what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-04-07

Novell ZenWorks Configuration Management 11.3.1 Code Execution / Traversal
Posted Apr 7, 2015
Authored by Pedro Ribeiro

Novell ZenWorks Configuration Management version 11.3.1 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability.

tags | exploit, remote, code execution, file inclusion, file upload
advisories | CVE-2015-0779
SHA-256 | 2e1385af22ffe68f64c61147063cf39a03915826ed8417041c6bae636ef665e5
Apache Flex asdoc Cross Site Scripting
Posted Apr 7, 2015
Authored by Radjnies Bhansingh

Apache Flex asdoc versions prior to 4.14.1 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-1773
SHA-256 | 46dfb4836a0f4b57607590eecfe753129c637f91c28ff7afd261777fc6d98ef3
Debian Security Advisory 3057-2
Posted Apr 7, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3057-2 - The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem.

tags | advisory
systems | linux, debian
SHA-256 | be038067bb3a59dbd944b6cd93525c2a5b050c733640ba3e0c00df9a18a9e136
Ubuntu Security Notice USN-2558-1
Posted Apr 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2558-1 - It was discovered that Mailman incorrectly handled special characters in list names. A local attacker could use this issue to perform a path traversal attack and execute arbitrary code as the Mailman user.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-2775
SHA-256 | 3cdf31e7ce2504d75deeac6476e08d8cef04f4f07c6265f083f1d775075eff53
TOR Virtual Network Tunneling Tool 0.2.5.12
Posted Apr 7, 2015
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. This release also backports a simple improvement to make hidden services a bit less vulnerable to denial-of-service attacks.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 550fdafffeb4c1e3035bb8cc42e6e49d5af17ad79563bd118af22c1107f72b49
Balero CMS 0.7.2 Cross Site Scripting
Posted Apr 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Balero CMS version 0.7.2 suffers from cross site scripting and html injection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 458417d45a71bbc9cf2f59dac2f77172c15dd2aa41c76235a5633f80a54b1c3b
Balero CMS 0.7.2 SQL Injection
Posted Apr 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Balero CMS version 0.7.2 suffers from multiple remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 949d7940cb1b4a95cff65513e29961b58e7322614fee7f8b0c05245e26d762dd
WordPress Shareaholic 7.6.0.3 Cross Site Scripting
Posted Apr 7, 2015
Authored by Kacper Szurek

WordPress Shareaholic plugin version 7.6.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9311
SHA-256 | 997d301bcb1116b79c1053692c79b280561e1e4b1955e5e2bd58e3055a40aadc
WordPress All In One WP Security And Firewall 3.9.0 SQL Injection
Posted Apr 7, 2015
Authored by Claudio Viviani

WordPress All In One WP Security and Firewall plugin version 3.9.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2203b9343977b8ce1c7756e193c53801aae33bcc43ac2d1b9dbd42170428a048
Ubuntu Security Notice USN-2556-1
Posted Apr 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2556-1 - It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program. A buffer overflow was discovered in the GPU service. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-1233, CVE-2015-1234, CVE-2015-1317
SHA-256 | 04fcc500a7183b01d8d82044435d10de076fb3f8f0fe6c66be25b85ecd587925
Ubuntu Security Notice USN-2557-1
Posted Apr 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2557-1 - Muneaki Nishimura discovered a flaw in Mozilla's HTTP Alternative Services implementation which meant SSL certificate verification could be bypassed in some circumstances. A remote attacker could potentially exploit this to conduct a man in the middle attack.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-0799
SHA-256 | a1a035871c4334114b6ff842b6f02d425f02c680d8dc9d5234778f6a4321ed32
Gentoo Linux Security Advisory 201504-01
Posted Apr 7, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1741, CVE-2013-2566, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607, CVE-2013-5609, CVE-2013-5610, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619
SHA-256 | 5799f785190a4af15c846f0050efac6e2cdd60ccce19b768508224bebe1b50bb
Red Hat Security Advisory 2015-0783-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2014-8159, CVE-2014-8867
SHA-256 | 1a62eb3c62b3f58d404ecacc94006c7b1a6ccb8bd2830547a948bccc4c9d83d7
Red Hat Security Advisory 2015-0782-01
Posted Apr 7, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0782-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2014-3690, CVE-2014-5471, CVE-2014-5472, CVE-2014-8159, CVE-2014-8884, CVE-2015-1421
SHA-256 | 497a3d5df6407e2e427e7c1470a45a7c8129599f5ebc30b4932e3935b243a11f
Mandriva Linux Security Advisory 2015-196
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-196 - cups-browsed in cups-filters before 1.0.66 contained a bug in the remove_bad_chars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the lp user, using forged print service announcements on DNS-SD servers.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2015-2265
SHA-256 | 6ee9502b33113faf945840266ffc7ae17222e04b5727259d3e2657e92606f6e9
Mandriva Linux Security Advisory 2015-195
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-195 - The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. The updated packages provides a solution for this security issue.

tags | advisory, remote, web, xss
systems | linux, mandriva
advisories | CVE-2015-2317
SHA-256 | da29353ee6e69007158c2009f13b3d836eda48a2560df0d4f7ba8c8fd7386594
Mandriva Linux Security Advisory 2015-193
Posted Apr 7, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-193 - The libtasn1 library before version 4.4 is vulnerable to a two-byte stack overflow in asn1_der_decoding.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-2806
SHA-256 | 007d36ef1e9e3ed182bdeada4da602d261dde0f484f8b56cde2cda356977fd99
HP Security Bulletin HPSBGN03306 1
Posted Apr 7, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03306 1 - Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289
SHA-256 | 115904a616e7c2d552ef9d058a8c0477b6f3d1f3462f71cd9120c95f98161162
Smalisca 0.1
Posted Apr 7, 2015
Authored by Cyneox | Site nullsecurity.net

Smalisca is a static code analysis tool for Smali files.

Changes: Minor bugs addressed. Various other updates.
tags | tool
systems | unix
SHA-256 | 1a7c9c1377a243a865485c0002c314ec8d435e4b1479f4a92b980127510784e3
Virtocommerce Beta 2.0 Arbitrary File Upload
Posted Apr 7, 2015
Authored by Provensec

Virtocommerce version Beta 2.0 suffers from an arbitrary file upload vulnerability.

tags | advisory, arbitrary, file upload
SHA-256 | 31a2bc6b5383f1982eec05537bfada1c22a54b77733fbbb9fb6d979b53c953c7
Qlik Open Redirect
Posted Apr 7, 2015
Authored by Provensec

Qlik suffers from an open redirect vulnerability.

tags | exploit
SHA-256 | 2cf2db90b174f7cceadc779650c2181d747ba3224b8b9ce9cf5c21947a48cba7
Interspire Email Marketer 6.1.5 Cross Site Scripting
Posted Apr 7, 2015
Authored by Provensec

Interspire Email Marketer version 6.1.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 810e6dddb98f6d0f7fbaecd6e68634a8db0244c0ce804043fea9d833a09f56de
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close