what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-04-28

NIELD (Network Interface Events Logging Daemon) 0.6.1
Posted Apr 28, 2015
Authored by t2mune | Site nield.sourceforge.net

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.

Changes: This release includes some bug fixes.
tags | tool, kernel, system logging
systems | unix
SHA-256 | a7e7fd8b2dd7c66bebbff4b4bb9e9cd8f933e13316b497937005cdee766059f6
Red Hat Security Advisory 2015-0891-01
Posted Apr 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0891-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. This issue was found by Paolo Bonzini of Red Hat.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-8106
SHA-256 | 276a854e02c6ec07038497b82f9bb9506cbbaac13a26ae82ea6343e4bcfca098
Wing FTP Server Admin 4.4.5 CSRF / Cross Site Scripting
Posted Apr 28, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Wing FTP Server Admin version 4.4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | baa33a8db697aa73d142896a3bba1e7eae95cd119c23f80057b7d2cef956a942
Red Hat Security Advisory 2015-0888-01
Posted Apr 28, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0888-01 - Red Hat Enterprise Virtualization Manager 3.5.1 is now available. It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. It was discovered that a directory shared between the ovirt-engine-dwhd service and a plug-in used during the service's startup had incorrect permissions. A local user could use this flaw to access files in this directory, which could potentially contain sensitive information.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-0237, CVE-2015-0257
SHA-256 | ca7ceffd1d748a83925a9856f16bb79722cb033187b6a3fc14ffbd62fba7ea48
Ubuntu Security Notice USN-2581-1
Posted Apr 28, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2581-1 - Tavis Ormandy discovered that NetworkManager incorrectly filtered paths when requested to read modem device contexts. A local attacker could possibly use this issue to bypass privileges and manipulate modem device configuration or read arbitrary files.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-1322
SHA-256 | c5f32b53adf6c35ee6bc7624cce314688e2fd1a323fb96fceb4332b763658430
Libarchive Malformed cpio Archive Crash
Posted Apr 28, 2015
Authored by Project Zero Labs, Paris Zoumpouloglou

Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19]. If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts.

tags | exploit, denial of service
systems | linux
SHA-256 | fd0fb753afd7d4f8141a07df1844dc319539bc557bf657925079de4444885e9a
Untangle Cross Site Scripting / Information Disclosure
Posted Apr 28, 2015
Authored by Calum Hutton

Untangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root. They also suffer from an information disclosure vulnerability. This is a follow up discussing additional attack vectors not previously disclosed in the prior advisory.

tags | exploit, remote, root, code execution, xss, info disclosure
SHA-256 | e86c9969d013c35f87d327a8f236b5f675e69ae24e898f23a4e957c0d77bf3ad
PayPal JDWP Remote Code Execution
Posted Apr 28, 2015
Authored by Vulnerability Laboratory, Milan A Solanki | Site vulnerability-lab.com

PayPal's Marketing web service suffered from a remote code execution vulnerability due to running a JDWP server.

tags | exploit, remote, web, code execution
SHA-256 | 9853c32d02d8c001fa92b9d3e97eabbcee48dfa8b41649e9b38b8311a72758ca
SonicWall SonicOS / 6.x Cross Site Scripting
Posted Apr 28, 2015
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

SonicWall SonicOS versions and 6.x suffer from a client-side cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 677993c8c06c4decc97efbcbd2bfa770f60f4cac9d6303c6d4ea13229d44530c
0d1n 2.0
Posted Apr 28, 2015
Authored by Cooler

0d1n is a web security tool for fuzzing various HTTP payloads. It's written in C and uses libcurl.

tags | tool, web, scanner
systems | unix
SHA-256 | 49e38de1db9e9f03ddeec16c1bc11195386ae16797980880868f9d8880ab2dec
InFocus IN3128HD Projector Missing Authentication
Posted Apr 28, 2015
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.

tags | exploit, web, cgi
advisories | CVE-2014-8383, CVE-2014-8384
SHA-256 | 43fb2590b9fc435e2c9ebe21968f5729e87d0846d203db8e44a8e274d09e864c
Mandriva Linux Security Advisory 2015-212
Posted Apr 28, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.

tags | advisory, java, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488
SHA-256 | 5d632c802729d6afa088371dd777ff906d4a5f0bfbcccd4d11559d46754410c2
DAWIN - Distributed Audit and Wireless Intrustion Notification 2.0
Posted Apr 28, 2015
Authored by Mark Osborne | Site loud-fat-bloke.co.uk

DA-WIN, a wireless IDS, provides an organization a continuous wireless scanning capability that is light touch and simple. It utilizes compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance. This archive includes a dd image to be used on a Raspberry Pi and a user manual.

Changes: Bug fixes.
tags | tool, wireless
systems | unix
SHA-256 | eec29a64f031854e639f5edda7e65d034b41f755867195fb575def106ccf5112
ProjectSend r561 CSRF / XSS / Shell Upload
Posted Apr 28, 2015

ProjectSend version r561 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
SHA-256 | 29d896ac590fb902688a8def54fd8f901bc1d97ee250f682f184d6620674de0e
WordPress Exquisite Ultimate Newspaper 1.3.3 Cross Site Scripting
Posted Apr 28, 2015
Authored by Osama Mahmood

WordPress Exquisite Ultimate Newspaper theme version 1.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5638e9618253bdbda4e9cb5c3397585b53f03bbb25f90ea69aec66e823644843
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By