Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-04-07

Novell ZenWorks Configuration Management 11.3.1 Code Execution / Traversal
Posted Apr 7, 2015
Authored by Pedro Ribeiro

Novell ZenWorks Configuration Management version 11.3.1 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability.

tags | exploit, remote, code execution, file inclusion, file upload
advisories | CVE-2015-0779
MD5 | ddb6bf01eea1890ce2712b5cea51d14c
Apache Flex asdoc Cross Site Scripting
Posted Apr 7, 2015
Authored by Radjnies Bhansingh

Apache Flex asdoc versions prior to 4.14.1 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-1773
MD5 | 4155caa62df952ab30de803ac0c58d8d
Debian Security Advisory 3057-2
Posted Apr 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3057-2 - The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem.

tags | advisory
systems | linux, debian
MD5 | 3a7a8ede13661eaf2480c72c6018824d
Ubuntu Security Notice USN-2558-1
Posted Apr 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2558-1 - It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-2775
MD5 | 25177ca4538efe8a0bc47ddd677c20dd
TOR Virtual Network Tunneling Tool 0.2.5.12
Posted Apr 7, 2015
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 89745069a7efb7aafd01ae263bd0fe5c
Balero CMS 0.7.2 Cross Site Scripting
Posted Apr 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Balero CMS version 0.7.2 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b82da929665b4579a9e1b3fb2ca94a7c
Balero CMS 0.7.2 SQL Injection
Posted Apr 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Balero CMS version 0.7.2 suffers from multiple remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | e809340a89036157d6246309b14e4836
WordPress Shareaholic 7.6.0.3 Cross Site Scripting
Posted Apr 7, 2015
Authored by Kacper Szurek

WordPress Shareaholic plugin version 7.6.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9311
MD5 | a67d16c80d937979aedca8b521ee5c76
WordPress All In One WP Security And Firewall 3.9.0 SQL Injection
Posted Apr 7, 2015
Authored by Claudio Viviani

WordPress All In One WP Security and Firewall plugin version 3.9.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a1033ab188c6204240447b008a96d205
Ubuntu Security Notice USN-2556-1
Posted Apr 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2556-1 - It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. A buffer overflow was discovered in the GPU service. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1233, CVE-2015-1234, CVE-2015-1317
MD5 | 53cd6c5acd7707b6f6893c1186c077a3
Ubuntu Security Notice USN-2557-1
Posted Apr 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2557-1 - Muneaki Nishimura discovered a flaw in Mozilla's HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a man in the middle attack.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-0799
MD5 | a94bc62b9ff6edda8c76177ea74a056c
Gentoo Linux Security Advisory 201504-01
Posted Apr 7, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1741, CVE-2013-2566, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607, CVE-2013-5609, CVE-2013-5610, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619
MD5 | 49557c34bd5a98de995feb8fe8bc3d2c
Red Hat Security Advisory 2015-0783-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2014-8867
MD5 | 7343a150e9e60a31f9fc10d0cbb17827
Red Hat Security Advisory 2015-0782-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-3690, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159, CVE-2014-8884, CVE-2015-1421
MD5 | 04cee26fd7d7b4432f616bc2cb07bcc7
Mandriva Linux Security Advisory 2015-196
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-196 - cups-browsed in cups-filters before 1.0.66 contained a bug in the remove_bad_chars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the lp user, using forged print service announcements on DNS-SD servers.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2015-2265
MD5 | e60aa3451e9fb50ca66e93849fd6a9b7
Mandriva Linux Security Advisory 2015-195
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-195 - The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. The updated packages provides a solution for this security issue.

tags | advisory, remote, web, xss
systems | linux, mandriva
advisories | CVE-2015-2317
MD5 | c33a3ee06c68b58f6587bd1136b39f30
Mandriva Linux Security Advisory 2015-193
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-193 - The libtasn1 library before version 4.4 is vulnerable to a two-byte stack overflow in asn1_der_decoding.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-2806
MD5 | 4d2deee202952c198056d9cc6d459ad2
HP Security Bulletin HPSBGN03306 1
Posted Apr 7, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03306 1 - Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289
MD5 | cdd0b3748c6535e6db4b5536b3c3c03c
Smalisca 0.1
Posted Apr 7, 2015
Authored by Cyneox | Site nullsecurity.net

Smalisca is a static code analysis tool for Smali files.

Changes: Minor bugs addressed. Various other updates.
tags | tool
systems | unix
MD5 | 943930dbd144c52635f3d5b874482d3a
Virtocommerce Beta 2.0 Arbitrary File Upload
Posted Apr 7, 2015
Authored by Provensec

Virtocommerce version Beta 2.0 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
MD5 | 077da5c0962c528894df7dbeb77ec57e
Qlik Open Redirect
Posted Apr 7, 2015
Authored by Provensec

Qlik suffers from an open redirect vulnerability.

tags | exploit
MD5 | 4bdf2f4fb58978dba9b6138cac6a06a6
Interspire Email Marketer 6.1.5 Cross Site Scripting
Posted Apr 7, 2015
Authored by Provensec

Interspire Email Marketer version 6.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 70b512b04b988674efe72e3f579e444b
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close