what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2015-02-25

Lynis Auditing Tool 2.0.0
Posted Feb 25, 2015
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: The first release within the 2.x branch. It includes several new features, to simplify or improve auditing on Unix based systems, including BSD, Linux, Mac OS and more traditional systems like AIX, HPUX and Solaris.
tags | tool, scanner
systems | unix
MD5 | 977285b21fade7435eee9919e23910e0
Alienware Command Center 2.8.8.0 Local Privilege Escalation
Posted Feb 25, 2015
Authored by Humberto Cabrera | Site zeroscience.mk

Alienware Command Center version 2.8.8.0 suffers from an unquoted search path issue impacting the service 'ioloenergybooster' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

tags | advisory, arbitrary, local
systems | windows
MD5 | ade0f46ad1b2fcec1aac74c45acc5116
Ubuntu Security Notice USN-2505-1
Posted Feb 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2505-1 - Matthew Noorenberghe discovered that whitelisted Mozilla domains could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836
MD5 | 72220b2cf0da5e5fcb4cf7d86d58c334
Red Hat Security Advisory 2015-0269-01
Posted Feb 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0269-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.1 release serves as a replacement for JBoss Operations Network 3.3.0, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002
MD5 | 478728e50332c9744e739109d2708aeb
Cisco Ironport AsyncOS Cross Site Scripting
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2013-6780
MD5 | 4c0bad7bf4b2320ee31c8e1ed00b6ee5
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Posted Feb 25, 2015
Authored by LiquidWorm | Site zeroscience.mk

Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.

tags | exploit
MD5 | 1824ce0969f550927ece68359aa4496e
Cisco Ironport AsyncOS HTTP Header Injection
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.

tags | exploit, web
systems | cisco
advisories | CVE-2015-0624
MD5 | efc1e99a99ec5130712e73f124c95960
Suricata IDPE 2.0.7
Posted Feb 25, 2015
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: DCERPC traffic and http uri parsing issues addressed. Various bug fixes and improvements.
tags | tool, intrusion detection
systems | unix
MD5 | 43cd7dd958d434c580426020079914d7
SAP Business Objects Unauthorized Audit Information Access
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.

tags | advisory, remote
advisories | CVE-2015-2076
MD5 | 9199c6b3a1d24806cead6cfc47c07cfe
SAP Business Objects Unauthorized Audit Information Delete
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.

tags | advisory, remote
advisories | CVE-2015-2075
MD5 | 00e35f4f7ad2aee3bacb5b10238b7643
SAP Business Objects Unauthorized File Repository Server Write
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2074
MD5 | 6400ea3dc6719c9c7853f0bb6fe9e15e
SAP Business Objects Unauthorized File Repository Server Read
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2073
MD5 | 87b279e3bf1dadae088a0315669fd7f5
SAP HANA Web-based Development Workbench Cross Site Scripting
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.

tags | advisory, xss
advisories | CVE-2015-2072
MD5 | 8d5ad51c4ae1e17f464eae0420210b75
Red Hat Security Advisory 2015-0266-01
Posted Feb 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0266-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.

tags | advisory, web, arbitrary, local
systems | linux, redhat
advisories | CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836
MD5 | 1e9b9c700c4a0e1c8225443d71208574
Gentoo Linux Security Advisory 201502-14
Posted Feb 25, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-14 - A vulnerability in grep could result in Denial of Service. Versions less than 2.21-r1 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-1345
MD5 | 4408773dce1aa18e2ebc626f4791b727
SEO Toaster E-Commerce 2.2.0 Cross Site Scripting
Posted Feb 25, 2015
Authored by Ankit Bharathan

SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f97bf280c4adf692c9308d01e0231617
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close