Exploit the possiblities
Showing 1 - 25 of 33 RSS Feed

Files Date: 2015-05-04

Packet Fence 5.0.2
Posted May 4, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Updated dates in documentation. Various bug fixes.
tags | tool, remote
systems | unix
MD5 | a579286dc01bbffc6cf79f6b5ee0a4de
OpenSCAP Libraries 1.2.3
Posted May 4, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Test support added for older schemas. Further improvements to error handling in result datastream API. Various other updates and improvements.
tags | protocol, library
systems | unix
MD5 | 2b0ba1f934f363e973cdafd8a8a52099
GNU Transport Layer Security Library 3.3.15
Posted May 4, 2015
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Addressed a flaw that allowed MD5 signatures (which are disabled by default) in the ServerKeyExchange message.
tags | protocol, library
MD5 | 03b7e282a0888a8f7620ece83d7853c6
cryptmount Filesystem Manager 5.1
Posted May 4, 2015
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Updated to automake-1.14.1. Resolved libgcrypt/libcryptsetup versioning in Debian packaging. Patched rpm build-script to better support redhat/fedora distros.
tags | tool, kernel, encryption
systems | linux, unix
MD5 | a5425a3e520c5ec89dca84868e25db24
Novell ZENworks Configuration Management Arbitrary File Upload
Posted May 4, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This Metasploit module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2015-0779
MD5 | 9f1e5f88703c300444953863de021257
EMC AutoStart 5.4.3 / 5.5.0 Packet Injection
Posted May 4, 2015
Site emc.com

EMC AutoStart versions 5.4.3 and prior and versions 5.5.0 and prior are vulnerability due to insecure communication between the nodes of AutoStart cluster. By sending a specifically crafted packet to the AutoStart agent (ftagent.exe ) running on the remote system, it is possible to execute arbitrary commands with the highest privilege level of the affected system (NT / Authority System privilege for Windows and root privilege for Linux platforms). Exploitation of this vulnerability requires an attacker to know the Autostart domain name (if no default value is used) and the node list.

tags | advisory, remote, arbitrary, root
systems | linux, windows
advisories | CVE-2015-0538
MD5 | e0de7586a34522bd6abe83e107420b17
EMC SourceOne Email Management Account Lockout Policy
Posted May 4, 2015
Site emc.com

EMC SourceOne Email Management versions prior to 7.2 suffer from a security vulnerability that could potentially be exploited by an attacker to launch brute-force attacks and compromise user accounts.

tags | advisory
advisories | CVE-2015-0531
MD5 | 7eb9dfb110448d46342c16695faf5e15
Mandriva Linux Security Advisory 2015-223
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2977, CVE-2014-2978
MD5 | a37522315ce750b13173ef9d73766c1d
Debian Security Advisory 3250-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3250-1 - Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands.

tags | advisory, remote, xss
systems | linux, debian
advisories | CVE-2015-3438, CVE-2015-3439, CVE-2015-3440
MD5 | ddffad153b229e87446df2c6493b1ae7
Mandriva Linux Security Advisory 2015-226
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6687
MD5 | 0742dd854062dbb08df8740b50514981
Mandriva Linux Security Advisory 2015-225
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-4668
MD5 | f9bc93b2fe29259cd75a9bc608964350
Mandriva Linux Security Advisory 2015-224
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.

tags | advisory, ruby
systems | linux, mandriva
advisories | CVE-2015-1855
MD5 | 57d2a84f4452bfe7971688d54ce2ef90
Ubuntu Security Notice USN-2592-1
Posted May 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2592-1 - Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-3451
MD5 | bc9f0043b1201819302fcd661cabebfa
Ubuntu Security Notice USN-2593-1
Posted May 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2593-1 - Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-3294
MD5 | 78698ab9d187343c2e3a18dbbffcb09f
Mandriva Linux Security Advisory 2015-222
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-3310
MD5 | 4f3c6b11c667b7b9858a47fee401d089
Mandriva Linux Security Advisory 2015-221
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2305, CVE-2015-2668
MD5 | 0b0b3262b09d3f9545bfa01e8656a924
Debian Security Advisory 3249-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3249-1 - Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

tags | advisory, remote, web, arbitrary, javascript, xss
systems | linux, debian
advisories | CVE-2010-5312
MD5 | 0c7b6e47c75b967c9ba918f7ad015675
Mandriva Linux Security Advisory 2015-219
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2015-3143, CVE-2015-3145, CVE-2015-3148
MD5 | 2fff63bea5ae2d4a41cbe1d440a1d934
Mandriva Linux Security Advisory 2015-220
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2015-3143, CVE-2015-3148
MD5 | 5b7f204d6c9dd544b7bfaf8c9d5651db
Debian Security Advisory 3248-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3248-1 - It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2014-5008
MD5 | 04fded860d0f6d67f3e746a758973f5f
Debian Security Advisory 3247-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3247-1 - It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

tags | advisory, remote, ruby
systems | linux, debian
advisories | CVE-2015-1855
MD5 | 1296b427abc14393dd425d2e45884bae
Debian Security Advisory 3246-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3246-1 - It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

tags | advisory, remote, ruby
systems | linux, debian
advisories | CVE-2015-1855
MD5 | bec93a6e3dc06f1b42407bbce2db0123
Debian Security Advisory 3245-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3245-1 - It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

tags | advisory, remote, ruby
systems | linux, debian
advisories | CVE-2015-1855
MD5 | ce921e8e6336c0009a59c9e120f9b2b3
Debian Security Advisory 3244-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3244-1 - Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-3011, CVE-2015-3012, CVE-2015-3013
MD5 | 2e14cc3b36a2c5affafb3bcb6f744fd3
Debian Security Advisory 3243-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3243-1 - Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2015-3451
MD5 | 50b79c25221ac98dac0acd6439f22999
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close