory, remote, denial of service, ruby
systems | linux, debian
advisories | CVE-2014-8080, CVE-2014-8090
MD5 | 0a02a82ca6ac603efa51bc40edbdd677
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    5 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close