Exploit the possiblities
Showing 1 - 25 of 42 RSS Feed

Files Date: 2015-07-22

Lynis Auditing Tool 2.1.1
Posted Jul 22, 2015
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: This release adds a lot of improvements, with focus on performance, and additional support for common Linux distributions and external utilities.
tags | tool, scanner
systems | unix
MD5 | 76b18f8d71deab739809a992aaed5cfb
WordPress Paid Memberships Pro 1.8.4.2 Cross Site Scripting
Posted Jul 22, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-5532
MD5 | 0e3b3a4843d70df2ab8ee0af9b9e1841
WordPress Count Per Day 3.4 SQL Injection
Posted Jul 22, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-5533
MD5 | eb07c612771c884130d114faf98f5175
EMC Avamar Directory Traversal
Posted Jul 22, 2015
Site emc.com

EMC Avamar includes a directory traversal vulnerability that could potentially be exploited by malicious users to access the data on the Avamar Server. Affected products include EMC Avamar Server all versions from 7.0 to 7.1.1-145 (inclusive) and EMC Avamar Virtual Addition (AVE) all versions from 7.0 to 7.1.1-145 (inclusive).

tags | advisory
advisories | CVE-2015-4527
MD5 | b9e98e1ae94397ea130fb0cd873ef796
Xceedium Xsuite Command Injection / XSS / Traversal / Escalation
Posted Jul 22, 2015
Authored by Martin Schobert

Xceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-4664, CVE-2015-4669
MD5 | 346aecd1595f8e62ef4f8f53d8f9e1fc
NetCracker Resource Management System 8.0 SQL Injection
Posted Jul 22, 2015
Authored by Chia Junyuan, Benjamin Tan, Foo Jong Meng

NetCracker Resource Management System versions 8.0 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2015-3423
MD5 | d60cdc7184fbd94a8f5dc0dbaa3f2e04
NetCracker Resource Management System 8.0 Cross Site Scripting
Posted Jul 22, 2015
Authored by Chia Junyuan, Benjamin Tan, Foo Jong Meng

NetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-2207
MD5 | 94566f7e9a7eb84de0678455ddd718ba
Microsoft Security Bulletin Revision Increment For July, 2015
Posted Jul 22, 2015
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment for July, 2015.

tags | advisory
MD5 | d3452f5daff6b0d0b22264961317c10b
Cisco Security Advisory 20150722-tftp
Posted Jul 22, 2015
Site cisco.com

cisco-sa-2015722-tftp.txt - A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The TFTP server feature is not enabled by default. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | 07407881652f1fa1a172e33d27ce5be1
Red Hat Security Advisory 2015-1485-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1485-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | b9fa410277ac43f5894ff93a4c831223
Red Hat Security Advisory 2015-1486-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1486-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | 1300074d513907646b098a7ee5af125b
Open Web Analytics 1.5.7 XSS / Password Disclosure / Crypto Weakness
Posted Jul 22, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
MD5 | 5d4e7717e15643abb13c537ee661edc6
FreeBSD Security Advisory - Resource Exhaustion
Posted Jul 22, 2015
Authored by Jonathan Looney, Lawrence Stewart | Site security.freebsd.org

FreeBSD Security Advisory - TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets.

tags | advisory, tcp, protocol
systems | freebsd
advisories | CVE-2015-5358
MD5 | 0d608aa586db4fcb9ecb0d706aca3e35
Red Hat Security Advisory 2015-1344-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1344-01 - The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. Note: This issue has been fixed by adding the "AUTOFS_" prefix to the affected environment variables so that they are not used to subvert the system. A configuration option to override this prefix and to use the environment variables without the prefix has been added. In addition, warnings have been added to the manual page and to the installed configuration file. Now, by default the standard variables of the program map are provided only with the prefix added to its name.

tags | advisory, local, python
systems | linux, redhat
advisories | CVE-2014-8169
MD5 | 7236dae44750e8e05643a9b4352889db
Red Hat Security Advisory 2015-1385-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1385-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.

tags | advisory, denial of service, perl, protocol
systems | linux, redhat
advisories | CVE-2014-3565
MD5 | 0084b4ac2ab29670ada2d2d3f89c7ae2
Red Hat Security Advisory 2015-1287-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1287-01 - FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. The freeradius packages have been upgraded to upstream version 2.2.6, which provides a number of bug fixes and enhancements over the previous version.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2014-2015
MD5 | cca7d8d408d5ca50953e0971be608bbf
Red Hat Security Advisory 2015-1347-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1347-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting attack against victims using the Certificate System's web interface.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2012-2662
MD5 | c74b2289e29a00b3db8be282f1fbb713
Red Hat Security Advisory 2015-1320-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1320-01 - The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the reported events. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2014-4038, CVE-2014-4039
MD5 | a9bad84b1b0f2bf6c05d808f74a05ea8
Cisco Security Advisory 20150722-mp
Posted Jul 22, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an unauthenticated remote, attacker to change the passwords of arbitrary users. The vulnerability is due to the following: Users are not required to enter the previous password during a password change request. HTTP session functionality does not validate the session ID in the HTTP request for the password change request. An attacker could exploit this vulnerability via a crafted HTTP request and change arbitrary user passwords to gain access to the application. A successful exploit could allow the attacker to use the reset credentials to gain full control of the application. Cisco has released software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.

tags | advisory, remote, web, arbitrary
systems | cisco
MD5 | 6c8c18a489c85e87a238c2dbbcd41c75
Cisco Security Advisory 20150722-apic
Posted Jul 22, 2015
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC filesystem. An attacker could exploit this vulnerability by accessing the cluster management configuration of the APIC. An exploit could allow the attacker to gain access to the APIC as the root user and perform root-level commands. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, root
systems | cisco
MD5 | 2fd91bd76bac5b773771fa2c75516b48
Red Hat Security Advisory 2015-1254-02
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1254-02 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148
MD5 | cb6281b7e14fadf6282e76e6b6a673e3
Ubuntu Security Notice USN-2676-1
Posted Jul 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2676-1 - It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. Tuomas discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-6410, CVE-2013-7441, CVE-2015-0847
MD5 | 196d5ee27824deba37f870cc4ea0bfb2
Gentoo Linux Security Advisory 201507-21
Posted Jul 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-21 - Multiple vulnerabilities have been found in libXfont, the worst of which could result in execution of arbitrary code or Denial of Service. Versions less than 1.5.1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-1802, CVE-2015-1803, CVE-2015-1804
MD5 | 169a4560c8ac3615c8b5428ed44b4ba3
Ubuntu Security Notice USN-2675-1
Posted Jul 22, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2675-1 - Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux. Various other issues were also addressed.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2015-1331, CVE-2015-1334
MD5 | 2c061a1738e56352c5f08a3508735a47
Red Hat Security Advisory 2015-1471-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1471-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-4620
MD5 | f89fb052c38221bd218cf61f9d1db6a3
Page 1 of 2
Back12Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close