ignore security and it'll go away
Showing 1 - 25 of 598 RSS Feed

Files Date: 2015-03-01 to 2015-03-31

GNU Transport Layer Security Library 3.3.14
Posted Mar 30, 2015
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
MD5 | 7f4465f8c564cf9cb8f5cb38b909f7ca
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20150322
Posted Mar 30, 2015
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: tor updated to 0.2.5.11. busybox updated to 1.23.1. openssl updated to 1.0.1l. kernel updated to 3.19.2 + Gentoo's hardened-patches-3.19.2-2.extras.
tags | tool, kernel, peer2peer
systems | linux
MD5 | 4ef9c5044df533f1fbbbb23d673edd0a
Adobe Flash Player ByteArray With Workers Use After Free
Posted Mar 30, 2015
Authored by juan vazquez, temp66, hdarwin | Site metasploit.com

This Metasploit module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, who can fill the memory and notify the main thread to corrupt the new contents. This Metasploit module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.296.

tags | exploit
systems | windows, 7
advisories | CVE-2015-0313
MD5 | 607a862ce32fda6ff085d1672dae217b
Windows Run Command As User
Posted Mar 30, 2015
Authored by Ben Campbell, Kx499 | Site metasploit.com

This Metasploit module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default. Unless targetting a local user either set the DOMAIN, or specify a UPN user format (e.g. user@domain). This uses the CreateProcessWithLogonW WinAPI function. A custom command line can be sent instead of uploading an executable. APPLICAITON_NAME and COMMAND_LINE are passed to lpApplicationName and lpCommandLine respectively. See the MSDN documentation for how these two values interact.

tags | exploit, local
MD5 | 7d3f40f88e66db3180d5a532980b66df
JBoss JMXInvokerServlet Remote Command Execution
Posted Mar 30, 2015
Authored by Luca Carettoni

This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console" and the "JMX Console" are protected or disabled.

tags | exploit, java, web, arbitrary
MD5 | 86630ac41a1f6448e3fd55661ed8a482
VAMPSET 2.2.145 Stack / Heap Buffer Overflow
Posted Mar 30, 2015
Authored by Core Security Technologies, Ricardo Narvaja | Site coresecurity.com

Core Security Technologies Advisory - VAMPSET version 2.2.145 is vulnerable to a stack-based and heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-8390
MD5 | 3d889804e96aef041e76e55fec51792a
libtasn1 Stack Write Overflow
Posted Mar 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Fuzzing libtasn1 led to the discovery of a stack write overflow in the function _asn1_ltostr (file parser_aux.c). It overflows a temporary buffer variable on certain inputs.

tags | advisory, overflow
MD5 | 3e26f04e6b86ede33eb62fb437cb37d5
Palo Alto Traps Server 3.1.2.1546 Cross Site Scripting
Posted Mar 30, 2015
Authored by Michael Hendrickx

Palo Alto Traps Server (formerly Cyvera Endpoint Protection) version 3.1.2.1546 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2223
MD5 | cd011bf4408b28ad0bb4b8135e932f61
Mandriva Linux Security Advisory 2015-153
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-153 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. A buffer read overflow in gd_gif_in.c in the php #68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.

tags | advisory, remote, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-9709
MD5 | 5694676071578958c39a0ef7c793d650
Mandriva Linux Security Advisory 2015-154
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-154 - Updated gnupg, gnupg2 and libgcrypt packages fix security GnuPG versions before 1.4.17 and 2.0.24 are vulnerable to a denial of service which can be caused by garbled compressed data packets which may put gpg into an infinite loop. The libgcrypt library before version 1.5.4 is vulnerable to an ELGAMAL side-channel attack. GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg and gnupg2 package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2014-4617, CVE-2014-5270, CVE-2015-0837
MD5 | a9fde0a382a9277ba5a3eb8be545725b
Mandriva Linux Security Advisory 2015-148
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
MD5 | a1ab273b6d043a98c0d045adaa78c2c5
Mandriva Linux Security Advisory 2015-152
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-152 - Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-9092
MD5 | a5e3f870c125ed225ee9d6dfcc12e4a1
Mandriva Linux Security Advisory 2015-147
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-147 - The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547
MD5 | 2e8800865be0d1a2e17f933e8ec19dca
Mandriva Linux Security Advisory 2015-149
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-149 - libsndfile contains multiple buffer-overflow vulnerabilities in src/sd2.c because it fails to properly bounds-check user supplied input, which may allow an attacker to execute arbitrary code or cause a denial of service. libsndfile contains a divide-by-zero error in src/file_io.c which may allow an attacker to cause a denial of service.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2014-9496
MD5 | 35644042cbdc1506743a19a7624e6922
Debian Security Advisory 3208-1
Posted Mar 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3208-1 - Jodie Cunningham discovered multiple vulnerabilities in freexl, a library to read Microsoft Excel spreadsheets, which might result in denial of service or the execution of arbitrary code if a malformed Excel file is opened.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-2753, CVE-2015-2754, CVE-2015-2776
MD5 | 6a6d588aa9935f2230e64a99cafd9413
Mandriva Linux Security Advisory 2015-158
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-158 - There are serveral problems with the way Jython creates class cache files, potentially leading to arbitrary code execution or information disclosure.

tags | advisory, arbitrary, code execution, info disclosure
systems | linux, mandriva
advisories | CVE-2013-2027
MD5 | 04aca7ee24c0dee0f079d588dd85ad2c
Mandriva Linux Security Advisory 2015-157
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-157 - Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-2304
MD5 | 57fcfc2633f46c063873ede71eedaedb
Mandriva Linux Security Advisory 2015-156
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-156 - capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without capabilities, which is potentially dangerous.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2014-3215
MD5 | 210615058d6da4d916b72b9aa1440ea7
Mandriva Linux Security Advisory 2015-017-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-017 - Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open to a possible heap overflow or infinite loop. In order to exploit this flaw, an attacker needs to be able to find a way to provoke the program into trying to make a buffer chunk larger than what will fit into a single size_t or off_t.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-6272
MD5 | c0c8543f901fbb7812196a56d8e35140
Mandriva Linux Security Advisory 2015-155
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-155 - GnuPG before 1.4.19 is vulnerable to a side-channel attack which can potentially lead to an information leak. GnuPG before 1.4.19 is vulnerable to a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. The gnupg package has been patched to correct these issues. GnuPG2 is vulnerable to these issues through the libgcrypt library. The issues were fixed in libgcrypt 1.6.3. The libgcrypt package in Mandriva, at version 1.5.4, was only vulnerable to the CVE-2014-3591 issue. It has also been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-3591, CVE-2015-0837
MD5 | 0831dafa2eda5dfedb8876c87c9850f4
Mandriva Linux Security Advisory 2015-148-1
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-148 - Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash or otherwise read and use unintended memory areas in this process. Packages were missing for Mandriva Business Server 1 with the MDVSA-2015:148 advisory which are now being provided.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2015-1782
MD5 | 2059fbdf992c2ffbd12d04c631b5a3a8
Fedora 12 setroubleshootd Local Root Proof Of Concept
Posted Mar 30, 2015
Authored by Sebastian Krahmer

Fedora 21 setroubleshootd local root proof of concept exploit.

tags | exploit, local, root, proof of concept
systems | linux, fedora
MD5 | c01050fd0c33898ccd770a2b60b154e4
FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass
Posted Mar 30, 2015
Authored by Mahendra

FiyoCMS version 2.0.1.8 suffers from url bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, bypass
advisories | CVE-2014-9145, CVE-2014-9146, CVE-2014-9147, CVE-2014-9148
MD5 | 53c5971155badeea69b727bdb699fc64
Mandriva Linux Security Advisory 2015-144
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-144 - A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-5461
MD5 | 263d4a6475ad8e104f3c13bdb5e91e23
Mandriva Linux Security Advisory 2015-143
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-143 - A buffer overflow was reported in mpfr. This is due to incorrect GMP documentation for mpn_set_str about the size of a buffer.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2014-9474
MD5 | ca5b56a767005ea0c93222337ca63f81
Page 1 of 24
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close