accept no compromises
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-05-06

Alienvault OSSIM/USM 4.x / 5.0 XSS / SQL Injection / Command Execution
Posted May 6, 2015
Authored by Peter Lapp

Alienvault OSSIM/USM versions 4.14, 4.15, and 5.0 suffer from cross site scripting, remote command execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 57e914de65639d6878725cc1299eed13
WordPress eShop 6.3.11 Code Execution
Posted May 6, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered a security vulnerability in the eShop WordPress Plugin, which can be exploited by remote attackers to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input in the "eshopcart" HTTP cookie. Successful exploitation of this vulnerability may potentially result in arbitrary PHP code execution.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2015-3421
MD5 | 386a23d655ce35054311d1cf158ceaba
F5 BIG-IP ASM 11.4.1 Filter Bypass
Posted May 6, 2015
Authored by Peter Lapp

The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it's possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. Versions 11.4.0 and 11.4.1 are confirmed vulnerable.

tags | exploit, web, bypass
MD5 | 0762bab60486e019464868fe5ec0ea00
BIG-IQ 0.0.7028 Information Disclosure
Posted May 6, 2015
Authored by Juan Pablo Lopez Yacubian

BIG-IQ version 0.0.7028 appears to disclose user passwords that are encrypted via an insecure direct object reference vulnerability and allows for user enumeration.

tags | exploit, info disclosure
MD5 | b81bb5b442a783b6f896d6db1d8d69a0
Red Hat Security Advisory 2015-0938-01
Posted May 6, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0938-01 - OpenStack Image Service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2014-9684, CVE-2015-1881
MD5 | 15cbe0f3494e1f8913b306f37f74177f
Ubuntu Security Notice USN-2597-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2597-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | 432b2443f6ed59483625c7ac992e930e
Ubuntu Security Notice USN-2598-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2598-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | a41201494f4cb831b8e6cb9faf0379bf
Ubuntu Security Notice USN-2599-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2599-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | 4cd2c4bf1dbbf55b4fad61c09a042db6
Ubuntu Security Notice USN-2600-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2600-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | 23fdd48fba559d7af562f062c22f1820
Ubuntu Security Notice USN-2596-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2596-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | 5910e7401b491350110bf1c391bacb1f
Ubuntu Security Notice USN-2601-1
Posted May 6, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2601-1 - A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3339
MD5 | a3fa56be77f1097fa369da94c6dcfa63
Mandriva Linux Security Advisory 2015-230
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-3455
MD5 | 1c4f0749c08e03a358035c5565e7e8ec
Mandriva Linux Security Advisory 2015-229
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, mandriva
MD5 | a58124f4a4af8a666aaca978bb9ec8e4
Mandriva Linux Security Advisory 2015-228
Posted May 6, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-0278
MD5 | e394181f998cc281e3bb5ddcd965b13d
Apache Tomcat Connection Swallow Denial Of Service
Posted May 6, 2015
Authored by AntBean | Site tomcat.apache.org

When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat would swallow. This permitted a limited denial of service as Tomcat would never close the connection and a processing thread would remain allocated to the connection. Versions affected include Apache Tomcat 8.0.0-RC1 to 8.0.8, 7.0.0 to 7.0.54, and 6.0.0 to 6.0.43.

tags | advisory, denial of service
advisories | CVE-2014-0230
MD5 | 4a7171b13ca39707a14584592fdce87d
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close