what you don't know can hurt you
Showing 1 - 22 of 22 RSS Feed

Files Date: 2015-08-12

SAP Mobile Platform DataVault Predictable Encryption Password
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault has a special mechanism to generate a default set of credentials if no password/salt is supplied during the creation of the secure storage. In this mode of operation the password/salt is derived from a combination of fixed values and the VaultID belonging to the secure storage.

tags | advisory
MD5 | ff2349fec99c598aa8be3f9a35f30305
SAP Mobile Platform DataVault Predictable Passwords
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault uses a special password derived from well-known values to encrypt some configuration values like the count of invalid attempts to unlock a secure store. This password is a composition of a value which is available in plaintext form inside the secure store container, and a fixed value. Also, the salt used is fixed. Both values are statically defined by the SAP DataVault implementation, and do not depend neither on the installation nor on the usage of the DataVault.

tags | advisory
MD5 | 3f666485bbcff2dd07a24226957329bf
SAP Mobile Platform DataVault Keystream Recovery
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. Due to an incorrect implementation of the cryptographic algorithms and parameters, it is possible to recover the keystream for the encrypted data. As a result, it is possible to recover part of the plaintext corresponding to an encrypted piece of data thus reverting the encryption process of some values inside the DataVault without needing the original secret key. Furthermore, due to the lack of cryptographic integrity mechanisms in the SAP DataVault an attacker recovering this keystream has the possibility of re-encrypting (or modifying in practical terms) with some limitations, some values previously encrypted inside the DataVault.

tags | advisory
MD5 | 7d6ff8470bc9791fb324c166ec0bdc0d
Microsoft Internet Explorer CTreeNode::GetCascadedLang Use-After-Free
Posted Aug 12, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

Microsoft Internet Explorer 11 is prone to a use-after-free vulnerability in the MSHTML!CTreeNode::GetCascadedLang function. The following analysis was performed on Internet Explorer 11 on Windows 8.1 (x64). If an attacker succeeds in bypassing the Memory Protector and Isolated Heap protection mechanisms this vulnerability allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2015-2444
MD5 | 97915053ff2623f101172e2eed36eb8e
PHPfileNavigator 2.3.3 Cross Site Scripting
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHPfileNavigator version 2.3.3 suffers from persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 00ab61424c45dc36184c05480e6dbf51
Coppermine Photo Gallery 1.5.36 Cross Site Scripting
Posted Aug 12, 2015
Authored by Ehsan Hosseini

Coppermine Photo Gallery version 1.5.36 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 10759ae0e05d9c2c1c584d8b4c111f9f
BizIdea Design CMS 2015Q3 SQL Injection
Posted Aug 12, 2015
Authored by Wild Soldier | Site vulnerability-lab.com

BizIdea Design CMS 2015Q3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 21e16d3adad43e5252f1fdf42c0413c6
PHPfileNavigator 2.3.3 Cross Site Request Forgery
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHPfileNavigator version 2.3.3 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | b04c748922c13db6379f984e6b507911
phpipam 1.1.010 Cross Site Scripting
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

phpipam version 1.1.010 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6529
MD5 | 5210fc348887d9968410c5bcf224f6e9
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
Posted Aug 12, 2015
Authored by Ramon de C Valle | Site metasploit.com

This Metasploit module exploits an incomplete internal state distinction in Java Secure Socket Extension (JSSE) by impersonating the server and finishing the handshake before the peers have authenticated themselves and instantiated negotiated security parameters, resulting in a plaintext SSL/TLS session with the client. This plaintext SSL/TLS session is then proxied to the server using a second SSL/TLS session from the proxy to the server (or an alternate fake server) allowing the session to continue normally and plaintext application data transmitted between the peers to be saved. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, java
advisories | CVE-2014-6593
MD5 | 33e7ee64240cb6f6f786adb319224727
WiFi Pineapple Predictable CSRF Token
Posted Aug 12, 2015
Authored by catatonicprime

WiFi Pineapples with firmware versions 2.3.0 and below suffer from using a predictable cross site request forgery token.

tags | exploit, csrf
advisories | CVE-2015-4624
MD5 | 496db4b3ef740c44df957c4fc2104e68
Thomson Reuters FATCA Local File Inclusion
Posted Aug 12, 2015
Authored by Jakub Palaczynski

Thomson Reuters FATCA versions below 5.2 suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-5952
MD5 | e2cf9765fa566c4a759132b196a4831b
Debian Security Advisory 3332-1
Posted Aug 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3332-1 - Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-2213, CVE-2015-5622, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732, CVE-2015-5734
MD5 | e79426d8ad93e4143adab8eb7748b051
Debian Security Advisory 3333-1
Posted Aug 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3333-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-4473, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4484, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492, CVE-2015-4493
MD5 | 89554b17d7dbf95275b378105e1e962c
Red Hat Security Advisory 2015-1604-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1604-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
MD5 | 7ceb18bf85962e51ee6e0ac12bde773a
Debian Security Advisory 3334-1
Posted Aug 12, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3334-1 - Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName (DN) entries leads to double free. A remote attacker can take advantage of this flaw by creating a specially crafted certificate that, when processed by an application compiled against GnuTLS, could cause the application to crash resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
MD5 | 6103d9353a69ff9c041d184e0902bad8
Red Hat Security Advisory 2015-1603-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1603-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560
MD5 | 9f9bc1791143ec9e39c80cdd5516dd5d
Red Hat Security Advisory 2015-1592-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1592-01 - It was discovered that, in Foreman, the edit_users permission (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permission could use this flaw to access an admin user account, leading to an escalation of privileges. It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie. Various other issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235
MD5 | b99641824299b8a99c8d55804a79cea1
Red Hat Security Advisory 2015-1591-01
Posted Aug 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1591-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating environments. This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7. It was discovered that in Foreman the edit_users permissions allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235
MD5 | 86feb60fd233827d83b1a605b4099bf6
PHPfileNavigator 2.3.3 Privilege Escalation
Posted Aug 12, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

PHPfileNavigator version 2.3.3 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 8c56750e92f88912aaf014d531ae7088
Linux x86 /bin/sh ROL/ROR Encoded Shellcode
Posted Aug 12, 2015
Authored by Anastasios Monachos

Custom Linux/x86 shellcode encoder/decoder that switches between ROL and ROR and spawns a /bin/sh shell using execve.

tags | shell, x86, shellcode
systems | linux
MD5 | 4f82e57ba662b47beb97ff66b77d4b79
WordPress OAuth2 Complete 3.1.3 Insecure Random
Posted Aug 12, 2015
Authored by Tom Adams

OAuth Complete for WordPress version 3.1.3 uses a pseudorandom number generator which is non-cryptographically secure.

tags | advisory
MD5 | 8f4a9b572a17eca06b693007b573ad5b
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close