exploit the possibilities
Showing 1 - 21 of 21 RSS Feed

Files Date: 2015-06-30

Debian Security Advisory 3297-1
Posted Jun 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3297-1 - It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options::* apt configuration.

tags | advisory
systems | linux, debian
advisories | CVE-2015-1330
MD5 | e1bfb9fcd342c13c223348d603eef16f
Ubuntu Security Notice USN-2657-1
Posted Jun 30, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2657-1 - It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-1330
MD5 | 76e72a1b0c27e889bc1a783ed6a95ea6
Red Hat Security Advisory 2015-1196-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1196-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
MD5 | da2c72b9bf1a0022408352489e8bf31f
Red Hat Security Advisory 2015-1195-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1195-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
MD5 | bd12f3c7b235bd69d7892745677126ab
Red Hat Security Advisory 2015-1193-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1193-01 - Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. All xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-0252
MD5 | 3293c14d90ad49b393c4a730c4af033a
Red Hat Security Advisory 2015-1194-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1194-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
MD5 | 6eb214026b61f80501e00fbbc2c8e097
Watchguard XCS 10.0 SQL Injection / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affected.

tags | exploit, root, vulnerability, sql injection
MD5 | bf1ede087fd8f52948510e55bd983d5f
CollabNet Subversion Edge Management CSRF
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, csrf
MD5 | e640532a8d83b358bb72ef463752a6fd
WedgeOS 4.0.4 Arbitrary File Read / Command Execution
Posted Jun 30, 2015
Authored by Daniel Jensen | Site security-assessment.com

Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are affected.

tags | exploit, web, arbitrary, root, vulnerability
MD5 | 882345aa8830eb0a40e7ff9fad972596
CollabNet Subversion Edge Management Tail LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | de79560bb10501b5f5f80a0fc253ef0d
CollabNet Subversion Edge Management Missing Password Check
Posted Jun 30, 2015
Authored by otr

The management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 5c5e945bd6fbe7ee2639d7b62c44fe62
NetIQ Access Manager 4.0 SP1 XXE Injection
Posted Jun 30, 2015
Authored by MustLive

NetIQ Access Manager is vulnerable to XXE injection attacks.

tags | exploit, xxe
MD5 | 244ecf8afc4e2725270516949ce27840
CollabNet Subversion Edge Management Unsalted Hashes
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 9a5e0db63c6beb06a1d43e2b2f544a7d
CollabNet Subversion Edge Management Multiple Logins
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, web
MD5 | ffbdfb8c5b73603f5cbf7e21cddc1c3e
Courier Heap Overflow / Out Of Bounds Read Access
Posted Jun 30, 2015
Authored by Hanno Boeck | Site hboeck.de

Courier mail server versions before 0.75 suffer from out of bounds read access and heap overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | c1c0df32acb8ba606085012203b1f8be
CollabNet Subversion Edge Management Brute Forcing
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory, cracker
MD5 | 6d046d663fd351c4799bc1ce6833b6d1
CollabNet Subversion Edge Management listViewItem LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | 7f47e2188d22636149146d1903b8f7d6
CollabNet Subversion Edge Management Show LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
MD5 | 19904a841b177e1362881c901a406b4b
CollabNet Subversion Edge Management Clickjacking
Posted Jun 30, 2015
Authored by otr

CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 5fe4e2ca44b7b6f105f4a8570deae178
CollabNet Subversion Edge Management Weak Password Policy
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | c06b2e95c34cfb2a3db30a9d9a407d18
CollabNet Subversion Edge Management Autocomplete Enabled
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.

tags | advisory
MD5 | 0d01d245276d4b4f33ee4051e9fc8c59
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close