what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-04-08

Express Zip 2.40 Path Traversal
Posted Apr 8, 2015
Authored by R-73eN

Express Zip versions 2.40 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
MD5 | 561ce6fa41e28806286729f506614eb4
Ubuntu Security Notice USN-2559-1
Posted Apr 8, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2559-1 - Hanno Boeck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-2806
MD5 | a4d5b8f49577277ba82bf1cbe31c290c
FreeBSD Security Advisory - ntp Issues
Posted Apr 8, 2015
Site security.freebsd.org

FreeBSD Security Advisory - The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. The vallen packet value is not validated in several code paths in ntp_crypto.c. When ntpd(8) is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not that there actually is any MAC included, and packets without a MAC are accepted as if they had a valid MAC. NTP state variables are updated prior to validating the received packets.

tags | advisory, remote, protocol
systems | freebsd
advisories | CVE-2014-9297, CVE-2015-1798, CVE-2015-1799
MD5 | 6b5b2146b2f3da2a6ba4207a596fe02f
FreeBSD Security Advisory - IPv6 Denial Of Service
Posted Apr 8, 2015
Authored by Dennis Ljungmark | Site security.freebsd.org

FreeBSD Security Advisory - The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system. When the Current Hop Limit (similar to IPv4's TTL) is small, IPv6 packets may get dropped before they reached their destinations. By sending specifically crafted Router Advertisement packets, an attacker on the local network can cause the FreeBSD system to lose the ability to communicate with another IPv6 node on a different network.

tags | advisory, local, protocol
systems | freebsd
advisories | CVE-2015-2923
MD5 | 176dd68fb5724f792db55625e1878c68
FreeBSD Security Advisory - GELI Keyfile Permissions
Posted Apr 8, 2015
Authored by Pierre Kim | Site security.freebsd.org

FreeBSD Security Advisory - The default permission set by bsdinstall installer when configuring full disk encrypted ZFS is too open. A local attacker may be able to get a copy of the geli provider's keyfile which is located at a fixed location.

tags | advisory, local
systems | freebsd
advisories | CVE-2015-1415
MD5 | 84c96464403b6f8603f9c7937d7b20f3
FreeBSD Security Advisory - IGMP Integer Overflow
Posted Apr 8, 2015
Authored by Marek Kroemeke, Mateusz Kocielski | Site security.freebsd.org

FreeBSD Security Advisory - An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash. Revision 2 of this advisory.

tags | advisory, denial of service, overflow, kernel
systems | freebsd
advisories | CVE-2015-1414
MD5 | e3aa8e64324f5ee800e00f8517bd7c03
FreeBSD 10.x ZFS encryption.key Disclosure
Posted Apr 8, 2015
Authored by Pierre Kim

FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk.

tags | exploit, local, info disclosure
systems | freebsd
advisories | CVE-2015-1415
MD5 | 07a9532173408a514f487eeee305e6b7
HP Security Bulletin HPSBHF03310 1
Posted Apr 8, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03310 1 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Windows Embedded Standard 7 (WES7) and Windows Embedded Standard 2009 (WES09) and all versions of HP Easy Deploy. The vulnerabilities could be exploited remotely to allow elevation of privilege and execution of code. Note: HP Easy Deploy was bundled in versions of HP Easy Tools prior to version 3.0.1.1650. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | windows
advisories | CVE-2015-2112, CVE-2015-2113
MD5 | bf7799cbb33c51ead431b060499c7a6c
Red Hat Security Advisory 2015-0788-01
Posted Apr 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0788-01 - The novnc package provides a VNC client that uses HTML5 and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. All novnc users are advised to upgrade to this updated package, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-7436
MD5 | f23d43b5426486b7d33406d5f6985492
Red Hat Security Advisory 2015-0789-01
Posted Apr 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0789-01 - PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for proof-of-concept installations. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.

tags | advisory, shell, root
systems | linux, redhat
advisories | CVE-2015-1842
MD5 | 2cb28058534acc551a120a50dce9fef4
Red Hat Security Advisory 2015-0790-01
Posted Apr 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0790-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. It was discovered that the OpenStack Compute console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-0259
MD5 | 535b7f51d23045c6fa3a1b313e723eaa
Red Hat Security Advisory 2015-0791-01
Posted Apr 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0791-01 - Red Hat Enterprise OpenStack Platform Installer is a deployment management tool. It provides a web user interface for managing the installation and configuration of remote systems. Deployment of changes is performed using Puppet. Additionally, Dynamic Host Configuration Protocol, Domain Name System, Preboot Execution Environment, and Trivial File Transfer Protocol services can be provided. Controlling these services also enables provisioning of physical systems that do not yet have an operating system installed. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root.

tags | advisory, remote, web, shell, root, protocol
systems | linux, redhat
advisories | CVE-2015-1842
MD5 | 2731761e49178ac9b0838b65bb6c4077
phpTrafficA 2.3 Cross Site Scripting
Posted Apr 8, 2015
Authored by Daniel Geerts

phpTrafficA versions up to 2.3 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2926
MD5 | e8e29ec1f87d83bdbc515636614d22c0
bloofoxCMS 0.5.0 Cross Site Scripting
Posted Apr 8, 2015
Authored by Provensec

bloofoxCMS version 0.5.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 159681f3d438d128fb8f3ee14af05e7f
Security Notice For CA Spectrum
Posted Apr 8, 2015
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Spectrum. Two vulnerabilities exist that can potentially allow a remote authenticated attacker to gain sensitive information or escalate privileges. The first issue is a stored cross-site scripting vulnerability which occurs due to insufficient validation of requests. An authenticated remote attacker can potentially execute script with increased privileges. The second issue occurs due to insufficient validation of data sent using serialized Java objects. A remote authenticated attacker can potentially gain administrative privileges on the host.

tags | advisory, java, remote, vulnerability, xss
advisories | CVE-2015-2827, CVE-2015-2828
MD5 | 11874b4e3615f10b3fefd64f5889974a
Egg Hunter Shellcode
Posted Apr 8, 2015
Authored by Paw Petersen

20 bytes small egg hunter shellcode that searches from current addr towards lower memory.

tags | shellcode
MD5 | 58ec49bfe90cbffb875697a886d46809
Linux/x86 Typewriter Shellcode Generator
Posted Apr 8, 2015
Authored by Paw Petersen

Linux/x86 typewriter shellcode generator.

tags | x86, shellcode
systems | linux
MD5 | 1f5cf9c0e971fa4448bb44366d1794e0
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    7 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close