exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files Date: 2015-05-04

Packet Fence 5.0.2
Posted May 4, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Updated dates in documentation. Various bug fixes.
tags | tool, remote
systems | unix
SHA-256 | 7fafc8eb383ef490271153bb715196cf84ca55d508120ec56701c0c9f1eee250
OpenSCAP Libraries 1.2.3
Posted May 4, 2015
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Test support added for older schemas. Further improvements to error handling in result datastream API. Various other updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | c15d587e5cdfcef1316536e6ed8ad66fea3e083ac3d3b723b7e54208f63787c7
GNU Transport Layer Security Library 3.3.15
Posted May 4, 2015
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Addressed a flaw that allowed MD5 signatures (which are disabled by default) in the ServerKeyExchange message.
tags | protocol, library
SHA-256 | 8961227852911a1974e15bc017ddbcd4779876c867226d199f06648d8b27ba4b
cryptmount Filesystem Manager 5.1
Posted May 4, 2015
Authored by RW Penney | Site cryptmount.sourceforge.net

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

Changes: Updated to automake-1.14.1. Resolved libgcrypt/libcryptsetup versioning in Debian packaging. Patched rpm build-script to better support redhat/fedora distros.
tags | tool, kernel, encryption
systems | linux, unix
SHA-256 | 48ee2a57f51e22dad2deeadee9d9017d0910503d07aa5163ae3a544b74f5dda0
Novell ZENworks Configuration Management Arbitrary File Upload
Posted May 4, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This Metasploit module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2015-0779
SHA-256 | 15f84d28ce1e05b5772eda5c8a707f10298f591215c96328ff2bf9f777e5ccf4
EMC AutoStart 5.4.3 / 5.5.0 Packet Injection
Posted May 4, 2015
Site emc.com

EMC AutoStart versions 5.4.3 and prior and versions 5.5.0 and prior are vulnerability due to insecure communication between the nodes of AutoStart cluster. By sending a specifically crafted packet to the AutoStart agent (ftagent.exe ) running on the remote system, it is possible to execute arbitrary commands with the highest privilege level of the affected system (NT / Authority System privilege for Windows and root privilege for Linux platforms). Exploitation of this vulnerability requires an attacker to know the Autostart domain name (if no default value is used) and the node list.

tags | advisory, remote, arbitrary, root
systems | linux, windows
advisories | CVE-2015-0538
SHA-256 | 04de1488e7188e34d93b76c00932cb126de5c6652955512c29f3e121de038cec
EMC SourceOne Email Management Account Lockout Policy
Posted May 4, 2015
Site emc.com

EMC SourceOne Email Management versions prior to 7.2 suffer from a security vulnerability that could potentially be exploited by an attacker to launch brute-force attacks and compromise user accounts.

tags | advisory
advisories | CVE-2015-0531
SHA-256 | bd92e74e97f00707ddc80bb1b5ca3f84af937e0ccc1add5b4acb408a50542a7f
Mandriva Linux Security Advisory 2015-223
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-2977, CVE-2014-2978
SHA-256 | 33f9c916530ca890941f6fccdc96e4dbeb7b5985f5aab15f140cab4fe5dbe4e3
Debian Security Advisory 3250-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3250-1 - Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands.

tags | advisory, remote, xss
systems | linux, debian
advisories | CVE-2015-3438, CVE-2015-3439, CVE-2015-3440
SHA-256 | 8a63e1356ff37d5d6050e466480d4500d650c1dedba1a7d91b55c8ca3791bb2f
Mandriva Linux Security Advisory 2015-226
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-6687
SHA-256 | 8bd27a425f3e9aac4bb5ac860eb1d2134cc3f0911a23d97745810cb3f38da793
Mandriva Linux Security Advisory 2015-225
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-4668
SHA-256 | dab516d1e414f9cb5ef007848b5664d9265d2181a6cb393863fc45b55d592f05
Mandriva Linux Security Advisory 2015-224
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.

tags | advisory, ruby
systems | linux, mandriva
advisories | CVE-2015-1855
SHA-256 | 8f1eaae0d6b6451ce731b695400559fec4bcb4584c8945815f9e08b9ac28359c
Ubuntu Security Notice USN-2592-1
Posted May 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2592-1 - Tilmann Haak discovered that XML::LibXML incorrectly handled the expand_entities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-3451
SHA-256 | 458e6fe89eed0be841fc1b8ecf0008b007d76a2bef3cf98a9e49ce1d8c8af239
Ubuntu Security Notice USN-2593-1
Posted May 4, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2593-1 - Nick Sampanis discovered that Dnsmasq incorrectly handled certain malformed DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly obtain sensitive information.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-3294
SHA-256 | 6766c564eb95b2463125fdc6031e6d51c7ee7ff15a0875026be2869fea735ae8
Mandriva Linux Security Advisory 2015-222
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2015-3310
SHA-256 | 4e085093ca161e2b689a0a77dae2503ae73bb1694acd5b6641e49b4db900aa5e
Mandriva Linux Security Advisory 2015-221
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2305, CVE-2015-2668
SHA-256 | e322e06f43ce0d7c2f6ff9248baf4ff490a69065559e8c997ac146c3ea83af0c
Debian Security Advisory 3249-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3249-1 - Shadowman131 discovered that jqueryui, a JavaScript UI library for dynamic web applications, failed to properly sanitize its "title" option. This would allow a remote attacker to inject arbitrary code through cross-site scripting.

tags | advisory, remote, web, arbitrary, javascript, xss
systems | linux, debian
advisories | CVE-2010-5312
SHA-256 | 73621fcbf22d1908f89e9d5877cc9a438c5e3f23c53d8833898194d5ba25001b
Mandriva Linux Security Advisory 2015-219
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2015-3143, CVE-2015-3145, CVE-2015-3148
SHA-256 | 3e7817fedbdea6c3d2e601a78a7db5288c57b866c77b309240ccba8f424f4ebd
Mandriva Linux Security Advisory 2015-220
Posted May 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2015-3143, CVE-2015-3148
SHA-256 | 93a94eb337b5044eb63909ac1ea0b6b115dc511b796cc311be4d8059f0680a12
Debian Security Advisory 3248-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3248-1 - It was discovered that missing input saniting in Snoopy, a PHP class that simulates a web browser may result in the execution of arbitrary commands.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2014-5008
SHA-256 | b56d246413f7561d616f3aa4062194a2ba89ec8bd0cf5b1fc0c6491c2c65cc1a
Debian Security Advisory 3247-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3247-1 - It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

tags | advisory, remote, ruby
systems | linux, debian
advisories | CVE-2015-1855
SHA-256 | 29cf3ef489cfdd5de99dc7f08054b71b5c3941f595f6df2628145ca521b30bd8
Debian Security Advisory 3246-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3246-1 - It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

tags | advisory, remote, ruby
systems | linux, debian
advisories | CVE-2015-1855
SHA-256 | 67b79659a830da060b29a81b3185782a4dca46b2a224294c3dbad70e33edd1e5
Debian Security Advisory 3245-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3245-1 - It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.

tags | advisory, remote, ruby
systems | linux, debian
advisories | CVE-2015-1855
SHA-256 | f36e3631ebe9c1655e213027494dd4f36e687941e8cc8dd948315e8c65789061
Debian Security Advisory 3244-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3244-1 - Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2015-3011, CVE-2015-3012, CVE-2015-3013
SHA-256 | c48f4da91c626adbdf463cc9a563ebb5fb15d2e0f65687670230eb17c7d9d7ca
Debian Security Advisory 3243-1
Posted May 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3243-1 - Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface to the libxml2 library, did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2015-3451
SHA-256 | d4a75e72b8eb10cf469d80e08b6cc4baf75113761ac80b4bf322fcfea8d988b6
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close