what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-05-06

Alienvault OSSIM/USM 4.x / 5.0 XSS / SQL Injection / Command Execution
Posted May 6, 2015
Authored by Peter Lapp

Alienvault OSSIM/USM versions 4.14, 4.15, and 5.0 suffer from cross site scripting, remote command execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 05fedd0172a711f1b3ebccf206431da754dbc59c1c66baabdd88b6a813ba1830
WordPress eShop 6.3.11 Code Execution
Posted May 6, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered a security vulnerability in the eShop WordPress Plugin, which can be exploited by remote attackers to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input in the "eshopcart" HTTP cookie. Successful exploitation of this vulnerability may potentially result in arbitrary PHP code execution.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2015-3421
SHA-256 | b646ba90f83bf6fbf8ded5692dab800ca1dad5f780ce50ab36b9848e60d3f6b3
F5 BIG-IP ASM 11.4.1 Filter Bypass
Posted May 6, 2015
Authored by Peter Lapp

The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it's possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. Versions 11.4.0 and 11.4.1 are confirmed vulnerable.

tags | exploit, web, bypass
SHA-256 | e6abe385fd18e2857c231bede6a8524e4d82cb8ad1197e2ab340759994fa7bad
BIG-IQ 0.0.7028 Information Disclosure
Posted May 6, 2015
Authored by Juan Pablo Lopez Yacubian

BIG-IQ version 0.0.7028 appears to disclose user passwords that are encrypted via an insecure direct object reference vulnerability and allows for user enumeration.

tags | exploit, info disclosure
SHA-256 | 618c281cd293dfb71e842366efeeddc1f0dae18a8875e74149d2084d9cb32a1e
Red Hat Security Advisory 2015-0938-01
Posted May 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0938-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-9684, CVE-2015-1881
SHA-256 | 8a77633d2a9686392c1ed9f581eaf3034f9af7f313fa11debbbc9aa4392cf265
Ubuntu Security Notice USN-2597-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2597-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | d0d7003df0fa18a33c041a905a2eb7307545321e7ce264bdbf46257709a12e9f
Ubuntu Security Notice USN-2598-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2598-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | e41f6861fc4c07d2bad2dfcf84d484a9a576146c997ba65cbe9ee9c9acd1e098
Ubuntu Security Notice USN-2599-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2599-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | 6e56b2dfa07edb41e3e53ee72342001afc9de03ee9f8ff0f76eabcd893419061
Ubuntu Security Notice USN-2600-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2600-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | d731cce6bc09a061bbadd1c28873361734801228cf24f5a6bb1a21c5e6f15c72
Ubuntu Security Notice USN-2596-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2596-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | 37299381b0e088a96de6a9d501af846fd4675f99e223f4ff472b3d021bdfcfce
Ubuntu Security Notice USN-2601-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2601-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
SHA-256 | 4ff1b0a01f949177c8dc9a413b02118d7bb0c37bb6667b10b5966fe2847e0ffc
Mandriva Linux Security Advisory 2015-230
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-3455
SHA-256 | c14ef8d66d6ecdb79a742a0b4b5f418c690959ebf030b5cf3dcf631856a76361
Mandriva Linux Security Advisory 2015-229
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, mandriva
SHA-256 | b95ad09280de8c60ea8404a7c7fd41ee72aad044ca4c4cd46cdf6f916c05b0eb
Mandriva Linux Security Advisory 2015-228
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-0278
SHA-256 | 9493e9bfb065d44360ce1b5e261bc87ab3e33d151d072f83b0fd746027a63318
Apache Tomcat Connection Swallow Denial Of Service
Posted May 6, 2015
Authored by AntBean | Site tomcat.apache.org

When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat would swallow. This permitted a limited denial of service as Tomcat would never close the connection and a processing thread would remain allocated to the connection. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.8, 7.0.0 to 7.0.54, and 6.0.0 to 6.0.43.

tags | advisory, denial of service
advisories | CVE-2014-0230
SHA-256 | 1ad1eefef30402ac2fe3a0012efc3d875f14db6ddf39ce0f35dd36949d4a85ea
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    0 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close